Loading untrusted assemblies

Question

My application has a plug-in model that allows third-party developers to write assemblies that will execute in the main application. Up until now, the practical use has been to allow only trusted developers to provide add-ins.

I'd like to expose the framework to untrusted developers. To do that, I'd like to restrict the assemblies to in-memory operation that doesn't touch any of the local resources (hardware, the Registry, databases, etc) and is only allowed to use a maximum amount of memory.

Currently, with the trusted assemblies, I'm just using Assembly.Load and reflection to instantiate the object. What I need is a good primer on how to restrict permissions on code loaded from an external assembly.

Answer 1

Basically you need to load the assembly into a separate AppDomain. It prettymuch explains how to do that and how to restrict the loading of other assemblys into the new AppDomain in the MSDN documentation. You'll need to read up on CAS as well. That allows you to provide an API to the loaded assemply while restricting which methods it can call at different trust levels.

Answer 2

http://msdn.microsoft.com/en-us/library/ms972968.aspx - Shows how to load the plugins into a separate AppDomain.

http://msdn.microsoft.com/en-us/library/ms130766.aspx - This overload for creating the AppDomain would allow you to specify which permissions the plugin would have when not trusted.