XmlSecureResolver Class
Helps to secure another implementation of XmlResolver by wrapping the XmlResolver object and restricting the resources that the underlying XmlResolver has access to.
Assembly: System.Xml (in System.Xml.dll)
The XmlSecureResolver type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | XmlSecureResolver(XmlResolver, PermissionSet) | Initializes a new instance of the XmlSecureResolver class with the XmlResolver and System.Security::PermissionSet specified. |
![]() | XmlSecureResolver(XmlResolver, Evidence) | Initializes a new instance of the XmlSecureResolver class with the XmlResolver and System.Security.Policy::Evidence specified. |
![]() | XmlSecureResolver(XmlResolver, String) | Initializes a new instance of the XmlSecureResolver class with the XmlResolver and URL provided. |
| Name | Description | |
|---|---|---|
![]() | Credentials | Sets credentials used to authenticate Web requests. (Overrides XmlResolver::Credentials.) |
| Name | Description | |
|---|---|---|
![]() ![]() | CreateEvidenceForUrl | Creates System.Security.Policy::Evidence using the supplied URL. |
![]() | Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
![]() | GetEntity | Securely maps a URI to an object containing the actual resource. This method temporarily sets the System.Security::PermissionSet created in the constructor by calling PermissionSet::PermitOnly before calling GetEntity on the underlying XmlResolver to open the resource. (Overrides XmlResolver::GetEntity(Uri, String, Type).) |
![]() | GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() | ResolveUri | Resolves the absolute URI from the base and relative URIs by calling ResolveUri on the underlying XmlResolver. (Overrides XmlResolver::ResolveUri(Uri, String).) |
![]() | SupportsType | This method adds the ability for the resolver to return other types than just Stream. (Inherited from XmlResolver.) |
![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
XmlSecureResolver wraps around a concrete implementation of XmlResolver and restricts the resources that the underlying XmlResolver has access to. For instance, XmlSecureResolver has the ability to prohibit cross-domain redirection, which occurs from an embedded Uniform Resource Identifier (URI) reference.
When you construct an XmlSecureResolver object, you provide a valid XmlResolver implementation along with a URL, an instance of System.Security.Policy::Evidence, or a System.Security::PermissionSet, which is used by the XmlSecureResolver to determine security. Either a System.Security::PermissionSet is generated or the existing one is used and PermissionSet::PermitOnly is called on it to help secure the underlying XmlResolver.
Security Note |
|---|
XmlSecureResolver objects can contain sensitive information such as user credentials. You should be careful when caching XmlSecureResolver objects and should not pass the XmlSecureResolver object to an untrusted component. |
Important |
|---|
There are differences in the security infrastructure for code running on the .NET Framework common language runtime (CLR) and for code running on the CLR that is integrated within Microsoft SQL Server 2005. This can lead to cases where code developed for the .NET Framework CLR operates differently when used on the SQL Server integrated CLR. One of these differences affects the XmlSecureResolver class when you have evidence that is based on a URL (This can occur when you use the CreateEvidenceForUrl method or the XmlSecureResolver(XmlResolver, String) constructor). The policy resolution mechanism of the SQL Server integrated CLR does not utilize the Url or Zone information. Instead, the SQL Server integrated CLR grants permissions based on the GUID that the server adds when assemblies are loaded. When you use the XmlSecureResolver in the SQL Server integrated CLR, provide any required evidence directly using a specified PermissionSet. |
This class has an inheritance demand. Full trust is required to inherit from the XmlSecureResolver class. See Inheritance Demands for more information.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
