System.Net.SocketPermission Class

Summary

Controls rights to make or accept connections on a transport address.

C# Syntax:

[Serializable] public sealed class SocketPermission : CodeAccessPermission, IUnrestrictedPermission

SocketPermission instances control permission to accept connections or initiate Socket connections. A Socket permission can secure access based on host name or IP address, a port number, and a transport protocol.

System.Net Namespace

System.Net.SocketPermission Member List:

Public Constructors

ctor #1	Overloaded: .ctor(PermissionState state) Initializes a new instance of the SocketPermission class that allows unrestricted access to the Socket or disallows access to the Socket.
ctor #2	Overloaded: .ctor(NetworkAccess access, TransportType transport, string hostName, int portNumber) Initializes a new instance of the SocketPermission class for the given transport address with the specified permission.

Public Fields

AllPorts

Defines a constant representing all ports.

Public Properties

AcceptList	Read-only Gets a list of EndpointPermission instances identifying the endpoints that can be accepted under this permission instance.
ConnectList	Read-only Gets a list of EndpointPermission instances identifying the endpoints that can be connected to under this permission instance.

Public Methods

AddPermission	Adds a permission to the set of permissions for a transport address.
Assert (inherited from System.Security.CodeAccessPermission)	See base class member description: System.Security.CodeAccessPermission.Assert Asserts that calling code can access the resource identified by the current permission through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource.
Copy	Overridden: Creates a copy of a SocketPermission instance.
Demand (inherited from System.Security.CodeAccessPermission)	See base class member description: System.Security.CodeAccessPermission.Demand Forces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.
Deny (inherited from System.Security.CodeAccessPermission)	See base class member description: System.Security.CodeAccessPermission.Deny Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.
Equals (inherited from System.Object)	See base class member description: System.Object.Equals Derived from System.Object, the primary base class for all objects.
FromXml	Overridden: Reconstructs a SocketPermission instance for an XML encoding.
GetHashCode (inherited from System.Object)	See base class member description: System.Object.GetHashCode Derived from System.Object, the primary base class for all objects.
GetType (inherited from System.Object)	See base class member description: System.Object.GetType Derived from System.Object, the primary base class for all objects.
Intersect	Overridden: Returns the logical intersection between two SocketPermission instances.
IsSubsetOf	Overridden: Determines if the current permission is a subset of the specified permission.
IsUnrestricted	Checks the overall permission state of the object.
PermitOnly (inherited from System.Security.CodeAccessPermission)	See base class member description: System.Security.CodeAccessPermission.PermitOnly Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.
ToString (inherited from System.Security.CodeAccessPermission)	See base class member description: System.Security.CodeAccessPermission.ToString Creates and returns a string representation of the current permission object.
ToXml	Overridden: Creates an XML encoding of a SocketPermission instance and its current state.
Union	Overridden: Returns the logical union between two SocketPermission instances.

Protected Methods

Finalize (inherited from System.Object)	See base class member description: System.Object.Finalize Derived from System.Object, the primary base class for all objects.
MemberwiseClone (inherited from System.Object)	See base class member description: System.Object.MemberwiseClone Derived from System.Object, the primary base class for all objects.

Hierarchy:

• System.Object
• System.Security.CodeAccessPermission
• System.Net.SocketPermission

System.Net.SocketPermission Member Details

Summary

Initializes a new instance of the SocketPermission class that allows unrestricted access to the Socket or disallows access to the Socket.

C# Syntax:

public SocketPermission(    PermissionState state );

state

One of the PermissionState values.

If the SocketPermission instance was created with the Unrestricted value from PermissionState then the SocketPermission instance will pass all demands. Any other value for state will result in a SocketPermission instance that will fail all demands unless a transport address permission is added with SocketPermission.AddPermission.

Return to top

Summary

Initializes a new instance of the SocketPermission class for the given transport address with the specified permission.

C# Syntax:

public SocketPermission(    NetworkAccess access,    TransportType transport,    string hostName,    int portNumber );

access

One of the NetworkAccess values.

transport

One of the TransportType values.

hostName

The host name for the transport address.

portNumber

The port number for the transport address.

