Click here to Skip to main content
13,256,716 members (51,741 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


2 bookmarked
Posted 5 Jun 2014

What are the Changes in .NET 4.0 Security Model & What is Sandboxing?

, 5 Jun 2014
Rate this:
Please Sign up or sign in to vote.
What are the Changes in .NET 4.0 Security Model & What is Sandboxing?

CAS is completely deprecated in .NET 4.0 and there are 2 big changes done in .NET 4.0:

  1. Granting of permission is dependent on the host and not the CAS Model.
  2. Introduction of Security Transparent Model. In this .NET code is divided in 3 kinds of code:

I. Security Critical Code

A full trusted code is known as Security Critical Code and it has full access to my system. We need to ensure that this code is not called by unsafe code (Security Transparent Code).To create a code as Security Critical, we have to put “[assembly: SecurityCritical()]” attribute in Properties->Assemblyinfo.cs.

II. Security Transparent Code

A code which you feel unsafe is known as Security Transparent Code. To create a code as Security Critical, we have to put “[assembly: SecurityTransparent()]” attribute in Properties->Assemblyinfo.cs.

III Security Safe Critical Code

A Bridge between Security Transparent Code and Security Critical Code to access Security Critical Code via Security Transparent Code.

Security Transparent model is good if the code control is in our hands.


If you want to execute an untrusted third party DLL, you can create your own “Appdomain” and assign permission set so that your third party DLL runs under a control environment. This process is called sandboxing.

To implement Sandboxing, first we have to create the object of “PermissionSet” and assign Permissions as per our requirement, then we have to create “AppDomain” object with the permissionset object we created and in this “AppDomain” object, we will put that class in which we want to implement Sandboxing. (See the video for a practical implementation.)


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Akash Ashok Jain
Software Developer (Senior)
India India
I am "Akash Jain" working in IT Industry from last 6 years. From the beginning of my career I worked with C# for both windows and web application. In my short career I worked for 2 Major ERP Applications, e-commerce applications, CMS based applications and also few static websites.

I am a MCP for web application for ASP.NET 4.0. I have also done PMP training as project management is one of my interest area.

You may also be interested in...


Comments and Discussions

GeneralMy vote of 2 Pin
Qwertie13-Jun-14 7:37
memberQwertie13-Jun-14 7:37 
QuestionItem 2 Pin
Paulo Zemek11-Jun-14 6:14
professionalPaulo Zemek11-Jun-14 6:14 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.171114.1 | Last Updated 6 Jun 2014
Article Copyright 2014 by Akash Ashok Jain
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid