sandbox - Sandboxing untrusted code in c#, Security Permissions seem not working -

this code:

system.security.permissionset ps = new system.security.permissionset(permissionstate.none); ps.addpermission(new fileiopermission(fileiopermissionaccess.allaccess,path)); ps.addpermission(new securitypermission(securitypermissionflag.execution)); appdomainsetup ads = new appdomainsetup(); ads.applicationbase= path;            appdomain domain = appdomain.createdomain("pluging", null, ads, ps, null);             assembly asm = assembly.loadfrom(path + "macrobase.dll"); domain.load(asm.fullname); macrobase.macrobase em = (macrobase.macrobase)domain.createinstanceandunwrap(asm.fullname, "macrobase.macrobase"); em.application(1); 

parameter path has address of floder contains dll. right "d:\programming projects\server3\macros\c7b465b2-8314-4c7e-be3c-10c0185b4ac6" copy of macrobase.dll inside guid folder. appdomain loads dll , runs method application.

i expected last line not able access c:\ due fileiopermissionaccess applied @ beginning, mentioned method:

macrobase.application(int i) {      system.io.file.readallbytes("c:\\test1_v.103.xls"); } 

runs if unrestricted.

based on article microsoft: how to: run partially trusted code in sandbox have tried following format no better results(it can access c:):

system.security.permissionset ps = new system.security.permissionset(permissionstate.none); ps.addpermission(new fileiopermission(fileiopermissionaccess.allaccess,path)); ps.addpermission(new securitypermission(securitypermissionflag.execution)); appdomainsetup ads = new appdomainsetup(); ads.applicationbase= path;            appdomain domain = appdomain.createdomain("pluging", null, ads, ps, null);             assembly asm = assembly.loadfrom(path + "macrobase.dll"); domain.load(asm.fullname); system.runtime.remoting.objecthandle handle = activator.createinstancefrom(domain, path + "macrobase.dll", "macrobase.macrobase"); macrobase.macrobase m = (macrobase.macrobase)handle.unwrap(); m.application(1); 

macrobase.macrobase placeholder future macros. placed inside dll called macrobase.dll . right contains dummy code:

namespace macrobase {     [serializable]     public class macrobase     {         public void application(int i)         {              list<int> i1 = new system.collections.generic.list<int>() { 1,2,3,4};              system.io.file.readallbytes("c:\\test1_v.103.xls");             switch(i)             {                 case 0:                     break;                 case 1:                     break;                 default:                     break;             }         }     } } 

your class marked [serializable] , not derive marshalbyrefobject, means when instance thru application domain boundaries, serialized , deserialized in target domain. code executed in current domain rather in separate domain. should derive macrobase.macrobase class marshalbyrefobject, make code executed in separate domain.