SocketPermission 类

定义

注意

Code Access Security is not supported or honored by the runtime.

控制在传输地址上建立或接受连接的权利。Controls rights to make or accept connections on a transport address.

public ref class SocketPermission sealed : System::Security::CodeAccessPermission, System::Security::Permissions::IUnrestrictedPermission
public sealed class SocketPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public sealed class SocketPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
[System.Serializable]
public sealed class SocketPermission : System.Security.CodeAccessPermission, System.Security.Permissions.IUnrestrictedPermission
type SocketPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type SocketPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
[<System.Serializable>]
type SocketPermission = class
    inherit CodeAccessPermission
    interface IUnrestrictedPermission
Public NotInheritable Class SocketPermission
Inherits CodeAccessPermission
Implements IUnrestrictedPermission
继承
SocketPermission
属性
实现

示例

下面的示例演示如何使用 SocketPermission 类设置、更改和强制实施各种套接字访问限制。The following example demonstrates how to use the SocketPermission class to set, change, and enforce various socket access restrictions.

// Creates a SocketPermission restricting access to and from all URIs.
SocketPermission^ mySocketPermission1 = gcnew SocketPermission( PermissionState::None );

// The socket to which this permission will apply will allow connections from www.contoso.com.
mySocketPermission1->AddPermission( NetworkAccess::Accept, TransportType::Tcp,  "www.contoso.com", 11000 );

// Creates a SocketPermission which will allow the target Socket to connect with www.southridgevideo.com.
SocketPermission^ mySocketPermission2 = gcnew SocketPermission( NetworkAccess::Connect,TransportType::Tcp, "www.southridgevideo.com",11002 );

// Creates a SocketPermission from the union of two SocketPermissions.
SocketPermission^ mySocketPermissionUnion =
   (SocketPermission^)( mySocketPermission1->Union( mySocketPermission2 ) );

// Checks to see if the union was successfully created by using the IsSubsetOf method.
if ( mySocketPermission1->IsSubsetOf( mySocketPermissionUnion ) &&
   mySocketPermission2->IsSubsetOf( mySocketPermissionUnion ) )
{
   Console::WriteLine(  "This union contains permissions from both mySocketPermission1 and mySocketPermission2" );
   
   // Prints the allowable accept URIs to the console.
   Console::WriteLine(  "This union accepts connections on :" );

   IEnumerator^ myEnumerator = mySocketPermissionUnion->AcceptList;
   while ( myEnumerator->MoveNext() )
   {
      Console::WriteLine( safe_cast<EndpointPermission^>( myEnumerator->Current )->ToString() );
   }
   
   // Prints the allowable connect URIs to the console.
   Console::WriteLine(  "This union permits connections to :" );

   myEnumerator = mySocketPermissionUnion->ConnectList;
   while ( myEnumerator->MoveNext() )
   {
      Console::WriteLine( safe_cast<EndpointPermission^>( myEnumerator->Current )->ToString() );
   }
}

// Creates a SocketPermission from the intersect of two SocketPermissions.
SocketPermission^ mySocketPermissionIntersect =
   (SocketPermission^)( mySocketPermission1->Intersect( mySocketPermissionUnion ) );

// mySocketPermissionIntersect should now contain the permissions of mySocketPermission1.
if ( mySocketPermission1->IsSubsetOf( mySocketPermissionIntersect ) )
{
   Console::WriteLine(  "This is expected" );
}

// mySocketPermissionIntersect should not contain the permissios of mySocketPermission2.
if ( mySocketPermission2->IsSubsetOf( mySocketPermissionIntersect ) )
{
   Console::WriteLine(  "This should not print" );
}

// Creates a copy of the intersect SocketPermission.
SocketPermission^ mySocketPermissionIntersectCopy =
   (SocketPermission^)( mySocketPermissionIntersect->Copy() );
if ( mySocketPermissionIntersectCopy->Equals( mySocketPermissionIntersect ) )
{
   Console::WriteLine(  "Copy successfull" );
}

// Converts a SocketPermission to XML format and then immediately converts it back to a SocketPermission.
mySocketPermission1->FromXml( mySocketPermission1->ToXml() );

// Checks to see if permission for this socket resource is unrestricted.  If it is, then there is no need to
// demand that permissions be enforced.
if ( mySocketPermissionUnion->IsUnrestricted() )
{
   //Do nothing.  There are no restrictions.
}
else
{
   // Enforces the permissions found in mySocketPermissionUnion on any Socket Resources used below this statement. 
   mySocketPermissionUnion->Demand();
}

IPHostEntry^ myIpHostEntry = Dns::Resolve(  "www.contoso.com" );
IPEndPoint^ myLocalEndPoint = gcnew IPEndPoint( myIpHostEntry->AddressList[ 0 ], 11000 );

