2

i've written a plugin manager for my app , it utilizes codedom to compile c# code into a class library and instanciate its types. it works perfectly , and now i wish to restrict the permissions on the compiled assembly.unfortunatly i dont know how to do so. as far as i understand i should use CompilerParameters.Evidence in some way, but it is unclear to me of how. for te sake of clearity , i dont wish to simply categorize the assmbly as a certain zone, i want to limit it to a permission set that is passed as an argument in the plugin managers constructor. i also would like to mention that i do not load the assembly into a new appdomin , it is executed on the same domain as the rest of the application.

thanks.

Amir
  • 21
  • 2
  • Exactly 1 year later I have the same question. Did you have any luck finding an answer? – Glenn Dec 24 '10 at 10:43
  • How to do this with .NET Framework 4.0? CompilerParameters.Evidence is deprecated now.. any ideas? – Willy Jan 17 '13 at 17:24

1 Answers1

1

CodeDOM examples that handle security are tricky to google. After several hours of reading I have found two approaches.

The best seems to be the Managed Addin Framework because it is designed for exactly your use case senario. Restrict plug-in assembly code access

CAS (Code Access Security) is also an option but it appears to be less popular and on the way out. Here is an example lifted from this [SO post][3]

var myEvidence = new Evidence(new object[] {SecurityZone.Internet});
var newDomain = AppDomain.CreateDomain("InternetDomain");
myDomain.Load("MyUntrustedAssembly.dll", myEvidence);
myDomain.CreateInstanceAndUnwrap("MyUntrustedAssembly","MyUntrustedObjectType");

CAS References .NET/Security: Limiting runtime-loaded assemblies from accessing certain APIs http://www.gamedev.net/community/forums/topic.asp?topic_id=418038 http://www.go4answers.com/Example/codedom-security-64586.aspx

Community
  • 1
  • 1
Glenn
  • 1,234
  • 2
  • 19
  • 33