This constructor creates a SocketPermission that controls access to the specified hostName and portNumber using the specified transport.

The hostName can be a DNS name, an IP address, or a specified IP subnet using, such as 192.168.1.*.

The portNumber can be any valid port number defined by the transport, or SocketPermission.AllPorts.

Return to top

Summary

Defines a constant representing all ports.

C# Syntax:

public const int AllPorts;

This field is read-only. The value of this field is -1.

Return to top

Summary

Gets a list of EndpointPermission instances identifying the endpoints that can be accepted under this permission instance.

C# Syntax:

public IEnumerator AcceptList {get;}

Return to top

Summary

Gets a list of EndpointPermission instances identifying the endpoints that can be connected to under this permission instance.

C# Syntax:

public IEnumerator ConnectList {get;}

Return to top

Summary

Adds a permission to the set of permissions for a transport address.

C# Syntax:

public void AddPermission(    NetworkAccess access,    TransportType transport,    string hostName,    int portNumber );

access

One of the NetworkAccess values.

transport

One of the TransportType values.

hostName

The host name for the transport address.

portNumber

The port number for the transport address.

The hostName can be a DNS name, an IP address, or a specified IP subnet using, such as 192.168.1.*.

Return to top

Inherited
See base class member description: System.Security.CodeAccessPermission.Assert

Summary

Asserts that calling code can access the resource identified by the current permission through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource.

C# Syntax:

public void Assert();

Exceptions

Exception Type	Condition
SecurityException	The calling code does not have SecurityPermissionFlag.Assertion. -or- There is already an active CodeAccessPermission.Assert for the current frame.

Implements:

IStackWalk.Assert

The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. Calling CodeAccessPermission.Assert prevents a stack walk originating lower in the call stack from proceeding up the call stack beyond the code that calls this method. Therefore, even if callers higher on the call stack do not have the requisite permissions to access a resource, they can still access it through the code that calls this method on the necessary permission. An assertion is effective only if the code that calls CodeAccessPermission.Assert passes the security check for the permission that it is asserting.

The call to CodeAccessPermission.Assert is effective until the calling code returns to its caller. Only one CodeAccessPermission.Assert can be active on a frame. An attempt to call CodeAccessPermission.Assert when an active CodeAccessPermission.Assert exists on the frame results in a SecurityException. Call CodeAccessPermission.RevertAssert or CodeAccessPermission.RevertAll to remove an active CodeAccessPermission.Assert.

CodeAccessPermission.Assert is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack calls CodeAccessPermission.Demand for that permission, a SecurityException is thrown when the stack walk reaches the code that tried to call CodeAccessPermission.Assert. This happens because the code that called CodeAccessPermission.Assert has not been granted the permission, even though it tried to CodeAccessPermission.Assert it.

Because calling CodeAccessPermission.Assert removes the requirement that all code in the call chain must be granted permission to access the specified resource, it can open up security vulnerabilities if used incorrectly or inappropriately. Therefore, it should be used with great caution.

Notes to inheritors: You cannot override this method.

SecurityPermission for the ability to call CodeAccessPermission.Assert. Associated enumeration: SecurityPermissionFlag.Assertion

Return to top

Summary

Creates a copy of a SocketPermission instance.

C# Syntax:

public override IPermission Copy();

Return Value:

A new instance of the SocketPermission class that is a copy of the current instance.

Implements:

IPermission.Copy

The object returned by this method represents the same level of access as the current instance. This method overrides CodeAccessPermission.Copy and is implemented to support the IPermission interface.

Return to top

Inherited
See base class member description: System.Security.CodeAccessPermission.Demand

Summary

Forces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

C# Syntax:

public void Demand();

Exceptions

Exception Type	Condition
SecurityException	A caller higher in the call stack does not have the permission specified by the current instance. -or- A caller higher in the call stack has called CodeAccessPermission.Deny on the current permission object.

