This documentation is archived and is not being maintained.

SocketPermission Class

Controls rights to make or accept connections on a transport address.

Namespace:  System.Net
Assembly:  System (in System.dll)

public final class SocketPermission extends CodeAccessPermission implements IUnrestrictedPermission

SocketPermission instances control permission to accept connections or initiate Socket connections. A Socket permission can be established for a host name or IP address, a port number, and a transport protocol.


Avoid creating socket permissions using host names, as these names have to be resolved to IP addresses, and this might block the stack.

The following example demonstrates how to use the SocketPermission class to set, change, and enforce various socket access restrictions.

No code example is currently available or this language may not be supported.
// Creates a SocketPermission restricting access to and from all URIs.
SocketPermission *mySocketPermission1 = new SocketPermission(PermissionState::None);

// The socket to which this permission will apply will allow connections from
mySocketPermission1->AddPermission(NetworkAccess::Accept, TransportType::Tcp, "", 11000);

// Creates a SocketPermission which will allow the target Socket to connect with
SocketPermission *mySocketPermission2 =
    new SocketPermission(NetworkAccess::Connect, TransportType::Tcp, "", 11002);

// Creates a SocketPermission from the union of two SocketPermissions.
SocketPermission *mySocketPermissionUnion = 
    __try_cast<SocketPermission *>(mySocketPermission1->Union(mySocketPermission2));

// Checks to see if the union was successfully created by using the IsSubsetOf method.
if (mySocketPermission1->IsSubsetOf(mySocketPermissionUnion) && 
    Console::WriteLine("This union contains permissions from both mySocketPermission1 and mySocketPermission2"); 

    // Prints the allowable accept URIs to the console.
    Console::WriteLine("This union accepts connections on :");

    IEnumerator *myEnumerator = mySocketPermissionUnion->AcceptList;
    while (myEnumerator->MoveNext()) {
        Console::WriteLine(__try_cast<EndpointPermission *>(myEnumerator->Current)->ToString());

    // Prints the allowable connect URIs to the console.
    Console::WriteLine("This union permits connections to :");

    myEnumerator = mySocketPermissionUnion->ConnectList;
    while (myEnumerator->MoveNext()) {
        Console::WriteLine(__try_cast<EndpointPermission *>(myEnumerator->Current)->ToString());


// Creates a SocketPermission from the intersect of two SocketPermissions.
SocketPermission *mySocketPermissionIntersect = 
    __try_cast<SocketPermission *>(mySocketPermission1->Intersect(mySocketPermissionUnion));

// mySocketPermissionIntersect should now contain the permissions of mySocketPermission1.
if (mySocketPermission1->IsSubsetOf(mySocketPermissionIntersect)){
    Console::WriteLine("This is expected");
// mySocketPermissionIntersect should not contain the permissios of mySocketPermission2.
if (mySocketPermission2->IsSubsetOf(mySocketPermissionIntersect)){
    Console::WriteLine("This should not print");

// Creates a copy of the intersect SocketPermission.
SocketPermission *mySocketPermissionIntersectCopy = 
    __try_cast<SocketPermission *>(mySocketPermissionIntersect->Copy());

if (mySocketPermissionIntersectCopy->Equals(mySocketPermissionIntersect)){
    Console::WriteLine("Copy successfull");

// Converts a SocketPermission to XML format and then immediately converts it back to a SocketPermission.

// Checks to see if permission for this socket resource is unrestricted.  If it is, then there is no need to
// demand that permissions be enforced.
if (mySocketPermissionUnion->IsUnrestricted()){

    //Do nothing.  There are no restrictions.

    // Enforces the permissions found in mySocketPermissionUnion on any Socket Resources used below this statement. 

IPHostEntry *myIpHostEntry = Dns::Resolve("");
IPEndPoint *myLocalEndPoint = new IPEndPoint(myIpHostEntry->AddressList[0], 11000);

Socket *s = new Socket(myLocalEndPoint->Address->AddressFamily,
    SocketType::Stream, ProtocolType::Tcp);
catch (Exception *e){
    Console::Write("Exception Thrown: ");

// Perform all socket operations in here.


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0