AppDomain.SetAppDomainPolicy(PolicyLevel) Method

Definition

Caution

AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.

Establishes the security policy level for this application domain.

public:
 virtual void SetAppDomainPolicy(System::Security::Policy::PolicyLevel ^ domainPolicy);
public void SetAppDomainPolicy (System.Security.Policy.PolicyLevel domainPolicy);
[System.Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
[System.Security.SecurityCritical]
public void SetAppDomainPolicy (System.Security.Policy.PolicyLevel domainPolicy);
abstract member SetAppDomainPolicy : System.Security.Policy.PolicyLevel -> unit
override this.SetAppDomainPolicy : System.Security.Policy.PolicyLevel -> unit
[<System.Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")>]
[<System.Security.SecurityCritical>]
abstract member SetAppDomainPolicy : System.Security.Policy.PolicyLevel -> unit
override this.SetAppDomainPolicy : System.Security.Policy.PolicyLevel -> unit
Public Sub SetAppDomainPolicy (domainPolicy As PolicyLevel)

Parameters

domainPolicy
PolicyLevel

The security policy level.

Implements

Attributes

Exceptions

domainPolicy is null.

The security policy level has already been set.

The operation is attempted on an unloaded application domain.

Examples

The following example demonstrates how to use the SetAppDomainPolicy method to set the security policy level of an application domain.

using namespace System;
using namespace System::Threading;
using namespace System::Security;
using namespace System::Security::Policy;
using namespace System::Security::Permissions;
int main()
{
   
   // Create a new application domain.
   AppDomain^ domain = System::AppDomain::CreateDomain( "MyDomain" );
   
   // Create a new AppDomain PolicyLevel.
   PolicyLevel^ polLevel = PolicyLevel::CreateAppDomainLevel();
   
   // Create a new, empty permission set.
   PermissionSet^ permSet = gcnew PermissionSet( PermissionState::None );
   
   // Add permission to execute code to the permission set.
   permSet->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
   
   // Give the policy level's root code group a new policy statement based
   // on the new permission set.
   polLevel->RootCodeGroup->PolicyStatement = gcnew PolicyStatement( permSet );
   
   // Give the new policy level to the application domain.
   domain->SetAppDomainPolicy( polLevel );
   
   // Try to execute the assembly.
   try
   {
      
      // This will throw a PolicyException if the executable tries to
      // access any resources like file I/O or tries to create a window.
      domain->ExecuteAssembly( "Assemblies\\MyWindowsExe.exe" );
   }
   catch ( PolicyException^ e ) 
   {
      Console::WriteLine( "PolicyException: {0}", e->Message );
   }

   AppDomain::Unload( domain );
}
using System;
using System.Threading;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;

namespace AppDomainSnippets
{
    class ADSetAppDomainPolicy
    {
        static void Main(string[] args)
        {
            // Create a new application domain.
            AppDomain domain = System.AppDomain.CreateDomain("MyDomain");
            
            // Create a new AppDomain PolicyLevel.
            PolicyLevel polLevel = PolicyLevel.CreateAppDomainLevel();
            // Create a new, empty permission set.
            PermissionSet permSet = new PermissionSet(PermissionState.None);
            // Add permission to execute code to the permission set.
            permSet.AddPermission
                (new SecurityPermission(SecurityPermissionFlag.Execution));
            // Give the policy level's root code group a new policy statement based
            // on the new permission set.
            polLevel.RootCodeGroup.PolicyStatement = new PolicyStatement(permSet);
            // Give the new policy level to the application domain.
            domain.SetAppDomainPolicy(polLevel);
            
            // Try to execute the assembly.
            try
            {
                // This will throw a PolicyException if the executable tries to
                // access any resources like file I/O or tries to create a window.
                domain.ExecuteAssembly("Assemblies\\MyWindowsExe.exe");
            }
            catch(PolicyException e)
            {
                Console.WriteLine("PolicyException: {0}", e.Message);
            }

            AppDomain.Unload(domain);
        }
    }
}
open System
open System.Security
open System.Security.Policy
open System.Security.Permissions

// Create a new application domain.
let domain = AppDomain.CreateDomain "MyDomain"

// Create a new AppDomain PolicyLevel.
let polLevel = PolicyLevel.CreateAppDomainLevel()
// Create a new, empty permission set.
let permSet = PermissionSet PermissionState.None
// Add permission to execute code to the permission set.
permSet.AddPermission(SecurityPermission SecurityPermissionFlag.Execution) |> ignore
// Give the policy level's root code group a new policy statement based
// on the new permission set.
polLevel.RootCodeGroup.PolicyStatement <- PolicyStatement permSet
// Give the new policy level to the application domain.
domain.SetAppDomainPolicy polLevel

// Try to execute the assembly.
try
    // This will throw a PolicyException if the executable tries to
    // access any resources like file I/O or tries to create a window.
    domain.ExecuteAssembly "Assemblies\\MyWindowsExe.exe"
    |> ignore
with :? PolicyException as e ->
    printfn $"PolicyException: {e.Message}"

AppDomain.Unload domain
Imports System.Threading
Imports System.Security
Imports System.Security.Policy
Imports System.Security.Permissions



Class ADSetAppDomainPolicy
   
   Overloads Shared Sub Main(args() As String)
      ' Create a new application domain.
      Dim domain As AppDomain = System.AppDomain.CreateDomain("MyDomain")
      
      ' Create a new AppDomain PolicyLevel.
      Dim polLevel As PolicyLevel = PolicyLevel.CreateAppDomainLevel()
      ' Create a new, empty permission set.
      Dim permSet As New PermissionSet(PermissionState.None)
      ' Add permission to execute code to the permission set.
      permSet.AddPermission(New SecurityPermission(SecurityPermissionFlag.Execution))
      ' Give the policy level's root code group a new policy statement based
      ' on the new permission set.
      polLevel.RootCodeGroup.PolicyStatement = New PolicyStatement(permSet)
      ' Give the new policy level to the application domain.
      domain.SetAppDomainPolicy(polLevel)
      
      ' Try to execute the assembly.
      Try
         ' This will throw a PolicyException if the executable tries to
         ' access any resources like file I/Q or window creation.
         domain.ExecuteAssembly("Assemblies\MyWindowsExe.exe")
      Catch e As PolicyException
         Console.WriteLine("PolicyException: {0}", e.Message)
      End Try
      
      AppDomain.Unload(domain)
   End Sub
End Class

Remarks

Call this method before an assembly is loaded into the AppDomain in order for the security policy to have effect.

Applies to