views:

35

answers:

1

I want to know if this is inherently possible:

Think of a cloud scenario. I allow users to upload their .net code onto my server. However to manage things on my server I can't allow users to write code which make direct calls to methods such as HttpWebRequest.Create().

If the user has written such a code it would mean he/she is trying to contact another web service (for e.g.). My objective is to have these services served via another server, but still have the main server work on other incoming requests.

I want to block calls to HttpWebRequest.Create(). Instead I will provide some interface for the user to make such calls. What kind of solution can I think of for this problem?

PS: I am more of .net 2.0 oriented. Please be specific if you answer deals with a higher version

+1  A: 

Have a look at Code Access Security (http://msdn.microsoft.com/en-us/library/930b76w0(VS.71).aspx or http://www.codeproject.com/KB/security/UB_CAS_NET.aspx)

You could create a new restricted AppDomain where your customers code is executed.

EDIT: If you want to provide a kind of API which implements methods that need HttpWebRequest then I would suggest to create a Service (which has all rights) and your API calls that Service. In that service you could implement any restrictions you want.

Arthur
what if I exposed an interface which had a call to HttpWebRequest.Create()? I'd actually want that to execute...
deostroll