SocketPermission
Represents the permission to access network resources.
Table of Contents
Introduction
The SocketPermission class is a security permission that controls access to network resources. It allows applications to specify which network addresses and ports their sockets are allowed to connect to or listen on. This is crucial for securing network-enabled applications by enforcing the principle of least privilege.
SocketPermission operates within the .NET security model, enabling granular control over network operations and preventing unauthorized access or communication.
Syntax
public sealed class SocketPermission : CodeAccessPermission, IUnrestrictedPermission
Constructors
SocketPermission(PermissionState state)
Initializes a new instance of the SocketPermission class with the specified permission state.
state- One of the
PermissionStateenumeration values, indicating whether the permission is unrestricted or empty.
SocketPermission(SocketPermissionAccess permissionAccess, IdentityReferenceCollection target, string,’”server”’, int,’”port”’)
Initializes a new instance of the SocketPermission class with the specified access rights, target host, and port.
permissionAccess- A bitwise combination of the
SocketPermissionAccessvalues that specifies the network access permitted. target- An
IdentityReferenceCollectionrepresenting the identity of the remote host or network to which access is granted. server- A string representing the DNS name or IP address of the remote host.
port- An integer representing the port number to which access is permitted.
SocketPermission(SocketPermissionAccess permissionAccess, IPAddress,’”address”’, int,’”portMask”’)
Initializes a new instance of the SocketPermission class with the specified access rights, IP address, and port mask.
permissionAccess- A bitwise combination of the
SocketPermissionAccessvalues that specifies the network access permitted. address- An
IPAddressrepresenting the IP address of the remote host. portMask- An integer representing the port mask to use for matching.
Properties
Access
Gets the socket access represented by this permission.
IsUnrestricted()
Returns a value indicating whether this permission is unrestricted.
Methods
AddPermission(SocketPermission permission)
Adds a SocketPermission object to the current permission object.
Copy()
Creates and returns an identical copy of the current permission object.
Equals(object obj)
Determines whether the specified object is equal to the current object.
FromXml(SecurityElement elem)
Reconstructs a security object with a specified state from an XML encoding.
GetHashCode()
Serves as the default hash function.
Intersect(IPermission target)
Creates and returns a permission that is the intersection of the current permission and the specified permission.
IsSubsetOf(IPermission target)
Determines whether the current permission is a subset of the specified permission.
Parse(string str)
Creates a SocketPermission object and initializes it to the specified level of access to the specified resources from the XML string.
ToXml()
Creates an XML encoding of the current security object that includes any security state information.
Union(IPermission target)
Creates and returns a permission that represents the union of the current permission and the specified permission.
Inheritance
- object
- System.Security.CodeAccessPermission
- System.Net.Sockets.SocketPermission
Remarks
SocketPermission is used to define the network access rights for code. When a security policy is enforced, code that attempts network operations (like creating a Socket) will have its permissions checked against the granted SocketPermission.
The primary use case is to restrict applications to connect to specific hosts or ports, or to only listen on local interfaces. For instance, a server application might be granted permission to listen on a specific port, while client applications are restricted to connecting to a predefined set of server addresses.
SocketPermissionAttribute can be used to declaratively apply SocketPermission to code blocks, methods, or classes.
Examples
The following example demonstrates how to create and assert a SocketPermission to allow connecting to a specific web server on port 80.
using System;
using System.Net;
using System.Net.Sockets;
using System.Security;
using System.Security.Permissions;
public class SocketPermissionExample
{
public static void Main(string[] args)
{
try
{
// Define the permission for connecting to a specific host and port.
// This grants permission to establish TCP connections to "www.example.com" on port 80.
SocketPermission connPermission = new SocketPermission(
SocketPermissionAccess.Connect,
"www.example.com",
80);
// Assert the permission. This tells the security system that the calling code
// has this permission and is allowed to perform the operations described.
connPermission.Demand();
Console.WriteLine("Socket permission to connect to www.example.com:80 has been asserted.");
// In a real application, you would now attempt to create a Socket
// and connect to www.example.com on port 80. If the security policy
// allows it, the operation will succeed. If not, a SecurityException
// will be thrown.
// Example of creating a socket (this would require the asserted permission)
// Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
// IPAddress ipAddress = Dns.GetHostEntry("www.example.com").AddressList[0];
// IPEndPoint remoteEP = new IPEndPoint(ipAddress, 80);
// socket.Connect(remoteEP);
// Console.WriteLine("Successfully connected (simulated).");
// socket.Close();
}
catch (SecurityException e)
{
Console.WriteLine($"Security Exception caught: {e.Message}");
}
catch (Exception e)
{
Console.WriteLine($"An error occurred: {e.Message}");
}
}
}
Requirements
Assembly: System.dll
Namespace: System.Net.Sockets
Platform: .NET Framework, .NET Core, .NET 5+