NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Application Domain Hosts

Each NGWS application runs in an application domain under the control of a host that sets up the domain and loads assemblies into it. The host has access to information about the code, such as the zone from which the code originates or the digital signatures of assemblies in the application domain. A trusted host is a host that has permission to provide the runtime with this kind of information, called evidence.

The following entities can be application domain hosts:

After creating a new application domain, a host can specify the policy it wants to be applied to code within the application domain. By specifying application domain policy, which is essentially a hierarchy of code groups, a host can reduce the set of permissions that would have been allowed by machine policy; however, the application domain policy cannot expand the set of permissions allowed by machine policy. Policy can be set only once for an application domain. Once application domain policy is set, further attempts to set application domain policy will fail. After application domain policy is set, all subsequently loaded assemblies will be granted permissions under the new policy (machine policy and user policy and application domain policy). Previously loaded assemblies will get grants under the pre-existing policy (i.e., machine and user policy only). Assemblies that were loaded into the application domain before the application domain policy is in place will not have their permission grants reevaluated under the newly set application domain policy.

If the host is trusted, it can provide information (evidence) to the runtime about assemblies that are loaded into the application domain. Typically, after the application domain is created, the host loads the first (main) assembly into the application domain and calls into that assembly to begin execution. When code in the first assembly references code in another assembly, the loader resolves the reference, loads the appropriate assembly into the application domain, and supplies the evidence about the assembly to the runtime.

The System.AppDomain class provides the application domain functionality used by hosts.