http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspxOftentimes in an application, it's necessary to run untrusted code. The CLR lets you do this safely by placing the code in its own AppDomain and sandboxing the AppDomain to have a limited set of permissions. Usually setting up the AppDomain with the Interneten-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#248115Tue, 26 Oct 2004 23:58:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:248115.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#248116Tue, 26 Oct 2004 23:58:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:248116.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#251036Tue, 02 Nov 2004 12:31:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251036Kevin WestheadCould you elaborate on why you would assign evidence to the AppDomain? In other words, how does it make the AppDomain more secure and what potential security holes does it plug that permission sets alone cannot?http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#251241Tue, 02 Nov 2004 21:53:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251241.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#251246Tue, 02 Nov 2004 19:08:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251246ShawnHi Kevin, <br> <br>Good question ... I think I may turn this into a seperate post. The easiest example of an instance where an AppDomain needs evidence assigned to it is the case where a web page is hosting some managed code. In this case, the page might point at some code that lives on the local machine in the GAC, and therefore recieves a high level of trust. <br> <br>Now imagine that an exploit is found in this code, and by calling into a specific entry point, I can elevate my permissions and do whatever I want. Now, if my web page doesn't load any code of its own, the only code on the callstack will be the buggy component in the application. This means that if you don't take into account the AppDomain, an arbitrary web page can now exploit code sitting on my machine. <br> <br>Thankfully we do take the AppDomain into account, and all code hosted on a web page gets run in an AppDomain with a set of evidence that severly limits its permission grant. For more information about that (from the other perspective) check out: <a target="_new" href="http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx">http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx</a> <br> <br>-Shawnhttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#253973Mon, 08 Nov 2004 20:30:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:253973.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#267269Sat, 20 Nov 2004 20:12:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:267269Sam Gentile's Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#267276Sat, 20 Nov 2004 20:13:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:267276Sam Gentile's Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#393757Fri, 11 Mar 2005 04:41:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:393757.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx#449051Mon, 08 Aug 2005 20:04:35 GMT91d46819-8472-40ad-a661-2c78acb4018c:449051.Net Security BlogA while back I gave some sample code to show how to setup a sandboxed AppDomain.&amp;amp;nbsp; This technique...