SecurityManager.CurrentThreadRequiresSecurityContextCapture Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Determines whether the current thread requires a security context capture if its security state has to be re-created at a later point in time.
public:
static bool CurrentThreadRequiresSecurityContextCapture();
public static bool CurrentThreadRequiresSecurityContextCapture ();
[System.Security.SecurityCritical]
public static bool CurrentThreadRequiresSecurityContextCapture ();
static member CurrentThreadRequiresSecurityContextCapture : unit -> bool
[<System.Security.SecurityCritical>]
static member CurrentThreadRequiresSecurityContextCapture : unit -> bool
Public Shared Function CurrentThreadRequiresSecurityContextCapture () As Boolean
Returns
false
if the stack contains no partially trusted application domains, no partially trusted assemblies, and no currently active PermitOnly() or Deny() modifiers; true
if the common language runtime cannot guarantee that the stack contains none of these.
- Attributes
Remarks
You can use the CurrentThreadRequiresSecurityContextCapture method before you cache sensitive data that is obtained after successful security demands.
If the Assert method has been called higher on the stack, the data should not be cached without capturing the corresponding security context. Otherwise, sensitive data that is obtained under an Assert may become available to code that is no longer be running with that Assert in place.
Important
The return value is reliable only when it is false
, which means that the thread is guaranteed not to require a security context capture. The method may return true when a security context capture is not necessary, to avoid security vulnerabilities.
CurrentThreadRequiresSecurityContextCapture is security-critical because its main use is to avoid unnecessary security context captures, which indicates that the code using it is security-sensitive and must be audited.
Applies to
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