Re: Restrict access to application from "outside"
- From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
- Date: Mon, 10 Jul 2006 09:45:22 -0400
"cody" <deutronium@xxxxxx> wrote in message
I have an application consisting of one exe file and 20+ DLL's.
Now I want to dynamically load plugins in my application. But the plugins
must not be able to access my code except through some special interface I
Is it possible to user code access security for this purpose? I do not
understand the principles of it and do not know where to start from.
It's possible to use CAS to restrict the permissions of plug-ins. One would
generally use a sandboxing approach as described at
http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx. In order to
prevent the plug-in assemblies from accessing your application's code in
"unexpected" ways, you would want to ensure that they are denied permission
to reflect into low-visibility members (ReflectionPermission\MemberAccess),
as well as adding demands for a permission that the plug-ins will not be
able to meet to all types and/or members in your assemblies that they should
not be using. This would usually take the form of a demand for an identity
permission such as StrongNameIdentityPermission. However, you should
probably keep in mind that type-level demands do not protect fields, so you
will want to ensure that any fields that they should not touch are of
private or internal visibility.