// The entry point for the code example. static void Main() { // Get the display name of the executing assembly, to use when // creating objects to run code in application domains. //<Snippet14> String asmName = typeof(Worker).Assembly.FullName; //</Snippet14> // Create the permission set to grant to other assemblies. In this // case they are the permissions found in the Internet zone. //<Snippet2> Evidence ev = new Evidence(); ev.AddHostEvidence(new Zone(SecurityZone.Internet)); PermissionSet pset = new NamedPermissionSet("Internet", SecurityManager.GetStandardSandbox(ev)); //</Snippet2> // For simplicity, set up the application domain to use the // current path as the application folder, so the same executable // can be used in both trusted and untrusted scenarios. Normally // you would not do this with real untrusted code. //<Snippet3> AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = "."; //</Snippet3> // Create an application domain in which all code that executes is // granted the permissions of an application run from the Internet. //<Snippet5> AppDomain ad = AppDomain.CreateDomain("Sandbox", ev, adSetup, pset, null); //</Snippet5> // Create an instance of the Worker class in the partially trusted // domain. Note: If you build this code example in Visual Studio, // you must change the name of the class to include the default // namespace, which is the project name. For example, if the project // is "AnonymouslyHosted", the class is "AnonymouslyHosted.Worker". //<Snippet12> Worker w = (Worker)ad.CreateInstanceAndUnwrap(asmName, "Worker"); //</Snippet12> // Emit a simple dynamic method that prints "Hello, World!" //<Snippet13> w.SimpleEmitDemo(); //</Snippet13> // Emit and invoke a dynamic method that calls a private method // of Worker, with JIT visibility checks enforced. The call fails // when the delegate is invoked. w.AccessPrivateMethod(false); // Emit and invoke a dynamic method that calls a private method // of Worker, skipping JIT visibility checks. The call fails when // the method is invoked. w.AccessPrivateMethod(true); // Unload the application domain. Add RestrictedMemberAccess to the // grant set, and use it to create an application domain in which // partially trusted code can call private members, as long as the // trust level of those members is equal to or lower than the trust // level of the partially trusted code. AppDomain.Unload(ad); //<Snippet7> pset.SetPermission( new ReflectionPermission( ReflectionPermissionFlag.RestrictedMemberAccess)); //</Snippet7> //<Snippet8> ad = AppDomain.CreateDomain("Sandbox2", ev, adSetup, pset, null); //</Snippet8> // Create an instance of the Worker class in the partially trusted // domain. w = (Worker)ad.CreateInstanceAndUnwrap(asmName, "Worker"); // Again, emit and invoke a dynamic method that calls a private method // of Worker, skipping JIT visibility checks. This time compilation // succeeds because of the grant for RestrictedMemberAccess. w.AccessPrivateMethod(true); // Finally, emit and invoke a dynamic method that calls an internal // method of the String class. The call fails, because the trust level // of the assembly that contains String is higher than the trust level // of the assembly that emits the dynamic method. w.AccessPrivateMethod(); }