Introduction
previously used the process boundary to isolate applications running on the same computer. Each application is loaded into a separate process so that the application is isolated from other applications running on the same computer.
The reason for isolating these applications is that the memory address is related to the process; in the target process, the memory pointer passed from one process to another cannot be used in any meaningful manner. In addition, you cannot call directly between two processes. You must use the agent to provide a certain degree of indirectity.
Managed code
The hosting code must first pass a verification process before you can run (unless the administrator has authorized the verification). This verification process will verify the following: Does these codes try access to invalid memory addresses? Whether it will try to perform some other operations that can't lead the process (the process when the code is running) does not work properly? The code for this verification test will be considered to be type security. Since the public language runtime can verify that the code is a type of secure code, it can provide a quarantine level as the process boundary, and its performance overhead is much lower.
Application domain provides security and generic processing units, and the public language runtime can use it to provide isolation between applications. You can run several application domains in a single process with the same isolation level (existing in a separate process) without the additional overhead of process calls or inter-process switches. The ability to run multiple applications in a process has significantly enhanced the scalability of the server.
Isolation Application
Isolation application is also important for application security. For example, you can run controls in several web applications in a single browser process, while allowing these controls to access each other's data and resources.
The isolation provided by the application domain has the following advantages:
The error that appears in an application does not affect other applications. Because the type of secure code does not cause memory errors, use the application domain to ensure that the code running in a domain does not affect other applications in the process.
can stop a single application without stopping the entire process. Using the application domain allows you to uninstall the code running in a single application.
Note You cannot uninstall a single assembly or type. Only the entire field can only be uninstalled.
Isolated
The code running in an application cannot directly access code or resources in other applications. To enforce this isolation, the public language runtime is prohibited from being directly called between objects in different application domains. To transfer objects between domains, you can copy these objects or access these objects via proxy. If the object is copied, the call to the object is local call. That is, the caller and the referenced object are located in the same application domain. If you access an object by proxy, the call to the object is remotely called. In this case, the caller and the referenced object are located in different application domains. The remote call structure used in the domain inter-process is the same as the call between the two processes or the call structure between the two computers.
The scope of action of code behavior is determined by the application it runs. In other words, the application domain will provide configuration settings such as application version policies, where it is accessible, and the location information of the assembly loaded into this domain.
Permissions granted to the code can be controlled by the application domain where the code is running.