Re: More granular use of Dns and Socket Permission classes

From: Nicole Calinoiu (calinoiu)
Date: 12/13/04 

Date: Mon, 13 Dec 2004 08:47:32 -0500

DnsPermission essentially acts as a simple boolean switch. You've either
got it or you don't, and no refinements/subsets are possible.

SocketPermission is more flexible, and it does allow permissions to be
defined at the port level. However, you can't specify a port range as in
your example. Instead, you need to either specify a single port or all
ports. For details on declarative specification of SocketPermission, see
the help topic for SocketPermissionAttribute at
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemnetsocketpermissionattributeclasstopic.asp.

HTH,
Nicole

"Novice" <6tc1ATqlinkDOTqueensuDOTca> wrote in message
news:46B0CE5E-CF69-4A46-834C-B710C11B0839@microsoft.com...
> Hey all, I'm trying to figure out how to use declarative security requests
> to
> only restrict a portion of both DNS and socket addresses.
>
> In other words, currently in my application I have:
> [assembly:SocketPermission(SecurityAction.RequestMinimum,
> Unrestricted=true)]
> [assembly:DnsPermission(SecurityAction.RequestMinimum,Unrestricted=true)]
>
> But, I know that with FileIOPermission you can do things like:
> [assembly:FileIOPermission(SecurityAction.RequestMinimum,
> Read="c:\\temp")]
>
> Is there any way of indiciating a similar restriction for Socket and Dns -
> something like:
> [assembly:SocketPermission(SecurityAction.RequestMinimum, Read="1-1024")]
> or
> [assembly:DnsPermission(SecurityAction.RequestMinimum,Read="www.yahoo.com")]
>
> Thanks,
> Novice