Home/ Questions/Q 3942650
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T00:41:19+00:00

I am working through the Microsoft .Net Framework–Application Development Foundation Training Kit book Chapter

  • 0

I am working through the Microsoft .Net Framework–Application Development Foundation Training Kit book Chapter 8 Lesson 2: Configuring Application Domains

ShowWinIni being the assembly name for the program I want to execute

object[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);

// Create an AppDomain.
AppDomain d = AppDomain.CreateDomain("New Domain", e);

// Run the assembly
d.ExecuteAssemblyByName("ShowWinIni");

When I execute:

AppDomain d = AppDomain.CreateDomain("New Domain", e);

I get the following message:
“This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the NetFx40_LegacySecurityPolicy configuration switch. Please see http://go.microsoft.com/fwlink/?LinkID=155570 for more information.”

I can execute the assembly fine when I create an AppDomain without an Evidence object.

Of course, I visited http://go.microsoft.com/fwlink/?LinkID=155570 but I am still confused as to how to create an application domain with specified privileges.

The next most helpful site I found was http://msdn.microsoft.com/en-us/library/bb763046.aspx but my StrongName object computes to NULL.

StrongName fullTrustAssembly =
     typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();

Program being the name of the class implementing all this code.

Thanks in advance for your advice and tips!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found a way to make the original code example work without having to enable NetFX40_LegacySecurityPolicy.

    EvidenceBase[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);

AppDomain d = AppDomain.CreateDomain("New Domain", e);

d.ExecuteAssemblyByName("ShowWinIni");

    This will not work if you change the SecurityZone to Internet, it will try to use the obsoleted CAS security policy resulting in a NotSupportedException. What I want is a SecurityException… meaning that the assembly I want to execute does not have the permissions it needs.

    To execute an assembly in an AppDomain with restricted permissions, you need to use sandboxing. The best example of sandboxing I found is here:
    http://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0—part-i/

    I think that page also explains the changes made to CAS in 4.0 very well!

    Many sources, including MSDN, had me convinced I needed to provide a StrongName array when calling: 

    AppDomain.CreateDomain( string friendlyName,
                        Evidence securityInfo,
                        AppDomainSetup info,
                        PermissionSet grantSet,
                        params StrongName[] fullTrustAssemblies);

    As stated in my original post, I was (and still am) having trouble getting a StrongName object instead of null. Turns out I didn’t even need it!

    This is my completed example for sandboxing: 

    Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Internet));
PermissionSet internetPS = SecurityManager.GetStandardSandbox(ev);

AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted);

AppDomain newDomain = AppDomain.CreateDomain("Sandbox Domain", null, adSetup, internetPS);

newDomain.ExecuteAssemblyByName(untrustedAssembly);

    pathToUntrusted = a string representation of the file path to my assembly

    untrustedAssembly = a string representation of the assembly name

    • 0