Code Access Security and Partially Trusted Code RRS feed

  • Question

  • Hi Everyone,

    I’m working on a hosting application which is supposed to run uploaded assemblies in a sandbox environment. Basically, all I need is to create AppDomain and load assemblies with partial trust permissions similar to how it is described here (sorry, can't post links)

    I don’t want to use any framework like MAF because seems like all I need can be done by using AppDomains.

    But I’m confused by the “Caution” block in this article:

    Can anybody explain what it really means? Is there any issues with using AppDomains to run partially trusted code?


    Friday, October 14, 2016 12:07 PM


  • Hi lgor VS,

    >> Code Access Security in .NET Framework should not  be used as a mechanism for enforcing security boundaries based on code origination or other identity aspects.

    >>We advise against loading and executing code of unknown origins without putting alternative security measures in place.

    In the caution block: There are some application-level bugs which can violate the AppDomain restrictions. For example, an arbitrary file write bug could cause a secondary AppDomain to load a DLL or other executable object, leading to a compromise of both parts of the application. It is now generally considered insecure to host any kind of untrusted code. From above message, as far as I know Code Access Security (CAS) has become deprecated in .NET due to its ineffectiveness and difficulty of implementation. Microsoft provides advice should you absolutely need to host untrusted code, but generally this is more focused upon using closed-source 3rd party libraries for which you have no security metrics.

    Best regards,

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Edited by Kristin Xie Monday, October 17, 2016 2:23 AM
    • Marked as answer by Igor VS Monday, October 17, 2016 6:41 AM
    Monday, October 17, 2016 2:21 AM