Is it possible to restrict code access for certain .NET functionality/classes?
For example, I have plugin modules for my MVC CMS. I wouldn’t want 3rd party modules able to use the File class directly. I would want to wrap it up in an API so that the module can only access files in it’s own designated ‘root’ folder (sandbox). Otherwise, the module would have file access to the entire server, including the CMS system files.
Is there a way to restrict certain namespaces from using particular features of the framework? Or is there a different approach that I should take?
To give you an overview:
The CMS namespace is MyCms
All modules take the namespace MyCms.Module.xxxxx
Modules are just standard MVC structures that are brought into the name main MVC namespace, and routes are automatically set up to route requests to the module controllers.
Therefore the modules have default access to the ASP.NET framework. I want to be able to restrict MyCms.Module.xxxxx namespaces from being able to do certain things, if that is possible.
Have I taken the wrong approach here? I’m not keen to change the infrastructure to be honest, but may be forced to if I can’t properly secure the main CMS infrastructure from naughty modules.
Yeah, the .net/ the common language runtime supports a wide set of privilege restrictions and customizations you can put in for what code can do what.
This is an overview of how it worked prior to .net 4
http://msdn.microsoft.com/en-us/library/.aspx
This is how it works now
This stuff is a little complicated and my work with it was limited to bipassing some of it for test cases I had to write, but it was written to provide precisely the functionality you seek.