Chapter 3. Application Domains

Application domains play a critical role in the implementation of the Microsoft .NET Framework’s security model. Although you will rarely need to work directly with application domains when writing simple applications, they become an essential program element once you start writing more complex systems—in particular, systems that utilize and manipulate the code-access security (CAS) mechanism of the Microsoft .NET Common Language Runtime (CLR).


Only highly trusted code can manipulate application domains—we discuss the specific permissions required to carry out various operations in Chapter 5, Chapter 6, and Chapter 7. For now, it is enough to know that applications running from the hard drive of your machine can utilize all of the techniques we describe here as long as you have not modified .NET’s default security policy.

Application Domains Explained

To ensure application and operating system security and stability, it is necessary to isolate concurrently executing applications from each other. Application isolation ensures that one application cannot purposefully or inadvertently modify the memory, or access the resources owned by another. Traditionally, operating systems isolate applications by running each application in its own process, and providing each process with its own virtual memory space and resource handles. Memory references are associated with a single process, and therefore code cannot obtain a reference that affects the memory ...

Get Programming .NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.