Limiting what a .net plugin can access
- by David Hogue
I have a web application that can load plugins through reflection. It currently uses Assembly.LoadFrom() and Activator.CreateInstance() to get this done. Right now plugins are loaded into the same AppDomain and have access to anything in my app and anything my app could access.
What I'm looking for is a way to limit what classes and methods the plugin can access for security purposes. I want to have all of my classes and methods throw an exception when called unless they are whitelisted. I'd be whitelisting basically all the functions in an API class and a few data transfer objects.
I also don't want the plugin to be able to access the filesystem or the database on it's own. I think I can do that with trust levels in a separate AppDomain though.
Does anyone out there have any good ideas or resources? Is this something that could be done with Code Access Security or the new Security-Transparent Code features in .net 4?