3

The following Code works fine for an admin account but for an non admin account it prints success twice then throws an System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions. Anyone have any insight to why this is?

FYI the actual use case here is multiple applications using the same PGM Address and Socket. to push (via multicast) real time updates. This Proof of concept that this isnt caused by our own libraries.

class Program {
    static void Main(string[] args) {

        IPAddress ipAddr = IPAddress.Parse("239.0.0.2");
        IPEndPoint end = new IPEndPoint(ipAddr, 40002);
        Socket[] _sockets = new[] {
            new Socket(AddressFamily.InterNetwork, SocketType.Rdm, (ProtocolType)113 ),
            new Socket(AddressFamily.InterNetwork, SocketType.Rdm, (ProtocolType)113 ),
            new Socket(AddressFamily.InterNetwork, SocketType.Rdm, (ProtocolType)113 )
        };

        foreach (var socket in _sockets)
        {
            socket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReuseAddress, true);
            socket.Bind(end);
            Console.WriteLine("Success");
        }

        Console.ReadLine();
    }

}

Harald K
  • 26,314
  • 7
  • 65
  • 111
Wegged
  • 2,383
  • 20
  • 26
  • Why exactly do you need more than one socket bound to the same endpoint? Seems redundant to me. Perhaps I'm not understanding your intent. Why can't you just use one socket? Does the production one use different endpoints? Also, since this is a permissions issue, its related to the platform you're running on. Windows Server something maybe? – Wug Jul 31 '12 at 19:32
  • @Wug what is going on here is we have multiple applications using the same address. We noticed that the third application raises this exception. In fact if you run 3 instances of this program binding one socket each I would expect the same behavior. This is being run on windows 7. – Wegged Jul 31 '12 at 20:09
  • 1
    It's probably a limitation intentionally imposed on non-administrative users to prevent abuse. – Wug Jul 31 '12 at 20:20

1 Answers1

3

Well I finally got word from Microsoft on this and there is no workaround.

I was able to find the line where your request was denied.

[0] 22E8.1554::08/15/2012-10:05:19.015 [sys] address_c491 PgmCreateAddress() - PgmCreateAddress: ERROR -- Non-admin user trying to open 2+1 handle for IP:Port=

With a little code review, I was able to verify that only three principals are granted access, and they are Administrators, LocalService and NetworkService. Apart from being a member of Administrators, there is no workaround.

I know this wasn’t the answer you wanted to hear, but at least now you have a confirmed answer.

Wegged
  • 2,383
  • 20
  • 26