Hi,
I have this small app that loads plugin type components that other users can freely upload to the server. But I don't want the users to be able to access other users files. I need to set the access of each plugin component to a restricted access.
I tried to set the access inside the plugin classes base class but even then the loaded plugin classes seem to have full file access.
I can't set the permission with a attribute because the path changes depending on who loads the page.
Here is a code snippest:
public abstract class PluginBase<T>
{
public PluginBase
{
PermissionSet ps = new PermissionSet(System.Security.Permissions.PermissionState.None);
ps.AddPermission(new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.PathDiscovery | System.Security.Permissions.FileIOPermissionAccess.Read, HttpContext.Current.Server.MapPath("/app_data/www_somesite_com")));
ps.PermitOnly();
}
}
public class SomePlugin : PluginBase<SomePlugin>
{
public SomePlugin
{
File.WriteAllText("c:\test.txt", "This should not be possible, but it is.. why?");
}
}
Many thanks in advance!