Restricted Permission AppDomain Grant Set Issue

I have some code that dynamically compiles a Razor templates into an Assembly which I execute with a set of permissions (no access to files, etc).

This works on our development computers and on our test server (Windows 2008 IIS7 x64 .NET 4). But on our production server (Same spec) it gives the error:

"Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401)"

Here is the code: -

    public static SandboxContext Create(string pathToUntrusted, List<Assembly> references)
    {
        AppDomainSetup adSetup = new AppDomainSetup();
        adSetup.ShadowCopyFiles = "true";
        var dir = new DirectoryInfo(pathToUntrusted);
        String tempPath = Path.Combine(Path.GetTempPath(), dir.Name + "_shadow");            
        adSetup.CachePath = tempPath;


        // Our sandbox needs access to this assembly.
        string AccessPath = Path.Combine(System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath, "bin\\CommonInterfaces.WebPages.dll");
        System.IO.File.Copy(AccessPath, Path.Combine(pathToUntrusted, "CommonInterfaces.WebPages.dll"), true);
        var baseDir = Path.GetFullPath(pathToUntrusted);
        adSetup.ApplicationBase = baseDir;
        adSetup.PrivateBinPath = baseDir;

        adSetup.PartialTrustVisibleAssemblies =
            new string[] { 
                typeof(System.Web.WebPageTraceListener).Assembly.FullName,
                typeof(System.Web.Razor.RazorEngineHost).Assembly.FullName};

        //Setting the permissions for the AppDomain. We give the permission to execute and to 
        //read/discover the location where the untrusted code is loaded.
        PermissionSet permSet = new PermissionSet(PermissionState.None);
        permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

        //We want the sandboxer assembly's strong name, so that we can add it to the full trust list.
        StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();

        Evidence evidence = new Evidence();

        //Now we have everything we need to create the AppDomain, so let's create it.
        AppDomain newDomain = AppDomain.CreateDomain("Sandbox", evidence, adSetup, permSet, fullTrustAssembly);

        ObjectHandle handle = Activator.CreateInstanceFrom(
            newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
            typeof(Sandboxer).FullName
            );
        //Unwrap the new domain instance into a reference in this domain and use it to execute the 
        //untrusted code.
        var newDomainInstance = (Sandboxer)handle.Unwrap();
        return new SandboxContext(newDomain, newDomainInstance);
    }

Any ideas why it would be different on one server? I just installed all the outstanding windows update on the broken server and it did not help.

If I change the PermissionSet to: -

        PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);

All the code works (but presumable with a security problem)

This error usually happens when you try to load an assembly into an existing AppDomain two times with different set of permissions. The $1M question is what assembly it is, and what AppDomain.

I don't have a complete answer to that, but you can look into the following things:

• What sandboxed assemblies (if any) get loaded into your main app domain because of marshalling?
• If you have your own server code, does it specify LoadOptimizationAttribute?
• Does your development server and your production server use different isolation levels?
• Are there any other applications on the production server that share some of your assemblies?

You can also try to install remote debugging runtime on the server, attach debugger to the process that hosts your application, and check directly what gets loaded there in what domain. You may need SOS debugging extensions for that.

http://msdn.microsoft.com/en-us/library/bb190764.aspx