Trusted code creating an application domain can set the application domain policy that controls construction of the default Principal and Identity objects. This application domain-specific policy applies to all execution threads in that application domain. An unmanaged, trusted host inherently has the ability to set this policy; but managed code creating an application domain (AppDomain) must have the System.Security.Permissions.SecurityPermission(PrincipalObjectManagement) permission to set this policy.
You call the static SetPrincipalPolicy method on the AppDomain object to set the policy, passing in a PrincipalPolicy enumeration value that indicates what the new policy should be. Supported values are NoPrincipal, UnauthenticatedPrincipal, and WindowsPrincipal.