What is the easiest way to load up an assembly, instantiate a class from it, but do so in a way that the assembly has limited privileges (sandboxed)? The code should not be able to communicate across the network, write to the file system, or execute processes.
UPDATE I just stumbled upon Assembly.LoadFrom(string assemblyFile, Evidence securityEvidence) Can this be used at all? Not sure I under this evidence thing.
You need to load it in its own AppDomain.
Here is an article describing the entire process.
Another option, but not 100% reliable, would be to on rely CAS deny tokens on the call stack.
Presumably the first initial method on the loaded class would invoked by code under your control, you could then use a Deny security action to prevent the method from accessing certain parts of the .NET framework.
the code would be something along these lines:
[SecurityPermission(SecurityAction.Deny, Flags = SecurityPermissionFlag.NoFlags ^ SecurityPermissionFlag.Assertion)]
void CallExternalAssemblyClass(ExternalClass c)
{
c.SomeMethod();
}
The suggested solution has a few caveats, it assumes that you are not using Silverlight and there is a potential security risk, if the assembly was written using specially crafted CIL assembly.
The benefit gained is that you can avoid using separate AppDomains and the marshalling issues involved with multiple AppDomains.