Application domain works like a process works for Operating system. It keeps the application isolated from each other, the same way an operating system process works. Isolation is required so that applications do not conflict with each other. It can be done by making sure that any given unique virtual address space runs exactly one application and scopes the resources for the process or application domain using that address space.
But still this is quite different than the Operating system as it is contained within operating system process. A single CLR operating system process can contain multiple application domains. There are some major pluses to having application domains within a single process as mentioned below:
- Lower system cost many application domains can be contained within a single system process.
- The application in an application domain can be stopped without affecting the state of another
application domain running in the same process.
- A fault or exception in on application domain will not affect other application domains or crash
the entire process that hosts the application domains.
- Configuration information is part of an application domains scope, not the scope of the process.
- Each application domain can have different security access levels assigned to them, all within a
- Code in one application domain cannot directly access code in another application domain. (see below)
So you see, the CLR is like a mini-operating system. It runs a single process that contains a bunch of sub-process, or application domains.
Direct communication cannot be achieved across application domains.
Application domains can still talk to each other by passing objects via marshaling by value (unbound objects), marshaling by reference through a proxy (App Domain-bound objects).
There is a third type of object called a context-bound object which can be marshaled by reference across domains and also within the context of its own application domain because of the verifiable type-safety of managed code the CLR can provide fault isolation between domains at a much lower cost than an operating system process.