A single process can run several application domains.
þ A single managed process (one which has loaded the CLR) can contain any number of AppDomains.
þ The simplest only contain one.
o Are a finer-grained level of isolation between logical components inside the same process, for both reliability and security purposes.
o They are a good alternative to Process-Level Isolation because of the relative inexpensiveness of Creating, Managing, And Switching execution and due to the level of Resource Sharing among AppDomains in a process.
o AppDomains within a process are not entirely isolated. While they do generally load their own assemblies and have their own copies of static variables, for example, resource leaks from one AppDomain can affect another and HANDLE-thieving security holes are possible because AppDomains share a single per-process handletable. AppDomains can be shut down individually while still keeping the enclosing process alive.