https://stackoverflow.com/questions/17920338
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSee this article.
Basically you need to create an AppDomain that uses a custom PermissionSet...which locks down the kind of things the .NET application has permission to do.
There are different ways to create one.
You can use a obtain a predefined one as defined by an existing Code Group Zone (Intranet, Internet, MyComputer, etc), or you can create your own one.
That can be done programmatically, or it could be done with caspol.exe.
When you create this secondary AppDomain it actually "lives" within the same Windows process as your application....NET just provides an "isolation" layer that keeps each AppDomain seperated. If you are ultra paranoid and don't trust that isolation layer, then you could create a new Windows process and run your DLL inside that one....though that might be taking it a bit far.
To restrict access that the AppDomain has to Windows resources (files, registry, etc), you can change the Windows Security Principal i.e. get it to be run under a different Windows Account which has lower privileges.
Probably off on a tangent here...but some other things that might help...depending on what you are trying to achieve...
If you have sensitive information that you want to minimize being discoverable (e.g. by someone trawling through memory), then use SecureString.
If you want to prevent any of your "code" or "data" being paged out to disk (into the page file), then you can use a custom CLR Host so that it keeps it all in physical memory.