Socket^ s = gcnew Socket( myLocalEndPoint->Address->AddressFamily,
   SocketType::Stream,
   ProtocolType::Tcp );
try
{
   s->Connect( myLocalEndPoint );
}
catch ( Exception^ e ) 
{
   Console::Write(  "Exception Thrown: " );
   Console::WriteLine( e->ToString() );
}

// Perform all socket operations in here.
s->Close();

     // Creates a SocketPermission restricting access to and from all URIs.
     SocketPermission mySocketPermission1 = new SocketPermission(PermissionState.None);

     // The socket to which this permission will apply will allow connections from www.contoso.com.
     mySocketPermission1.AddPermission(NetworkAccess.Accept, TransportType.Tcp, "www.contoso.com", 11000);

     // Creates a SocketPermission which will allow the target Socket to connect with www.southridgevideo.com.
     SocketPermission mySocketPermission2 =
                                new SocketPermission(NetworkAccess.Connect, TransportType.Tcp, "www.southridgevideo.com", 11002);

     // Creates a SocketPermission from the union of two SocketPermissions.
     SocketPermission mySocketPermissionUnion =
                                (SocketPermission)mySocketPermission1.Union(mySocketPermission2);

     // Checks to see if the union was successfully created by using the IsSubsetOf method.
     if (mySocketPermission1.IsSubsetOf(mySocketPermissionUnion) &&
           mySocketPermission2.IsSubsetOf(mySocketPermissionUnion)){
          Console.WriteLine("This union contains permissions from both mySocketPermission1 and mySocketPermission2");

          // Prints the allowable accept URIs to the console.
          Console.WriteLine("This union accepts connections on :");

          IEnumerator myEnumerator = mySocketPermissionUnion.AcceptList;
       while (myEnumerator.MoveNext()) {
               Console.WriteLine(((EndpointPermission)myEnumerator.Current).ToString());
            }

             // Prints the allowable connect URIs to the console.
          Console.WriteLine("This union permits connections to :");

          myEnumerator = mySocketPermissionUnion.ConnectList;
       while (myEnumerator.MoveNext()) {
               Console.WriteLine(((EndpointPermission)myEnumerator.Current).ToString());
            }
           }


     // Creates a SocketPermission from the intersect of two SocketPermissions.
     SocketPermission mySocketPermissionIntersect =
                               (SocketPermission)mySocketPermission1.Intersect(mySocketPermissionUnion);

     // mySocketPermissionIntersect should now contain the permissions of mySocketPermission1.
     if (mySocketPermission1.IsSubsetOf(mySocketPermissionIntersect)){
          Console.WriteLine("This is expected");
     }
    // mySocketPermissionIntersect should not contain the permissios of mySocketPermission2.
     if (mySocketPermission2.IsSubsetOf(mySocketPermissionIntersect)){
          Console.WriteLine("This should not print");
     }


// Creates a copy of the intersect SocketPermission.
     SocketPermission mySocketPermissionIntersectCopy =
                               (SocketPermission)mySocketPermissionIntersect.Copy();

     if (mySocketPermissionIntersectCopy.Equals(mySocketPermissionIntersect)){
     Console.WriteLine("Copy successfull");
     }


     // Converts a SocketPermission to XML format and then immediately converts it back to a SocketPermission.
     mySocketPermission1.FromXml(mySocketPermission1.ToXml());

     // Checks to see if permission for this socket resource is unrestricted.  If it is, then there is no need to
     // demand that permissions be enforced.
     if (mySocketPermissionUnion.IsUnrestricted()){
        
          //Do nothing.  There are no restrictions.
     }
     else{
         // Enforces the permissions found in mySocketPermissionUnion on any Socket Resources used below this statement.
         mySocketPermissionUnion.Demand();
     }

    IPHostEntry myIpHostEntry = Dns.Resolve("www.contoso.com");
    IPEndPoint myLocalEndPoint = new IPEndPoint(myIpHostEntry.AddressList[0], 11000);

       Socket s = new Socket(myLocalEndPoint.Address.AddressFamily,
                                   SocketType.Stream,
                                         ProtocolType.Tcp);
       try{
            s.Connect(myLocalEndPoint);
       }
       catch (Exception e){
            Console.WriteLine("Exception Thrown: " + e.ToString());
       }

      // Perform all socket operations in here.

      s.Close();
   ' Creates a SocketPermission restricting access to and from all URIs.
   Dim mySocketPermission1 As New SocketPermission(PermissionState.None)
   
   ' The socket to which this permission will apply will allow connections from www.contoso.com.
   mySocketPermission1.AddPermission(NetworkAccess.Accept, TransportType.Tcp, "www.contoso.com", 11000)
   
