ExtendedProtectionPolicy Class

Namespace: System.Net.Security

Specifies the extended protection policy for a SslStream. This class allows for more granular control over channel binding token (CBT) requirements.

Syntax

public sealed class ExtendedProtectionPolicy

Description

The ExtendedProtectionPolicy class provides a mechanism to enforce extended protection for network connections that use SslStream. Extended protection can help mitigate man-in-the-middle attacks by ensuring that the client and server have a shared understanding of the channel binding token (CBT). This class allows you to configure whether CBT is required, optional, or not used, and to specify the allowed CBT providers.

Note: Extended protection is an advanced security feature and requires careful configuration to avoid disrupting existing connections. Ensure you understand the implications before enabling it.

Constructors

╔

ExtendedProtectionPolicy(ProtectionLevel protectionLevel)

Initializes a new instance of the ExtendedProtectionPolicy class with the specified protection level.

Parameters

Name	Description
`protectionLevel`	The ProtectionLevel value that indicates whether authentication, integrity, or confidentiality is required.

╔

ExtendedProtectionPolicy(ProtectionLevel protectionLevel, ExtendedProtectionPolicyFlags flags)

Initializes a new instance of the ExtendedProtectionPolicy class with the specified protection level and flags.

Parameters

Name	Description
`protectionLevel`	The ProtectionLevel value that indicates whether authentication, integrity, or confidentiality is required.
`flags`	A bitwise combination of the ExtendedProtectionPolicyFlags enumeration values that specifies the flags to use.

Properties

◆

CustomServiceNames

Gets or sets a collection of custom service names that are used for extended protection.

Type: ReadOnlyCollection<string>

Access: Get

◆

PolicyEnforcement

Gets the policy enforcement setting for extended protection.

Type: PolicyEnforcement

Access: Get

◆

ProtectionLevel

Gets the protection level required for the connection.

Type: ProtectionLevel

Access: Get

Methods

◼

Equals

Determines whether the specified object is equal to the current object.

Overrides: Object.Equals(Object)

◼

GetHashCode

Serves as the default hash function.

Overrides: Object.GetHashCode()

◼

GetType

Gets the type of the current instance.

Overrides: Object.GetType()

◼

ToString

Returns a string that represents the current object.

Overrides: Object.ToString()

Remarks

The ExtendedProtectionPolicy class is crucial for enhancing security in scenarios where sensitive data is transmitted over networks. By leveraging channel binding tokens, it provides an additional layer of defense against various network-based attacks.

When configuring extended protection, consider the following:

PolicyEnforcement: Use WhenSupported to allow connections to succeed even if extended protection is not available on the client. Use Always to strictly enforce extended protection.
CustomServiceNames: This property is used to specify a list of Service Principal Names (SPNs) that are trusted for the server. If this list is empty, the SPN of the local machine is used by default.

This class is designed to be used in conjunction with SslStream to establish secure communication channels.

.NET Class Library

ExtendedProtectionPolicy Class

Syntax

Description

Constructors

Parameters

Parameters

Properties

Methods

Remarks