What can an ApplicationTrust tell us about an AppDomain

In v2.0, there is a new ApplicationTrust property on the AppDomain class.  This property will be non-null in two conditions

  1. Your application is a ClickOnce application

  2. Your code is running in a simple sandbox domain

In the ClickOnce case, the ApplicationTrust object will contain the permission set that was specified in the application manifest, the identity of the running application, and a flag indicating if the decision to trust the application (the application must have been trusted for your code to even be running 🙂 ) was saved into the application cache.  There's also an IsApplicationTrustedToRun flag -- but for obvious reasons that's always going to be true.

If you're in a simple sandboxed domain, the DefaultGrantSet property will contain the sandbox permission set; the other properties are not meaningful.

In either scenario, your assembly is either running with the DefaultGrantSet (plus some identity permissions), or it's running with FullTrust.  Since reading the ApplicationTrust property requires ControlDomainPolicy it's likely that if you didn't get the object to inspect from some FullTrust code that your code itself is fully trusted.

Obviously if the ApplicationTrust object is null then neither of the above two scenarios apply, and your code is running in a standard AppDomain and is not a ClickOnce application.

Comments (0)

Skip to main content