Is there a way to load a .NET Assembly into a Sandbox environment that is also restricted in custom ways? I know you can run an Assembly in a different AppDomain, but can you limit it from being able to do certain things that you want to restrict?
For example: I want to be able to load up a Plugin (simple, just defined via a specific interface) within a separate Assembly within an ASP.NET application, but I only want the plugin to be able to access certain Data Access Layer component and not be able to connect to any databases directly. I'm thinking about the scenario of having a single application instance hosting multiple clients data, and I only want the plugin to be able to access the data for the specific client/user that is currently logged in.
Anyone have any ideas on how to do this?
I found the following question here on SO on how to load an Assembly in a Sandbox, but it doesn't talk about adding any custom restrictions of the Sandbox:
Update: It looks like you can set a very specific "PermissionSet" when calling the "AppDomain.CreateDomain", but I'm not exactly sure what permissions I'd need to set to allow/disallow the specified permission above. There's also this article on MSDN: http://msdn.microsoft.com/en-us/library/bb763046.aspx
Also, I'm looking to do this in .NET 2.0/3.5
Any other ideas, other than using System.AddIn?