System.Security.IStackWalk Interface

Assembly: Mscorlib.dll
Namespace: System.Security
Summary
Manages the stack walk that determines whether all callers in the call stack have the required permissions to access a protected resource.
C# Syntax:
public interface IStackWalk
Remarks
Partially trusted code always presents a security risk. It can sometimes be manipulated to perform actions on behalf of malicious code that does not have permission to access a resource. In this way, malicious code can achieve higher security access than it should be allowed.

The common language runtime protects managed code from these attacks by running a stack walk on all calls. The stack walk requires that all code in the call stack has permission to access a protected resource. Because the code attempting the attack will always be somewhere in the call stack, it will be unable to exceed its own security permissions.

See also:
System.Security Namespace

System.Security.IStackWalk Member List:

Public Methods
Assert Asserts that the calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource.
Demand Determines at run time whether all callers in the call stack have been granted the permission specified by the current permission object.
Deny Causes every IStackWalk.Demand for the current object that passes through the calling code to fail.
PermitOnly Causes every IStackWalk.Demand for all objects except the current one that passes through the calling code to fail, even if code higher in the call stack has been granted permission to access other resources.

System.Security.IStackWalk Member Details

Method: Assert()
Summary
Asserts that the calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource.
C# Syntax:
void Assert();
Exceptions
Exception Type Condition
SecurityException The calling code does not have SecurityPermissionFlag.Assertion.
Remarks
Calling IStackWalk.Assert stops the permission check on callers higher in the call stack. Therefore, even if these callers do not have the requisite permissions, they can still access resources. An assertion is effective only if the code that calls IStackWalk.Assert passes the security check for the permission that it is asserting.

A call to IStackWalk.Assert is effective until the calling code returns to its caller or until a subsequent call to IStackWalk.Assert renders the previous assertion ineffective. Also, CodeAccessPermission.RevertAssert or CodeAccessPermission.RevertAll removes a pending IStackWalk.Assert.

IStackWalk.Assert is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack calls IStackWalk.Demand for that permission, a SecurityException is thrown when the stack walk reaches the code that tried to call IStackWalk.Assert. This happens because the code that called IStackWalk.Assert has not been granted the permission, even though it tried to IStackWalk.Assert it.

Because calling IStackWalk.Assert removes the requirement that all code in the call chain must be granted permission to access the specified resource, it can open up security vulnerabilities if used incorrectly or inappropriately. Therefore, it should be used with great caution.
See also:
MSDN: assert | MSDN: overridingsecuritychecks

Return to top


Method: Demand()
Summary
Determines at run time whether all callers in the call stack have been granted the permission specified by the current permission object.
C# Syntax:
void Demand();
Exceptions
Exception Type Condition
SecurityException A caller higher in the call stack does not have the permission specified by the current permission object.

-or-

A caller in the call stack has called IStackWalk.Deny on the current permission object.

Remarks
This method is typically used by secure libraries to ensure that callers have permission to access a resource. For example, a file class in a secure class library calls IStackWalk.Demand for the necessary FileIOPermission before performing a file operation requested by the caller.

The permissions of the code that calls this method are not examined; the check begins from the immediate caller of that code and proceeds up the stack. IStackWalk.Demand succeeds only if no SecurityException is raised.

See also:
MSDN: makingsecuritydemands

Return to top


Method: Deny()
Summary
Causes every IStackWalk.Demand for the current object that passes through the calling code to fail.
C# Syntax:
void Deny();
Remarks
This method prevents callers higher in the call stack from accessing the protected resource through the code that calls this method, even if those callers have been granted permission to access it. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

IStackWalk.Deny can limit the liability of the programmer or prevent accidental security vulnerabilities because it prevents the method that calls IStackWalk.Deny from being used to access the resource protected by the denied permission. If a method calls IStackWalk.Deny on a permission, and if a IStackWalk.Demand for that permission is invoked by a caller lower in the call stack, that security check will fail when it reaches the IStackWalk.Deny.

IStackWalk.Deny is ignored for a permission not granted because a demand for that permission will not succeed.



Notes to inheritors: You cannot override this method.
See also:
MSDN: deny | MSDN: overridingsecuritychecks

Return to top


Method: PermitOnly()
Summary
Causes every IStackWalk.Demand for all objects except the current one that passes through the calling code to fail, even if code higher in the call stack has been granted permission to access other resources.
C# Syntax:
void PermitOnly();
Remarks
IStackWalk.PermitOnly is similar to IStackWalk.Deny, in that both cause stack walks to fail when they would otherwise succeed. The difference is that IStackWalk.Deny specifies permissions that will cause the stack walk to fail, but IStackWalk.PermitOnly specifies the only permissions that do not cause the stack walk to fail. Call this method to ensure that your code can be used to access only the specified resources.

IStackWalk.PermitOnly is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack later calls IStackWalk.Demand for that permission, a SecurityException is thrown when the stack walk reaches the code that tried to call IStackWalk.PermitOnly. This is because the code that called IStackWalk.PermitOnly has not been granted the permission, even though it called IStackWalk.PermitOnly for that permission. The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack.

See also:
MSDN: permitonly | MSDN: overridingsecuritychecks

Return to top


Top of page

Copyright (c) 2002 Microsoft Corporation. All rights reserved.