System.Xml.XmlSecureResolver Class

Helps to secure another implementation of System.Xml.XmlResolver by wrapping the System.Xml.XmlResolver object and restricting the resources that the underlying System.Xml.XmlResolver has access to.

See Also: XmlSecureResolver Members

Syntax

public class XmlSecureResolver : XmlResolver

Remarks

System.Xml.XmlSecureResolver wraps around a concrete implementation of System.Xml.XmlResolver and restricts the resources that the underlying System.Xml.XmlResolver has access to. For instance, System.Xml.XmlSecureResolver has the ability to prohibit cross-domain redirection, which occurs from an embedded Uniform Resource Identifier (URI) reference.

When you construct an System.Xml.XmlSecureResolver object, you provide a valid System.Xml.XmlResolver implementation along with a URL, an instance of System.Security.Policy.Evidence, or a System.Security.PermissionSet, which is used by the System.Xml.XmlSecureResolver to determine security. Either a System.Security.PermissionSet is generated or the existing one is used and System.Security.PermissionSet.PermitOnly is called on it to help secure the underlying System.Xml.XmlResolver.

Note:

System.Xml.XmlSecureResolver objects can contain sensitive information such as user credentials. You should be careful when caching System.Xml.XmlSecureResolver objects and should not pass the System.Xml.XmlSecureResolver object to an untrusted component.

Note:

There are differences in the security infrastructure for code running on the .NET Framework common language runtime (CLR) and for code running on the CLR that is integrated within Microsoft SQL Server 2005. This can lead to cases where code developed for the .NET Framework CLR operates differently when used on the SQL Server integrated CLR. One of these differences affects the System.Xml.XmlSecureResolver class when you have evidence that is based on a URL (This can occur when you use the XmlSecureResolver.CreateEvidenceForUrl(string) method or the XmlSecureResolver.#ctor(XmlResolver, string) constructor). The policy resolution mechanism of the SQL Server integrated CLR does not utilize the System.Security.Policy.Url or System.Security.Policy.Zone information. Instead, the SQL Server integrated CLR grants permissions based on the GUID that the server adds when assemblies are loaded. When you use the System.Xml.XmlSecureResolver in the SQL Server integrated CLR, provide any required evidence directly using a specified System.Security.PermissionSet.

Requirements

Namespace: System.Xml
Assembly: System.Xml (in System.Xml.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0, 4.0.0.0