// The entry point for the code example.
static void Main()
{
// Get the display name of the executing assembly, to use when
// creating objects to run code in application domains.
//<Snippet14>
String asmName = typeof(Worker).Assembly.FullName;
//</Snippet14>
// Create the permission set to grant to other assemblies. In this
// case they are the permissions found in the Internet zone.
//<Snippet2>
Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Internet));
PermissionSet pset = new NamedPermissionSet("Internet", SecurityManager.GetStandardSandbox(ev));
//</Snippet2>
// For simplicity, set up the application domain to use the
// current path as the application folder, so the same executable
// can be used in both trusted and untrusted scenarios. Normally
// you would not do this with real untrusted code.
//<Snippet3>
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = ".";
//</Snippet3>
// Create an application domain in which all code that executes is
// granted the permissions of an application run from the Internet.
//<Snippet5>
AppDomain ad = AppDomain.CreateDomain("Sandbox", ev, adSetup, pset, null);
//</Snippet5>
// Create an instance of the Worker class in the partially trusted
// domain. Note: If you build this code example in Visual Studio,
// you must change the name of the class to include the default
// namespace, which is the project name. For example, if the project
// is "AnonymouslyHosted", the class is "AnonymouslyHosted.Worker".
//<Snippet12>
Worker w = (Worker)ad.CreateInstanceAndUnwrap(asmName, "Worker");
//</Snippet12>
// Emit a simple dynamic method that prints "Hello, World!"
//<Snippet13>
w.SimpleEmitDemo();
//</Snippet13>
// Emit and invoke a dynamic method that calls a private method
// of Worker, with JIT visibility checks enforced. The call fails
// when the delegate is invoked.
w.AccessPrivateMethod(false);
// Emit and invoke a dynamic method that calls a private method
// of Worker, skipping JIT visibility checks. The call fails when
// the method is invoked.
w.AccessPrivateMethod(true);
// Unload the application domain. Add RestrictedMemberAccess to the
// grant set, and use it to create an application domain in which
// partially trusted code can call private members, as long as the
// trust level of those members is equal to or lower than the trust
// level of the partially trusted code.
AppDomain.Unload(ad);
//<Snippet7>
pset.SetPermission(
new ReflectionPermission(
ReflectionPermissionFlag.RestrictedMemberAccess));
//</Snippet7>
//<Snippet8>
ad = AppDomain.CreateDomain("Sandbox2", ev, adSetup, pset, null);
//</Snippet8>
// Create an instance of the Worker class in the partially trusted
// domain.
w = (Worker)ad.CreateInstanceAndUnwrap(asmName, "Worker");
// Again, emit and invoke a dynamic method that calls a private method
// of Worker, skipping JIT visibility checks. This time compilation
// succeeds because of the grant for RestrictedMemberAccess.
w.AccessPrivateMethod(true);
// Finally, emit and invoke a dynamic method that calls an internal
// method of the String class. The call fails, because the trust level
// of the assembly that contains String is higher than the trust level
// of the assembly that emits the dynamic method.
w.AccessPrivateMethod();
}
