XmlSecureResolver Class

Helps to secure another implementation of XmlResolver by wrapping the XmlResolver object and restricting the resources that the underlying XmlResolver has access to.

Namespace:  System.Xml
Assembly:  System.Xml (in System.Xml.dll)

<PermissionSetAttribute(SecurityAction.InheritanceDemand, Name := "FullTrust")> _
Public Class XmlSecureResolver _
	Inherits XmlResolver
Dim instance As XmlSecureResolver

XmlSecureResolver wraps around a concrete implementation of XmlResolver and restricts the resources that the underlying XmlResolver has access to. For instance, XmlSecureResolver has the ability to prohibit cross-domain redirection, which occurs from an embedded Uniform Resource Identifier (URI) reference.

When you construct an XmlSecureResolver object, you provide a valid XmlResolver implementation along with a URL, an instance of System.Security.Policy.Evidence, or a System.Security.PermissionSet, which is used by the XmlSecureResolver to determine security. Either a System.Security.PermissionSet is generated or the existing one is used and PermissionSet.PermitOnly is called on it to help secure the underlying XmlResolver.

Security noteSecurity Note:

XmlSecureResolver objects can contain sensitive information such as user credentials. You should be careful when caching XmlSecureResolver objects and should not pass the XmlSecureResolver object to an untrusted component.

Important noteImportant Note:

There are differences in the security infrastructure for code running on the .NET Framework common language runtime (CLR) and for code running on the CLR that is integrated within Microsoft SQL Server 2005. This can lead to cases where code developed for the .NET Framework CLR operates differently when used on the SQL Server integrated CLR. One of these differences affects the XmlSecureResolver class when you have evidence that is based on a URL (This can occur when you use the CreateEvidenceForUrl method or the XmlSecureResolver(XmlResolver, String) constructor). The policy resolution mechanism of the SQL Server integrated CLR does not utilize the Url or Zone information. Instead, the SQL Server integrated CLR grants permissions based on the GUID that the server adds when assemblies are loaded. When you use the XmlSecureResolver in the SQL Server integrated CLR, provide any required evidence directly using a specified PermissionSet.

Notes to Inheritors:

This class has an inheritance demand. Full trust is required to inherit from the XmlSecureResolver class. See Inheritance Demands for more information.


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft