http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspxLast week I showed how to create an AppDomain with a limited set of permissions . I also presented an easy way to create a StrongNameMembershipCondition . Now I'll put the two together to make an enhanced version of the sandboxed AppDomain. Why createen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#251307Wed, 03 Nov 2004 00:09:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251307Robert Hurlbut's .NET Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#251600Wed, 03 Nov 2004 11:55:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251600Kevin WestheadThanks for the sample. I have applied a slightly different approach myself where, instead of specifying a CodeGroup I use a speparate method to add StrongNames (or StrongNameMembershipConditions) for fully trusted assemblies. I then call PolicyLevel.AddFullTrustAssembly for each of them before creating the AppDomain. I guess the advantage of this approach is that it allows greater flexibility per assembly, e.g. you might want another assembly to run under LocalIntranet instead of Internet or FullTrust.http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#251689Wed, 03 Nov 2004 17:42:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251689Robert Hurlbut's .NET Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#251738Wed, 03 Nov 2004 16:32:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:251738ShawnHi Kevin, <br> <br>I've actually been planning a post on what that full trust list means, its for a different purpose than what you've been using it for. To accomplish what you're trying to do I would write a method that got a strnong name membership condition fore each assembly and matched them to the correct permission set. Then make all of those code groups children of a big union code group that granted all code nothing. <br> <br>-Shawnhttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#252546Thu, 04 Nov 2004 22:28:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:252546Kevin WestheadThanks for the extra info Shawn. I look forward to your posts about evidence and full trust.http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#253133Sat, 06 Nov 2004 00:06:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:253133Jonathan de HalleuxBookmarked...http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#253596Sun, 07 Nov 2004 19:40:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:253596LFFullTrustAssemblies are those that implement CAS permissions. I think they are not evaluated by CAS at all. While it will work and I used it myself at first. It sounds wrong.http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#253650Mon, 08 Nov 2004 02:39:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:253650Office Development, Security, Randomness...http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#253704Mon, 08 Nov 2004 05:09:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:253704Robert Hurlbut's .NET Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#253975Mon, 08 Nov 2004 20:30:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:253975.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#254404Tue, 09 Nov 2004 16:15:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:254404Robert Hurlbut's .NET Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#267271Sat, 20 Nov 2004 20:12:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:267271Sam Gentile's Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#267277Sat, 20 Nov 2004 20:13:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:267277Sam Gentile's Bloghttp://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx#268924Wed, 24 Nov 2004 03:39:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:268924Il Blog di Paolo Pialorsi