How to configure the XML parser to disable external entity resolution in c#

Question

var xDoc = XDocument.Load(fileName);

I am using above code in a function to load an XML file. Functionality wise its working fine but it is showing

Answer 1

If you are not using external entity references in your XML, you can disable the resolver by setting it to null, from How to prevent XXE attack ( XmlDocument in .net)

XmlDocument xmlDoc = new XmlDocument();
xmlDoc.XmlResolver = null;
xmlDoc.LoadXml(OurOutputXMLString);

If you are expecting the document to contain entity references, then you will need to create a custom resolver and whitelist what you are expecting. Especially, any references to websites that you do not control.