//==============================
//
static void Use_PermissionSet()
{
//<snippet4a>
WebPermission myWebPermission = new WebPermission(PermissionState.None);
//</snippet4a>
//<snippet4b>
myWebPermission.AddPermission(NetworkAccess.Connect, "http://www.contoso.com/");
myWebPermission.AddPermission(NetworkAccess.Connect, "http://litwareinc.com/data/");
//</snippet4b>
//<snippet4c>
PermissionSet myPermissions = new PermissionSet(PermissionState.None);
myPermissions.AddPermission(myWebPermission);
//</snippet4c>
//<snippet4d>
XmlSecureResolver myResolver = new XmlSecureResolver(new XmlUrlResolver(), myPermissions);
//</snippet4d>
}
//==============================//
// Load with trusted XSLT settings.
static void XslCompiledTransform_Load8()
{
string UserName = "******";
string SecurelyStoredPassword = "******";
string Domain = "domain";
//<snippet8>
// Create a resolver and specify the necessary credentials.
XmlSecureResolver resolver = new XmlSecureResolver(new XmlUrlResolver(), "http://serverName/data/");
System.Net.NetworkCredential myCred;
myCred = new System.Net.NetworkCredential(UserName, SecurelyStoredPassword, Domain);
resolver.Credentials = myCred;
// Create the XslCompiledTransform object and load the style sheet.
XslCompiledTransform xslt = new XslCompiledTransform();
xslt.Load("http://serverName/data/script.xsl", XsltSettings.TrustedXslt, resolver);
//</snippet8>
}
//==============================//
// Load reader with resolver & settings
static void XslCompiledTransform_Load3()
{
//<snippet3>
// Create the XslCompiledTransform object.
XslCompiledTransform xslt = new XslCompiledTransform();
// Create a resolver and set the credentials to use.
XmlSecureResolver resolver = new XmlSecureResolver(new XmlUrlResolver(), "http://serverName/data/");
resolver.Credentials = CredentialCache.DefaultCredentials;
XmlReader reader = XmlReader.Create("http://serverName/data/xsl/sort.xsl");
// Create the XsltSettings object with script enabled.
XsltSettings settings = new XsltSettings(false, true);
// Load the style sheet.
xslt.Load(reader, settings, resolver);
//</snippet3>
}
// NOTE: To test, replace www.contoso.com w/ the local string
//<snippet1>
public static Object GetFile(String fileURL, XmlResolver resolver)
{
// Generate the default PermissionSet using the file URL.
Evidence evidence = XmlSecureResolver.CreateEvidenceForUrl(fileURL);
PermissionSet myPermissions = SecurityManager.ResolvePolicy(evidence);
// Modify the PermissionSet to only allow access to http://www.contoso.com.
// Create a WebPermission which only allows access to http://www.contoso.com.
WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, "http://www.contoso.com");
// Replace the existing WebPermission in myPermissions with the updated WebPermission.
myPermissions.SetPermission(myWebPermission);
// Use the modified PermissionSet to construct the XmlSecureResolver.
XmlSecureResolver sResolver = new XmlSecureResolver(resolver, myPermissions);
// Get the object.
Uri fullUri = sResolver.ResolveUri(null, fileURL);
return(sResolver.GetEntity(fullUri, null, null));
}
public static void Main()
{
// Create the reader.
XmlTextReader reader = new XmlTextReader("http://myServer/data/books.xml");
// Create a secure resolver with default credentials.
XmlUrlResolver resolver = new XmlUrlResolver();
XmlSecureResolver sResolver = new XmlSecureResolver(resolver, "http://myServer/data/");
sResolver.Credentials = CredentialCache.DefaultCredentials;
// Use the secure resolver to resolve resources.
reader.XmlResolver = sResolver;
// Parse the file.
while (reader.Read())
{
// Do any additional processing here.
}
// Close the reader.
reader.Close();
}
public List <Knowledge> Search(string input)
{
List <Knowledge> searchResult = new List <Knowledge>();
var webRoot = _env.WebRootPath;
var file = System.IO.Path.Combine(webRoot, "Knowledgebase.xml");
XmlSecureResolver resolver = new XmlSecureResolver(new XmlUrlResolver(), "https://*****:*****@"//knowledge[tags[contains(text(),$input)] and sensitivity/text()='Public']");
XsltArgumentList varList = new XsltArgumentList();
varList.AddParam("input", string.Empty, input);
CustomContext context = new CustomContext(new NameTable(), varList);
expr.SetContext(context);
var matchedNodes = nav.Select(expr);
foreach (XPathNavigator node in matchedNodes)
{
searchResult.Add(new Knowledge()
{
Topic = node.SelectSingleNode(nav.Compile("topic")).Value, Description = node.SelectSingleNode(nav.Compile("description")).Value
});
}
return(searchResult);
}
public void XmlReader_SecureXmlResolver(XmlSecureResolver secureResolver)
{
using (XmlReader.Create("uri", new XmlReaderSettings {
ProhibitDtd = false, XmlResolver = secureResolver
})) { } // Compliant
}
public void EmptyCtorCannotResolve()
{
XmlSecureResolver r = new XmlSecureResolver(null, (Evidence)null);
r.ResolveUri(null, "http://www.go-mono.com");
}
//==============================
//
static void Use_URL()
{
//<snippet3>
XmlSecureResolver myResolver = new XmlSecureResolver(new XmlUrlResolver(), "http://myLocalSite/");
//</snippet3>
}
static bool ValidateXml(XmlDocument receipt, X509Certificate2 certificate)
{
// Create the signed XML object.
