我想对我的API上运行第三方.NET程序集。我想让它调用自己的方法和对象按照自己的意愿,但拒绝向他们任何东西,我的API并没有明确赋予它。特别是,如果我的API的对象传递给第三方code为 IMyObject 使用反射或任何方法,以提升该对象我不想让他们,说为MyObject 实现接口。
I would like to run a third party .NET assembly on my API. I want to let it call its own methods and objects as it wishes, but deny it access to anything that my API doesn't explicitly give it. In particular, if my API passes an object to the third party code as IMyObject I don't want them using reflection or any method to elevate that object to, say MyObject that implements the interface.
有没有办法拒绝使用反射在这个第三方组件的能力?我可以完全控制一切,所以我不需要阻止人们反编译我的程序集,只是滥用它在运行时。
Is there a way to deny the ability to use reflection in this third party assembly? I have full control of everything, so I don't need to stop people from decompiling my assembly, just abusing it at runtime.
推荐答案
您正在寻找在沙盒中运行的程序集。这可以uisng CAS($ C C访问安全性$)的净来实现。
What you are looking for is running an assembly in a sandbox. This can be achieved uisng CAS (Code Access Security) in .Net.
下面是如何工作的。您创建一个的AppDomain ,分配有限的权限给它。例如,可以使显示的用户界面,但不允许使用文件系统或反射。然后,你的程序集加载到它,并让它运行。
Here is how it works. You create an AppDomain, assign limited permissions to it. For example, you allow displaying a UI but don't allow using File System or Reflection. Then you load an assembly into it and let it run.
.NET 4.0中引入了一个全新的安全模式。但我不知道了很多关于它。
.Net 4.0 introduces a whole new security model. But I don't know a lot about it.
下面是一些让你开始:
发现技术用于安全托管不可信加载项与.NET Framework 2.0
相关推荐
最新文章