Implements:

IPermission.Demand

Implements:

IStackWalk.Demand

This method is typically used by secure libraries to ensure that callers have permission to access a resource. For example, a file class in a secure class library calls CodeAccessPermission.Demand for the necessary FileIOPermission before performing a file operation requested by the caller.

The permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and proceeds up the stack. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. CodeAccessPermission.Demand succeeds only if no SecurityException is raised.

Notes to inheritors: You cannot override this method.

Return to top

Inherited
See base class member description: System.Security.CodeAccessPermission.Deny

Summary

Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

C# Syntax:

public void Deny();

Exceptions

Exception Type	Condition
SecurityException	There is already an active CodeAccessPermission.Deny for the current frame.

Implements:

IStackWalk.Deny

This method prevents callers higher in the call stack from accessing the protected resource through the code that calls this method, even if those callers have been granted permission to access it. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

CodeAccessPermission.Deny can limit the liability of the programmer or prevent accidental security vulnerabilities because it prevents the method that calls CodeAccessPermission.Deny from being used to access the resource protected by the denied permission. If a method calls CodeAccessPermission.Deny on a permission, and if a CodeAccessPermission.Demand for that permission is invoked by a caller lower in the call stack, that security check will fail when it reaches the CodeAccessPermission.Deny.

The call to CodeAccessPermission.Deny is effective until the calling code returns to its caller. Only one CodeAccessPermission.Deny can be active on a frame. An attempt to call CodeAccessPermission.Deny when an active CodeAccessPermission.Deny exists on the frame results in a SecurityException. Call CodeAccessPermission.RevertDeny or CodeAccessPermission.RevertAll to remove an active CodeAccessPermission.Deny. CodeAccessPermission.Deny is ignored for a permission not granted because a demand for that permission will not succeed.

Notes to inheritors: You cannot override this method.

Return to top

Inherited
See base class member description: System.Object.Equals

C# Syntax:

public virtual bool Equals(    object obj );

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Object.Finalize

C# Syntax:

~SocketPermission();

For more information on members inherited from System.Object click on the link above.

Return to top

Summary

Reconstructs a SocketPermission instance for an XML encoding.

C# Syntax:

public override void FromXml(    SecurityElement securityElement );

securityElement

The XML encoding used to reconstruct the SocketPermission instance.

Exceptions

Exception Type	Condition
ArgumentNullException	The securityElement is null -or- The securityElement is not a permission element for this type.

Implements:

ISecurityEncodable.FromXml

The SocketPermission.FromXml method reconstructs a SocketPermission instance from an XML encoding defined by the SecurityElement class.

Use the SocketPermission.ToXml method to encode the SocketPermission instance, including state information, in XML.

Return to top

Inherited
See base class member description: System.Object.GetHashCode

C# Syntax:

public virtual int GetHashCode();

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Object.GetType

C# Syntax:

public Type GetType();

For more information on members inherited from System.Object click on the link above.

Return to top

Summary

Returns the logical intersection between two SocketPermission instances.

C# Syntax:

public override IPermission Intersect(    IPermission target );

target

The SocketPermission instance to intersect with the current instance.

Return Value:

The SocketPermission instance that represents the intersection of two SocketPermission instances. If the intersection is empty, the method returns a null reference (Nothing ). If the target parameter is null (Nothing ) the method returns null.

Exceptions

Exception Type	Condition
ArgumentException	The target parameter is not a SocketPermission.
SecurityException	DnsPermission is not granted to the method caller and DNS resolution is required to complete the operation.

Implements:

IPermission.Intersect

The intersection of two permissions is a permission that secures the resources and operations secured by both permissions. Specifically, it represents the minimum permission such that any demand that passes both permissions will also pass their intersection. This method overrides CodeAccessPermission.Intersect and is implemented to support the IPermission interface.

Return to top

Summary

Determines if the current permission is a subset of the specified permission.

C# Syntax:

public override bool IsSubsetOf(    IPermission target );

target

A SocketPermission that is to be tested for the subset relationship.

Return Value:

If the target parameter is null (Nothing ), this method returns true if the current instance defines no permissions, false otherwise. If target is not null, this method returns true if the current instance defines a subset of target permissions, and false otherwise.

