Code Access Security & Sandboxing
Most of the important base features were added in 2.0, including a simple sandboxing API, security transparency and manifest based activation. These have been used in several current and future technologies such as ClickOnce, XBAP, and SilverLight.
Sandboxing is all about loading code dynamically yet restricting what it can and cannot do. This is supported using the AppDomain class with restricted permissions. The permissions that the code in the sandbox would use were defined by the permission set in Code Access Security (CAS).