Resolves external XML resources named by a Uniform Resource Identifier (URI).
Assembly: System.Xml (in System.Xml.dll)
Thetype exposes the following members.
|Equals(Object)||Determines whether the specified object is equal to the current object. (Inherited from Object.)|
|Finalize||Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)|
|GetEntity||When overridden in a derived class, maps a URI to an object that contains the actual resource.|
|GetEntityAsync||Asynchronously maps a URI to an object that contains the actual resource.|
|GetHashCode||Serves as the default hash function. (Inherited from Object.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|MemberwiseClone||Creates a shallow copy of the current Object. (Inherited from Object.)|
|ResolveUri||When overridden in a derived class, resolves the absolute URI from the base and relative URIs.|
|SupportsType||Enables the resolver to return types other than System.IO.Stream.|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
The type is used to resolve external XML resources, such as entities, document type definitions (DTDs), or schemas. It is also used to process include and import elements found in Extensible Stylesheet Language (XSL) style sheets or XML Schema definition language (XSD) schemas.
handles all aspects of negotiating the connection to the resources, including handling security credentials, opening the connection to the data source, and returning the resource in the form of a stream or other object type. The object that calls has the task of interpreting the stream.
The System.Xml namespace includes two concrete implementations of the class:
XmlUrlResolver is the default resolver for all classes in the System.Xml namespace. It supports the file:// and http:// protocols and requests from the System.Net.WebRequest class. For examples of extending the class to improve performance, see the XmlUrlResolver reference page.
XmlSecureResolver helps secure another object by wrapping the object object and restricting the resources that it can access. For example, the XmlSecureResolver can prohibit access to specific Internet sites or zones.
You can create and specify your own resolver. If you don't specify a resolver, the reader uses a default XmlUrlResolver with no user credentials.
If the resource is stored on a system that requires authentication, you use the XmlResolver.Credentials property to specify the necessary credentials.
Supplying authentication credentials
The file that contains the XML data to read may have a restricted access policy. If authentication is required to access a network resource, use the Credentials property to specify the necessary credentials. If the Credentials property is not set, credentials are set to a null reference (Nothing in Visual Basic).
For example, assume that credentials are needed when requesting data from the web for authentication purposes. Unless the web virtual directory allows anonymous access, you must set the Credentials property to supply credentials. The following example creates an XmlReader object that uses an XmlUrlResolver with default credentials to access the http://localhost/bookstore/inventory.xml site.
You can supply different credentials for different URIs and add them to a cache. These credentials are used to check authentication for the different URIs regardless of the original source of the XML. The following example shows how to add credentials to a cache.
Consider the following items when working with the class.
objects can contain sensitive information such as user credentials. You should be careful when caching objects and should not pass the object to an untrusted component.
If you are designing a class property that uses the class, the property should be defined as a write-only property. The property can be used to specify the to use, but it cannot be used to return an object.
If your application accepts objects from untrusted code, you cannot assume that the URI passed into the GetEntity method will be the same as that returned by the ResolveUri method. Classes derived from the class can override the GetEntity method and return data that is different than what was contained in the original URI.
Your application can mitigate memory denial of service threats to the GetEntity method by implementing an IStream that limits the number of bytes read. This helps guard against situations where malicious code attempts to pass an infinite stream of bytes to the GetEntity method.