tags:

views:

29

answers:

1
+1  Q: 

How can I use CAS in .NET 4 to lock down my MEF extensions?

I have an application in .NET 4 that uses MEF for extensibility. My main application has three assemblies: Host, Application and Contracts.

Host is the "boot-strapping" executable that creates the container and does the composition.

Application contains the logic of my application, and more extension points for 3rd parties.

Contracts contains the interfaces (and some helper classes) that are used in the extension points.

Therefore, someone developing a 3rd party application has to include a reference to Contracts, but not to Application.

I'm thinking that my security model should look like this:

  1. Host and Application should be SecurityCritical
  2. Contracts should be SecuritySafeCritical
  3. All 3rd party extensions should be SecurityTransparent

I think that 1. will be satisfied by default. I know that I can implement 2. with an assembly attribute. The question is, how do I enforce rule 3.? Does the operating system do this automatically by flagging all downloaded extensions as untrusted? Is it possible for a downloaded extension assembly to become fully trusted?

+1  A: 

If your application is running in full trust, then by default your extensions will be running in full trust and be able to do anything they want. It won't matter what the security attributes on them are. To limit what extensions can do, you need to create a sandbox appdomain. You would set your Host and Application as fully trusted in that AppDomain and all other code would only have the permissions you grant it.

Here's an MSDN article on this topic: How to: Run Partially Trusted Code in a Sandbox

Daniel Plaisted  2010-08-04 06:04:42
I'm thinking it's a lost cause. Anyone who writes a 3rd party extension and packages it into an install file and gets the owner of the PC to execute the install file will be able to run their code in full trust. MEF doesn't let you load extension assemblies into their own app domain. Maybe it's possible for me to load my very critical code (containing security keys, etc.) into *its* own app domain.
Scott Whitlock  2010-08-08 17:25:41
@Scott You can design your app so that 3rd party extensions are a package that your app understands instead of executable install files. Then you have your app manage the extensions and don't let it execute code on install. MEF doesn't do anything specific with AppDomains, but you can still create a sandboxed AppDomain and then create a MEF container within that AppDomain. Or you could look at System.Addin (MAF), which does handle creating plugins in different AppDomains. MAF is quite complicated though, so it might be easier to roll your own sandboxing with MEF.
Daniel Plaisted  2010-08-08 18:12:40

related questions

Using MEF to import a WPF DataTemplate?
Choosing between MEF and MAF (System.AddIn)
MEF creation policy
How can I use Rhino Mocks to mock a MEF export?
How can I set PrivateBinPath in MEF?
Where should I put the interfaces for MEF?
Which layer should be responsible from loading plugins?
Implementing MEF with ASP.NET MVC?
Something like MEF (Managed Extensibility Framework) for .NET Framework 2.0
What happened to MEF type, "AttributedAssemblyPartCatalog"?
Is MEF OSGi for .NET?
Winforms with MEF
Casting interfaces and MEF
MEF: Unable to import in other classes?
MEF on Mono doesn't work properly?
Is MEF Microsoft's version of Lua?
Is MEF a dependency injection framework ?
Ideas for an extensible (addins/plugins) WCF service host?
MEF, creating Import's tree when a branch is requested
[C# / MEF] Making imports available around your code.
Composite Oriented Programming (COP), .NET 4.0, MEF, and the Oslo Repository
Is MEF about UI? If not, why are all examples about GUI composition?
Is MEF a replacement for System.Addin?
MEF (Managed Extensibility Framework) vs IoC/DI
Whither Managed Extensibility Framework for .NET?