c# - Assembly fails to load in restricted AppDomain -

i trying load assembly restricted appdomain. if not specify restrictions, assembly load correctly:

var permissionset = new permissionset(system.security.permissions.permissionstate.unrestricted); appdomain targetappdomain = appdomain.createdomain("lockeddomain" + guid.newguid().tostring("n"),null,domainsetup,permissionset,null); var instance = (iremotefilterclass) targetappdomain.createinstancefromandunwrap(tempassemblypath, "compiledcode.compiledclass"); 

howevere want lock down created appdomain possible, i.e. give permissions absolutely necessary. if specify permissionset restrict permissions, assembly fails load:

var permissionset = new permissionset(system.security.permissions.permissionstate.none); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.read, tempassemblypath)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.pathdiscovery, tempassemblypath)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.read, assembly.getexecutingassembly().location)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.pathdiscovery, assembly.getexecutingassembly().location)); permissionset.addpermission(new reflectionpermission(permissionstate.unrestricted)); //not sure if necessary, not work anyway  appdomain targetappdomain = appdomain.createdomain("lockeddomain" + guid.newguid().tostring("n"),null,domainsetup,permissionset,null); var instance = (iremotefilterclass) targetappdomain.createinstancefromandunwrap(tempassemblypath, "compiledcode.compiledclass"); 

the following exception thrown:

system.io.fileloadexception: not load file or assembly '5e1a72b7c5584f7c92c18ea9b221222f, version=0.0.0.0, culture=neutral, publickeytoken=null' or 1 of dependencies. failed grant permission execute. (exception hresult: 0x80131418) ---> system.security.policy.policyexception: execution permission cannot acquired.  @ system.security.codeaccesssecurityengine.resolvegrantset(evidence evidence, int32& specialflags, boolean checkexecutionpermission)  --- end of inner exception stack trace ---     @ system.reflection.runtimeassembly._nload(assemblyname filename, string codebase, evidence assemblysecurity, runtimeassembly locationhint, stackcrawlmark& stackmark, intptr pprivhostbinder, boolean throwonfilenotfound, boolean forintrospection, boolean suppresssecuritychecks)    @ system.reflection.runtimeassembly.nload(assemblyname filename, string codebase, evidence assemblysecurity, runtimeassembly locationhint, stackcrawlmark& stackmark, intptr pprivhostbinder, boolean throwonfilenotfound, boolean forintrospection, boolean suppresssecuritychecks)    @ system.reflection.runtimeassembly.internalloadassemblyname(assemblyname assemblyref, evidence assemblysecurity, runtimeassembly reqassembly, stackcrawlmark& stackmark, intptr pprivhostbinder, boolean throwonfilenotfound, boolean forintrospection, boolean suppresssecuritychecks)    @ system.reflection.runtimeassembly.internalloadfrom(string assemblyfile, evidence securityevidence, byte[] hashvalue, assemblyhashalgorithm hashalgorithm, boolean forintrospection, boolean suppresssecuritychecks, stackcrawlmark& stackmark)    @ system.reflection.assembly.loadfrom(string assemblyfile, evidence securityevidence)    @ system.activator.createinstancefrominternal(string assemblyfile, string typename, boolean ignorecase, bindingflags bindingattr, binder binder, object[] args, cultureinfo culture, object[] activationattributes, evidence securityinfo)    @ system.appdomain.createinstancefrom(string assemblyfile, string typename)    @ system.appdomain.createinstancefromandunwrap(string assemblyname, string typename)    @ system.appdomain.createinstancefromandunwrap(string assemblyname, string typename) 

it seems if there still permissions missing, have no idea ones missing.

it necessary add securitypermission securitypermissionflag.execution set.

here working code:

var permissionset = new permissionset(system.security.permissions.permissionstate.none); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.read, tempassemblypath)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.pathdiscovery, tempassemblypath)); //the following line fixed code permissionset.addpermission(new securitypermission(securitypermissionflag.execution));   appdomain targetappdomain = appdomain.createdomain("lockeddomain" + guid.newguid().tostring("n"),null,domainsetup,permissionset,null); var instance = (iremotefilterclass) targetappdomain.createinstancefromandunwrap(tempassemblypath, "compiledcode.compiledclass"); 

(source: https://social.msdn.microsoft.com/forums/vstudio/en-us/23a9197e-3581-4a28-912d-968004488773/how-to-change-permissions-of-appdomain?forum=clr)