SignedXml sxml = new SignedXml(receipt);
// Get the XML Signature node and load it into the signed XML object.
XmlNode dsig = receipt.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl)[0];
if (dsig == null)
{
// If signature is not found return false
System.Console.WriteLine("Signature not found.");
return(false);
}
sxml.LoadXml((XmlElement)dsig);
// Check the signature
bool isValid = sxml.CheckSignature(certificate, true);
FieldInfo field = sxml.GetType().GetField("m_signature",
BindingFlags.NonPublic |
BindingFlags.Instance);
var sig = (Signature)field.GetValue(sxml);
var _ref = (Reference)sig.SignedInfo.References[0];
//var pre = Type.GetType("System.Security.Cryptography.Xml.Utils").GetMethod("PreProcessDocumentInput");
//pre.Invoke(null, new[] { });
var enveloped = (XmlDsigEnvelopedSignatureTransform)_ref.TransformChain[0];
enveloped.LoadInput(receipt);
var outputstream = enveloped.GetOutput();
var securityUrl = receipt.BaseURI;
var resolver = new XmlSecureResolver(new XmlUrlResolver(), securityUrl);
//TransformToOctetStream(Stream input, XmlResolver resolver, string baseUri)
MethodInfo trans = _ref.TransformChain.GetType().GetMethods(BindingFlags.NonPublic | BindingFlags.Instance)[2];
var stream = trans.Invoke(_ref.TransformChain, new object[] { receipt, resolver, securityUrl });
var canontype = sig.GetType().Assembly.GetType("System.Security.Cryptography.Xml.CanonicalXml");
var foo = Activator.CreateInstance(canontype, BindingFlags.NonPublic | BindingFlags.Instance, null, new object[] { receipt, resolver }, null);
MethodInfo method = _ref.GetType().GetMethod("CalculateHashValue",
BindingFlags.NonPublic |
BindingFlags.Instance);
FieldInfo refs = sig.GetType().GetField("m_referencedItems",
BindingFlags.NonPublic |
BindingFlags.Instance);
var refs1 = refs.GetValue(sig);
var res = method.Invoke(_ref, new [] { receipt, refs1 });
var str = Convert.ToBase64String((byte[])res);
return(isValid);
}
public static void XmlDocument_SetSafeResolver(XmlSecureResolver xmlSecureResolver)
{
var doc = new XmlDocument();
doc.XmlResolver = xmlSecureResolver;
}
static bool ValidateXml(XmlDocument receipt, X509Certificate2 certificate)
{
// Create the signed XML object.
SignedXml sxml = new SignedXml(receipt);
// Get the XML Signature node and load it into the signed XML object.
XmlNode dsig = receipt.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl)[0];
if (dsig == null)
{
// If signature is not found return false
System.Console.WriteLine("Signature not found.");
return false;
}
sxml.LoadXml((XmlElement)dsig);
// Check the signature
bool isValid = sxml.CheckSignature(certificate, true);
FieldInfo field = sxml.GetType().GetField("m_signature",
BindingFlags.NonPublic |
BindingFlags.Instance);
var sig = (Signature)field.GetValue(sxml);
var _ref = (Reference)sig.SignedInfo.References[0];
//var pre = Type.GetType("System.Security.Cryptography.Xml.Utils").GetMethod("PreProcessDocumentInput");
//pre.Invoke(null, new[] { });
var enveloped = (XmlDsigEnvelopedSignatureTransform)_ref.TransformChain[0];
enveloped.LoadInput(receipt);
var outputstream = enveloped.GetOutput();
var securityUrl = receipt.BaseURI;
var resolver = new XmlSecureResolver(new XmlUrlResolver(), securityUrl);
//TransformToOctetStream(Stream input, XmlResolver resolver, string baseUri)
MethodInfo trans = _ref.TransformChain.GetType().GetMethods(BindingFlags.NonPublic | BindingFlags.Instance)[2];
var stream = trans.Invoke(_ref.TransformChain, new object[] {receipt, resolver, securityUrl});
var canontype = sig.GetType().Assembly.GetType("System.Security.Cryptography.Xml.CanonicalXml");
var foo = Activator.CreateInstance(canontype, BindingFlags.NonPublic | BindingFlags.Instance, null, new object[] {receipt, resolver}, null);
MethodInfo method = _ref.GetType().GetMethod("CalculateHashValue",
BindingFlags.NonPublic |
BindingFlags.Instance);
FieldInfo refs = sig.GetType().GetField("m_referencedItems",
BindingFlags.NonPublic |
BindingFlags.Instance);
var refs1 = refs.GetValue(sig);
var res = method.Invoke(_ref, new [] {receipt, refs1});
var str = Convert.ToBase64String((byte[])res);
return isValid;
}
public ResourceResolver(CreatePublishWebPage taskOwner)
{
this.taskOwner = taskOwner;
evidence = XmlSecureResolver.CreateEvidenceForUrl(Path.GetDirectoryName(taskOwner.MicrosoftVisualStudioPublishAssembly.Location));
}
protected void XmlDocument_WithNullResolver(XmlSecureResolver xmlSecureResolver)
{
XmlDocument doc = new XmlDocument();
doc.XmlResolver = null;
}