Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust – the same as native applications – when you execute them directly. That change doesn’t mean that managed code can no longer be sandboxed however – far from it. Hosts such as ASP.NET and ClickOnce continue to use the CLR to sandbox untrusted code. Additionally, any application can continue to create AppDomains to sandbox code in. As part of our overhaul of security policy in v4, we made some interesting changes to how that sandboxing should be accomplished as well. In previous releases, the CLR provided a variety of ways to sandbox code – but many of theme were problematic to use correctly. In the v4 framework, we made it a goal to simplify and standardize how sandboxing should be done in managed code.
See the original post:
Sandboxing in .NET 4.0