SecurityManager.GetStandardSandbox Method (Evidence)

.NET Framework (current version)
 

Gets a permission set that is safe to grant to an application that has the provided evidence.

Namespace:   System.Security
Assembly:  mscorlib (in mscorlib.dll)

Public Shared Function GetStandardSandbox (
	evidence As Evidence
) As PermissionSet

Parameters

evidence
Type: System.Security.Policy.Evidence

The host evidence to match to a permission set.

Return Value

Type: System.Security.PermissionSet

A permission set that can be used as a grant set for the application that has the provided evidence.

Exception Condition
ArgumentNullException

evidence is null.

System_CAPS_noteNote

In the .NET Framework 4, the host evidence in evidence must contain System.Security.Policy.Zone evidence.

The following table shows the permission sets that are returned for each zone.

Zone

Permission set

MyComputer

FullTrust

Intranet

LocalIntranet

Trusted

Internet

Internet

Internet

Untrusted

None

NoZone

None

Other evidence, such as Url or Site, may be considered.

The returned permission set can be used by a sandbox to run the application. Note that this method does not specify policy, but helps a host to determine whether the permission set requested by an application is reasonable. This method can be used to map a zone to a sandbox.

The following example shows how to use the GetStandardSandbox method to obtain the permission set for a sandboxed application. For more information about running an application in a sandbox, see How to: Run Partially Trusted Code in a Sandbox.

Imports System
Imports System.Collections
Imports System.Diagnostics
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Policy
Imports System.Reflection
Imports System.IO



Class Program

    Shared Sub Main(ByVal args() As String) 
        ' Create the permission set to grant to other assemblies.
        ' In this case we are granting the permissions found in the LocalIntranet zone.
        Dim e As New Evidence()
        e.AddHostEvidence(New Zone(SecurityZone.Intranet))
        Dim pset As PermissionSet = SecurityManager.GetStandardSandbox(e)

        Dim ads As New AppDomainSetup()
        ' Identify the folder to use for the sandbox.
        ads.ApplicationBase = "C:\Sandbox"
        ' Copy the application to be executed to the sandbox.
        Directory.CreateDirectory("C:\Sandbox")
        File.Copy("..\..\..\HelloWorld\bin\debug\HelloWorld.exe", "C:\sandbox\HelloWorld.exe", True)

        ' Create the sandboxed domain.
        Dim sandbox As AppDomain = AppDomain.CreateDomain("Sandboxed Domain", e, ads, pset, Nothing)
        sandbox.ExecuteAssemblyByName("HelloWorld")

    End Sub 'Main
End Class 'Program

.NET Framework
Available since 4.0
Return to top
Show: