Export (0) Print
Expand All

SecurityManager.GetStandardSandbox Method

Gets a permission set that is safe to grant to an application that has the provided evidence.

Namespace:  System.Security
Assembly:  mscorlib (in mscorlib.dll)

public static PermissionSet GetStandardSandbox(
	Evidence evidence
)

Parameters

evidence
Type: System.Security.Policy.Evidence

The host evidence to match to a permission set.

Return Value

Type: System.Security.PermissionSet
A permission set that can be used as a grant set for the application that has the provided evidence.

ExceptionCondition
ArgumentNullException

evidence is null.

NoteNote

In the .NET Framework 4, the host evidence in evidence must contain System.Security.Policy.Zone evidence.

The following table shows the permission sets that are returned for each zone.

Zone

Permission set

MyComputer

FullTrust

Intranet

LocalIntranet

Trusted

Internet

Internet

Internet

Untrusted

None

NoZone

None

Other evidence, such as Url or Site, may be considered.

The returned permission set can be used by a sandbox to run the application. Note that this method does not specify policy, but helps a host to determine whether the permission set requested by an application is reasonable. This method can be used to map a zone to a sandbox.

The following example shows how to use the GetStandardSandbox method to obtain the permission set for a sandboxed application. For more information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

using System;
using System.Collections;
using System.Diagnostics;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;
using System.Reflection;
using System.IO;

namespace SimpleSandboxing
{
    class Program
    {
        static void Main(string[] args)
        {
            // Create the permission set to grant to other assemblies. 
            // In this case we are granting the permissions found in the LocalIntranet zone.
            Evidence e = new Evidence();
            e.AddHostEvidence(new Zone(SecurityZone.Intranet));
            PermissionSet pset = SecurityManager.GetStandardSandbox(e);

            AppDomainSetup ads = new AppDomainSetup();
            // Identify the folder to use for the sandbox.
            ads.ApplicationBase = "C:\\Sandbox";
            // Copy the application to be executed to the sandbox.
            Directory.CreateDirectory("C:\\Sandbox");
            File.Copy("..\\..\\..\\HelloWorld\\bin\\debug\\HelloWorld.exe", "C:\\sandbox\\HelloWorld.exe", true);

            // Create the sandboxed domain.
            AppDomain sandbox = AppDomain.CreateDomain(
               "Sandboxed Domain",
               e,
               ads,
               pset,
               null);
            sandbox.ExecuteAssemblyByName("HelloWorld");
        }
    }
}

.NET Framework

Supported in: 4.6, 4.5, 4

.NET Framework Client Profile

Supported in: 4

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft