Sockets and DNS

Previous page
Table of content
Next page

Code that uses sockets directly by using the System.Net.Sockets.Socket class must be granted the SocketPermission by code access security policy. In addition, if your code uses DNS to map host names to IP addresses, it requires the DnsPermission .

You can use SocketPermission to constrain access to specific ports on specific hosts . You can also restrict whether the socket can be used to accept connections or initiate outbound connections, and you can restrict the transport protocol, for example, Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).

Constraining Socket Access

To constrain code so that it can only use sockets in a restricted way, you can use the SocketPermissionAttribute together with SecurityAction.PermitOnly . The following attributes ensure that the code can connect only to a specific port on a specific host using the TCP protocol. Because the code also calls Dns.Resolve to resolve a host name , the code also requires the DnsPermission . 

 [SocketPermissionAttribute(SecurityAction.PermitOnly,                             Access="Connect",                             Host="hostname",                             Port="80",                             Transport="Tcp")] [DnsPermissionAttribute(SecurityAction.PermitOnly, Unrestricted=true)] public string MakeRequest(string hostname, string message) {   Socket socket = null;   IPAddress serverAddress = null;   IPEndPoint serverEndPoint = null;   byte[] sendBytes = null, bytesReceived = null;   int bytesReceivedSize = -1, readSize = 4096;       serverAddress = Dns.Resolve(hostname).AddressList[0];   serverEndPoint = new IPEndPoint(serverAddress, 80);   socket = new Socket(AddressFamily.InterNetwork,                        SocketType.Stream, ProtocolType.Tcp);   bytesReceived = new byte[readSize];   sendBytes = Encoding.ASCII.GetBytes(message);   socket.Connect(serverEndPoint);   socket.Send(sendBytes);   bytesReceivedSize = socket.Receive(bytesReceived, readSize, 0);   socket.Close();   if(-1 != bytesReceivedSize)   {     return Encoding.ASCII.GetString(bytesReceived, 0, bytesReceivedSize);   }   return ""; }

Requesting SocketPermission and DnsPermission

To document the permission requirements of your code, and to ensure your assembly cannot load if it is granted insufficient socket or DNS access from code access security policy, add an assembly level SocketPermissionAttribute and a DnsPermissionAttribute with SecurityAction.RequestMinimum as shown in the following example. 

 [assembly: SocketPermissionAttribute(SecurityAction.RequestMinimum,                                       Access="Connect",                                       Host="hostname",                                       Port="80",                                       Transport="Tcp")            DnsPermissionAttribute(SecurityAction.PermitOnly, Unrestricted=true)]


Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Information Dashboard Design: The Effective Visual Communication of Data
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy