2

My application has a plug-in model that allows third-party developers to write assemblies that will execute in the main application. Up until now, the practical use has been to allow only trusted developers to provide add-ins.

I'd like to expose the framework to untrusted developers. To do that, I'd like to restrict the assemblies to in-memory operation that doesn't touch any of the local resources (hardware, the Registry, databases, etc) and is only allowed to use a maximum amount of memory.

Currently, with the trusted assemblies, I'm just using Assembly.Load and reflection to instantiate the object. What I need is a good primer on how to restrict permissions on code loaded from an external assembly.

Improve this question
1

2 Answers 2

Reset to default
2

http://msdn.microsoft.com/en-us/library/ms972968.aspx - Shows how to load the plugins into a separate AppDomain.

http://msdn.microsoft.com/en-us/library/ms130766.aspx - This overload for creating the AppDomain would allow you to specify which permissions the plugin would have when not trusted.

Improve this answer
1

Basically you need to load the assembly into a separate AppDomain. It prettymuch explains how to do that and how to restrict the loading of other assemblys into the new AppDomain in the MSDN documentation. You'll need to read up on CAS as well. That allows you to provide an API to the loaded assemply while restricting which methods it can call at different trust levels.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.