Assembly Loading Wrappers

Several methods used to load managed code, including Assembly.Load, load assemblies with the evidence of the caller. If you wrap any of these methods, the security system could use your code's permission grant, instead of the permissions of the caller to your wrapper, to load the assemblies. You should not allow less-trusted code to load code that is granted higher permissions than those of the caller to your wrapper.

Any code that has full trust or significantly higher trust than a potential caller (including an Internet-permissions-level caller) could weaken security in this way. If your code has a public method that takes a byte array and passes it to Assembly.Load, thereby creating an assembly on the caller's behalf, it might break security.

This issue applies to the following API elements: