.NET/Security:限制运行时加载的程序集访问某些 API
在 shell 应用程序中,我需要能够在运行时加载和执行其他 .NET 程序集,但不给予它们完全信任。本质上,我想限制它们(加载的程序集)接触任何系统资源(线程、网络等),唯一的例外是隔离存储。然而,来自“我”的程序集需要在完全信任的情况下执行。
我一直在考虑代码访问安全性,但我不太确定它是我应该使用的。
你会怎么做呢?
In a shell application, I need to be able to load and execute other .NET assemblies at runtime, but without giving them full trust. Essentially, I want to limit them (the loaded assemblies) from touching any system resources (threading, networking, etc), with the only exception being isolated storage. However, assemblies which are from "me" need to be executed with full trust.
I've been considering Code Access Security, but I'm not quite sure it's what I should use.
How would you go about this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CAS 几乎就是您所需要的。更具体地说,您希望将程序集加载到其自己的应用程序域中:
阅读应用程序域、各个区域以及分配给它们的默认权限集。 Internet 是系统定义的可用区域/权限集中限制最严格的区域,其中程序集仍然可以实际执行(还有“受限区域”;落入此区域的程序集无法运行)。您可以使用 .NET 配置工具创建权限集并定义代码必须满足才能被授予权限集的条件(证据)。
CAS is pretty much what you need here. More specifically, you want to load the assembly in its own Application Domain:
Read up on Application Domains, the various zones, and the default permission sets assigned to them. Internet is the most restrictive of the system-defined zones/permission sets available in which assemblies can still actually execute (there's also the Restricted zone; assemblies falling into this zone cannot run). You can use the .NET Configuration tool to create permission sets and define the conditions (evidence) that code must satisfy to be granted the permission set.