Exceptions

Exception Type	Condition
ArgumentException	target is not a SocketException.
SecurityException	DnsPermission is not granted to the method caller and DNS resolution is required to complete the operation.

Implements:

IPermission.IsSubsetOf

The current permission is a subset of the specified permission if the current permission specifies a set of operations that is wholly contained by the specified permission.

For example, a permission that represents access to 192.168.1.1:80 is a subset of a permission that represents access to 192.168.1.1:Any. If this method returns true, the current permission represents no more access to the protected resource than does the specified permission.

Return to top

Summary

Checks the overall permission state of the object.

C# Syntax:

public bool IsUnrestricted();

Return Value:

true if the SocketPermission instance was created with the Unrestricted value from PermissionState; otherwise, false.

Implements:

IUnrestrictedPermission.IsUnrestricted

Return to top

Inherited
See base class member description: System.Object.MemberwiseClone

C# Syntax:

protected object MemberwiseClone();

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Security.CodeAccessPermission.PermitOnly

Summary

Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

C# Syntax:

public void PermitOnly();

Exceptions

Exception Type	Condition
SecurityException	There is already an active CodeAccessPermission.PermitOnly for the current frame.

Implements:

IStackWalk.PermitOnly

CodeAccessPermission.PermitOnly is similar to CodeAccessPermission.Deny, in that both cause stack walks to fail when they would otherwise succeed. The difference is that CodeAccessPermission.Deny specifies permissions that will cause the stack walk to fail, but CodeAccessPermission.PermitOnly specifies the only permissions that do not cause the stack walk to fail.

Call this method to ensure that your code can be used to access only the specified resources. The call to CodeAccessPermission.PermitOnly is effective until the calling code returns to its caller. Only one CodeAccessPermission.PermitOnly can be active on a frame. An attempt to call CodeAccessPermission.PermitOnly when an active CodeAccessPermission.PermitOnly exists on the frame results in a SecurityException. Call CodeAccessPermission.RevertPermitOnly or CodeAccessPermission.RevertAll to remove an active CodeAccessPermission.PermitOnly.

CodeAccessPermission.PermitOnly is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack later calls CodeAccessPermission.Demand for that permission, a SecurityException is thrown when the stack walk reaches the code that tried to call CodeAccessPermission.PermitOnly. This is because the code that called CodeAccessPermission.PermitOnly has not been granted the permission, even though it called CodeAccessPermission.PermitOnly for that permission. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

Notes to inheritors: You cannot override this method.

Return to top

Inherited
See base class member description: System.Security.CodeAccessPermission.ToString

Summary

Creates and returns a string representation of the current permission object.

C# Syntax:

public override string ToString();

Return Value:

A string representation of the current permission object.

This method is useful in debugging when you need to display the permission as a string.

Return to top

Summary

Creates an XML encoding of a SocketPermission instance and its current state.

C# Syntax:

public override SecurityElement ToXml();

Return Value:

A SecurityElement instance containing an XML-encoded representation of the SocketPermission instance, including state information.

Implements:

ISecurityEncodable.ToXml

The SocketPermission.ToXml method creates a SecurityElement instance to encode a representation of the SocketPermission instance, including state information, in XML.

Use the SocketPermission.FromXml method to restore the state information from a SecurityElement instance.

Return to top

Summary

Returns the logical union between two SocketPermission instances.

C# Syntax:

public override IPermission Union(    IPermission target );

target

The SocketPermission instance to combine with the current instance.

Return Value:

The SocketPermission instance that represents the union of two SocketPermission instances.

Exceptions

Exception Type	Condition
ArgumentNullException	target is null.
ArgumentException	target is not a SocketPermission.

Implements:

IPermission.Union

The result of a call to SocketPermission.Union is a permission that represents all of the access to Socket connections represented by the current instance as well as the access represented by target. Any demand that passes either the current instance or target passes their union. This method overrides CodeAccessPermission.Union and is implemented to support the IPermission interface.

Return to top

Top of page