AppDomain.IsFullyTrusted Property

Definition

Gets a value that indicates whether assemblies that are loaded into the current application domain execute with full trust.

C#
public bool IsFullyTrusted { get; }

Property Value

.NET Framework only: true if assemblies that are loaded into the current application domain execute with full trust; otherwise, false.

.NET Core and .NET 5+: true in all cases.

Examples

The following example demonstrates the IsFullyTrusted property and the Assembly.IsFullyTrusted property with fully trusted and partially trusted application domains. The fully trusted application domain is the default application domain for the application. The partially trusted application domain is created by using the AppDomain.CreateDomain(String, Evidence, AppDomainSetup, PermissionSet, StrongName[]) method overload.

The example uses a Worker class that derives from MarshalByRefObject, so it can be marshaled across application domain boundaries. The example creates a Worker object in the default application domain. It then calls the TestIsFullyTrusted method to display the property value for the application domain and for two assemblies that are loaded into the application domain: mscorlib, which is part of the .NET Framework, and the example assembly. The application domain is fully trusted, so both assemblies are fully trusted.

The example creates another Worker object in a sandboxed application domain and again calls the TestIsFullyTrusted method. Mscorlib is always trusted, even in a partially trusted application domain, but the example assembly is partially trusted.

C#
using System;

namespace SimpleSandboxing
{
    public class Worker : MarshalByRefObject
    {
        static void Main()
        {
            Worker w = new Worker();
            w.TestIsFullyTrusted();

            AppDomain adSandbox = GetInternetSandbox();
            w = (Worker) adSandbox.CreateInstanceAndUnwrap(
                               typeof(Worker).Assembly.FullName,
                               typeof(Worker).FullName);
            w.TestIsFullyTrusted();
        }

        public void TestIsFullyTrusted()
        {
            AppDomain ad = AppDomain.CurrentDomain;
            Console.WriteLine("\r\nApplication domain '{0}': IsFullyTrusted = {1}",
                                        ad.FriendlyName, ad.IsFullyTrusted);

            Console.WriteLine("   IsFullyTrusted = {0} for the current assembly",
                             typeof(Worker).Assembly.IsFullyTrusted);

            Console.WriteLine("   IsFullyTrusted = {0} for mscorlib",
                                        typeof(int).Assembly.IsFullyTrusted);
        }

        // ------------ Helper method ---------------------------------------
        static AppDomain GetInternetSandbox()
        {
            // Create the permission set to grant to all assemblies.
            System.Security.Policy.Evidence hostEvidence = new System.Security.Policy.Evidence();
            hostEvidence.AddHostEvidence(new System.Security.Policy.Zone(
                                                         System.Security.SecurityZone.Internet));
            System.Security.PermissionSet pset =
                                System.Security.SecurityManager.GetStandardSandbox(hostEvidence);

            // Identify the folder to use for the sandbox.
            AppDomainSetup ads = new AppDomainSetup();
            ads.ApplicationBase = System.IO.Directory.GetCurrentDirectory();

            // Create the sandboxed application domain.
            return AppDomain.CreateDomain("Sandbox", hostEvidence, ads, pset, null);
        }
    }
}

/* This example produces output similar to the following:

Application domain 'Example.exe': IsFullyTrusted = True
   IsFullyTrusted = True for the current assembly
   IsFullyTrusted = True for mscorlib

Application domain 'Sandbox': IsFullyTrusted = False
   IsFullyTrusted = False for the current assembly
   IsFullyTrusted = True for mscorlib
 */

Remarks

.NET Framework only: This method always returns true for the default application domain of an application that runs on the desktop. It returns false for a sandboxed application domain that was created by using the AppDomain.CreateDomain(String, Evidence, AppDomainSetup, PermissionSet, StrongName[]) method overload, unless the permissions that are granted to the application domain are equivalent to full trust.

Applies to

Produit Versions
.NET Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9
.NET Framework 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Standard 2.0, 2.1