We are provided with default configuration of app. domain. However, we can always configure it ourselves. This is important to know if we need to enhance security of our code. We can limit the damage which can be done if assembly has been compromised. For example, if Assembly has read permission then a hacker can potentially install software once Assembly is broken. On the other side if we set up Assembly in a different manner by restricting Read permission hacker will not have a chance to install malicious software via this Assembly even if Assembly was jeopardized.

Assembly has so called Evidence which contain information about code groups Assembly belongs. Code groups in this content are a folder on the drive or website. By controlling Evidence we can assign security permission to Assemblies.  In order to do so we need to create System.Security.Policy.Evidence object and pass it as a parameter to method called ExecuteAssembly.
object [] hostEvidence = {new Zone(SecurityZone.Internet)};
Evidence internetEvidence = new Evidence(hostEvidence, null);
AppDomain myAppDomain = AppDomain.CreateDomain("MyOwnDomain");
myAppDomain.ExecuteAssembly("SecondAssemblyFile.exe", internetEvidence);

If we examine above code we’ll see that assembly will run in app. domain with the permission granter to Internet_Zone which is our code_group in this case. We know that Internet_Zone is very restrictive with Internet permission set.

If we want to configure app. domain we should create App. domains with AppDomainSetup class with the following properties.

 

Name	Description
ActivationArguments	Gets or sets the activation data of an app. domain
ApplicationBase	Gets or sets the name of the root directory
ApplicationName	Gets or sets the name of the app
ApplicationTrust	Gets or sets an object containing security info
ConfigurationFile	Gets or sets the name of the config. file for an app. domain
DisallowApplicationBaseProbing	Checks if application base path and private binary path are probed when searching for assemblies to load
DisallowBindingRedirects	Gets or sets a value indicating whether an app. domain allows assembly binding redirection
DisallowCodeDownload	Gets or sets a value indicating whether HTTP download is allowed for an app. domain
DisallowPublisherPolicy	Gets or sets an indicator that the publisher policy section of the configuration file is applied to an app. domain
DynamicBase	Gets or sets the base directory
LicenseFile	Gets or sets the location of the license file
LoaderOptimization	Specifies the optimization policy
PrivateBinPath	Gets or sets the list of directories

// Construct AppDomain.
AppDomainSetup myAppDomainSetup = new AppDomainSetup();
myAppDomainSetup.ApplicationBase = "file://" + System.Environment.CurrentDirectory;
myAppDomainSetup.DisallowBindingRedirects = false;
myAppDomainSetup.DisallowCodeDownload = true;
myAppDomainSetup.ConfigurationFile = AppDomain.CurrentDomain.SetupInformation.ConfigurationFile;
// Create AppDomain
AppDomain d = AppDomain.CreateDomain("New Domain", null, myAppDomainSetup);

AppDomain.CurrentDomain.SetupInformation is used to examine properties of the App. domain.