   ' Creates a SocketPermission which will allow the target Socket to connect with www.southridgevideo.com.
   Dim mySocketPermission2 As New SocketPermission(NetworkAccess.Connect, TransportType.Tcp, "www.southridgevideo.com", 11002)
   
   ' Creates a SocketPermission from the union of two SocketPermissions.
   Dim mySocketPermissionUnion As SocketPermission = CType(mySocketPermission1.Union(mySocketPermission2), SocketPermission)
   
   ' Checks to see if the union was successfully created by using the IsSubsetOf method.
   If mySocketPermission1.IsSubsetOf(mySocketPermissionUnion) And mySocketPermission2.IsSubsetOf(mySocketPermissionUnion) Then
      Console.WriteLine("This union contains permissions from both mySocketPermission1 and mySocketPermission2")
      
      ' Prints the allowable accept URIs to the console.
      Console.WriteLine("This union accepts connections on :")
      
      Dim myEnumerator As IEnumerator = mySocketPermissionUnion.AcceptList
      While myEnumerator.MoveNext()
         Console.WriteLine(CType(myEnumerator.Current, EndpointPermission).ToString())
      End While
      
      Console.WriteLine("This union establishes connections on : ")
      
      ' Prints the allowable connect URIs to the console.
      Console.WriteLine("This union permits connections to :")
      
      myEnumerator = mySocketPermissionUnion.ConnectList
      While myEnumerator.MoveNext()
         Console.WriteLine(CType(myEnumerator.Current, EndpointPermission).ToString())
      End While
   End If 
   ' Creates a SocketPermission from the intersect of two SocketPermissions.
   Dim mySocketPermissionIntersect As SocketPermission = CType(mySocketPermission1.Intersect(mySocketPermissionUnion), SocketPermission)
   
   ' mySocketPermissionIntersect should now contain the permissions of mySocketPermission1.
   If mySocketPermission1.IsSubsetOf(mySocketPermissionIntersect) Then
      Console.WriteLine("This is expected")
   End If
   ' mySocketPermissionIntersect should not contain the permissios of mySocketPermission2.
   If mySocketPermission2.IsSubsetOf(mySocketPermissionIntersect) Then
      Console.WriteLine("This should not print")
   End If
   
   ' Creates a copy of the intersect SocketPermission.
   Dim mySocketPermissionIntersectCopy As SocketPermission = CType(mySocketPermissionIntersect.Copy(), SocketPermission)
   
   If mySocketPermissionIntersectCopy.Equals(mySocketPermissionIntersect) Then
      Console.WriteLine("Copy successfull")
   End If
   ' Converts a SocketPermission to XML format and then immediately converts it back to a SocketPermission.
   mySocketPermission1.FromXml(mySocketPermission1.ToXml())
   
   
   ' Checks to see if permission for this socket resource is unrestricted.  If it is, then there is no need to
   ' demand that permissions be enforced.
   If mySocketPermissionUnion.IsUnrestricted() Then
   
   'Do nothing.  There are no restrictions.
   Else
      ' Enforces the permissions found in mySocketPermissionUnion on any Socket Resources used below this statement. 
      mySocketPermissionUnion.Demand()
   End If
   
   Dim myIpHostEntry As IPHostEntry = Dns.Resolve("www.contoso.com")
   Dim myLocalEndPoint As New IPEndPoint(myIpHostEntry.AddressList(0), 11000)
   
   Dim s As New Socket(myLocalEndPoint.Address.AddressFamily, SocketType.Stream, ProtocolType.Tcp)
   Try
      s.Connect(myLocalEndPoint)
   Catch e As Exception
      Console.WriteLine(("Exception Thrown: " + e.ToString()))
   End Try
   
   ' Perform all socket operations in here.
   s.Close()
End Sub

注解

SocketPermission 实例控制接受连接或启动连接的权限 SocketSocketPermission instances control permission to accept connections or initiate Socket connections. Socket可以为主机名或 IP 地址、端口号和传输协议建立权限。A Socket permission can be established for a host name or IP address, a port number, and a transport protocol.

备注

避免使用主机名创建套接字权限,因为这些名称必须解析为 IP 地址,这可能会阻止堆栈。Avoid creating socket permissions using host names, as these names have to be resolved to IP addresses, and this might block the stack.

构造函数

SocketPermission(NetworkAccess, TransportType, String, Int32)

用指定的权限初始化给定传输地址的 SocketPermission 类的新实例。Initializes a new instance of the SocketPermission class for the given transport address with the specified permission.

SocketPermission(PermissionState)

初始化 SocketPermission 类的新实例,该类允许对 Socket 的无限制访问或不允许对 Socket 的访问。Initializes a new instance of the SocketPermission class that allows unrestricted access to the Socket or disallows access to the Socket.

字段

AllPorts

定义表示所有端口的常数。Defines a constant that represents all ports.

属性

AcceptList

获取标识在此权限实例下可以接受的终结点的 EndpointPermission 实例列表。Gets a list of EndpointPermission instances that identifies the endpoints that can be accepted under this permission instance.

ConnectList

获取标识在此权限实例下可以连接到的终结点的 EndpointPermission 实例列表。Gets a list of EndpointPermission instances that identifies the endpoints that can be connected to under this permission instance.

方法

AddPermission(NetworkAccess, TransportType, String, Int32)

向传输地址的权限集添加权限。Adds a permission to the set of permissions for a transport address.

Assert()

声明调用代码能够通过调用此方法的代码,访问受权限请求保护的资源,即使未对堆栈中处于较高位置的调用方授予访问该资源的权限。Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. 使用 Assert() 会引起安全问题。Using Assert() can create security issues.

(继承自 CodeAccessPermission)
Copy()

创建 SocketPermission 实例的副本。Creates a copy of a SocketPermission instance.

Demand()

如果未对调用堆栈中处于较高位置的所有调用方授予当前实例所指定的权限,则在运行时强制 SecurityExceptionForces a SecurityException at run time if all callers higher in the call stack have not been granted the permission specified by the current instance.

(继承自 CodeAccessPermission)
Deny()
已过时。
已过时。

防止处于调用堆栈较高位置的调用函数使用可以调用此方法来访问当前实例指定资源的代码。Prevents callers higher in the call stack from using the code that calls this method to access the resource specified by the current instance.

(继承自 CodeAccessPermission)
Equals(Object)

确定指定的 CodeAccessPermission 对象是否等于当前的 CodeAccessPermissionDetermines whether the specified CodeAccessPermission object is equal to the current CodeAccessPermission.

(继承自 CodeAccessPermission)
FromXml(SecurityElement)

重新构造一个 SocketPermission 实例用于 XML 编码。Reconstructs a SocketPermission instance for an XML encoding.

GetHashCode()

获取 CodeAccessPermission 对象的哈希代码,此代码适合在哈希算法和数据结构(例如哈希表)中使用。Gets a hash code for the CodeAccessPermission object that is suitable for use in hashing algorithms and data structures such as a hash table.

(继承自 CodeAccessPermission)
GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
Intersect(IPermission)

返回两个 SocketPermission 实例的逻辑交集。Returns the logical intersection between two SocketPermission instances.

IsSubsetOf(IPermission)

确定当前权限是否为指定权限的子集。Determines if the current permission is a subset of the specified permission.

IsUnrestricted()

检查对象的整体权限状态。Checks the overall permission state of the object.

MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
PermitOnly()

防止处于调用堆栈较高位置的调用函数使用此代码,此代码将调用此方法来访问除当前实例指定的资源以外的所有资源。Prevents callers higher in the call stack from using the code that calls this method to access all resources except for the resource specified by the current instance.

(继承自 CodeAccessPermission)
ToString()

创建并返回当前权限对象的字符串表示形式。Creates and returns a string representation of the current permission object.

(继承自 CodeAccessPermission)
ToXml()

创建 SocketPermission 实例及其当前状态的 XML 编码。Creates an XML encoding of a SocketPermission instance and its current state.

Union(IPermission)

返回两个 SocketPermission 实例的逻辑并集。Returns the logical union between two SocketPermission instances.

显式接口实现

IPermission.Demand()

如果不满足安全要求,则会在运行时引发 SecurityExceptionThrows a SecurityException at run time if the security requirement is not met.

(继承自 CodeAccessPermission)
IStackWalk.Assert()

断言调用代码可以访问当前权限对象所标识的资源,即使尚未对堆栈中的高级调用方授予访问该资源的权限。Asserts that the calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource.

(继承自 CodeAccessPermission)
IStackWalk.Demand()

在运行时确定调用堆栈中的所有调用方是否已被授予当前权限对象所指定的权限。Determines at run time whether all callers in the call stack have been granted the permission specified by the current permission object.

(继承自 CodeAccessPermission)
IStackWalk.Deny()

将导致通过调用代码传递的当前对象的每个 Demand() 失败。Causes every Demand() for the current object that passes through the calling code to fail.

(继承自 CodeAccessPermission)
IStackWalk.PermitOnly()

导致所有对象的每个 Demand()(除了通过调用代码的当前那个)失败,即使调用堆栈中较高级别的代码已被授予访问其他资源的权限也是如此。Causes every Demand() for all objects except the current one that pass through the calling code to fail, even if code higher in the call stack has been granted permission to access other resources.

(继承自 CodeAccessPermission)

适用于