Limiting what a .net plugin can access

Posted by David Hogue on Stack Overflow See other posts from Stack Overflow or by David Hogue
Published on 2010-04-14T23:33:19Z Indexed on 2010/04/15 0:03 UTC
Read the original article Hit count: 163

Filed under:
|
|

I have a web application that can load plugins through reflection. It currently uses Assembly.LoadFrom() and Activator.CreateInstance() to get this done. Right now plugins are loaded into the same AppDomain and have access to anything in my app and anything my app could access.

What I'm looking for is a way to limit what classes and methods the plugin can access for security purposes. I want to have all of my classes and methods throw an exception when called unless they are whitelisted. I'd be whitelisting basically all the functions in an API class and a few data transfer objects.

I also don't want the plugin to be able to access the filesystem or the database on it's own. I think I can do that with trust levels in a separate AppDomain though.

Does anyone out there have any good ideas or resources? Is this something that could be done with Code Access Security or the new Security-Transparent Code features in .net 4?

© Stack Overflow or respective owner

Related posts about c#

Related posts about plugin