Xsl Transformation Credentials

There is a frustrating deficiency in the XsltLoader class with regards to permissions. This is the class called by the XslCompiledTransform class that loads the xsl source file. The standard call would be as follows:

StringWriter stringWriter = new StringWriter();
HtmlTextWriter writer = new HtmlTextWriter(stringWriter);

XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = CredentialCache.DefaultCredentials;

XslCompiledTransform transformer = new XslCompiledTransform();
transformer.Load(xslPath, XsltSettings.Default, resolver);
transformer.Transform(sourceXmlDoc, null, writer);

return stringWriter.ToString();

This works fine if you are under standard NT security/permission setups for SharePoint/MOSS 2007. However, if you do something like bring in Forms Based Authentication, you will get a strange xsl compile error.

The problem is that although the XsltLoader.Load method accepts an XmlUrlResolver object as a parameter, it does not actually use it when retrieving the xsl file. So, we cannot call the XslCompiledTransform.Load method by passing the xsl path as a string. Instead, we need to load the xsl into an XmlReader object manually and pass the reader to the Load method instead. This allows us to pass the credentials to the XmlReader and it will do the work of retrieving the xsl file. The finally result would be as follows:

StringWriter stringWriter = new StringWriter();
HtmlTextWriter writer = new HtmlTextWriter(stringWriter);

XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = CredentialCache.DefaultCredentials;

XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = resolver;
XmlReader reader = XmlReader.Create(xslPath, settings);

XslCompiledTransform transformer = new XslCompiledTransform();
transformer.Load(reader , XsltSettings.Default, resolver);
transformer.Transform(sourceXmlDoc, null, writer);
return stringWriter.ToString();