Limiting what a .net plugin can access
Posted
by David Hogue
on Stack Overflow
See other posts from Stack Overflow
or by David Hogue
Published on 2010-04-14T23:33:19Z
Indexed on
2010/04/15
0:03 UTC
Read the original article
Hit count: 167
I have a web application that can load plugins through reflection. It currently uses Assembly.LoadFrom()
and Activator.CreateInstance()
to get this done. Right now plugins are loaded into the same AppDomain and have access to anything in my app and anything my app could access.
What I'm looking for is a way to limit what classes and methods the plugin can access for security purposes. I want to have all of my classes and methods throw an exception when called unless they are whitelisted. I'd be whitelisting basically all the functions in an API class and a few data transfer objects.
I also don't want the plugin to be able to access the filesystem or the database on it's own. I think I can do that with trust levels in a separate AppDomain though.
Does anyone out there have any good ideas or resources? Is this something that could be done with Code Access Security or the new Security-Transparent Code features in .net 4?
© Stack Overflow or respective owner