Load dll in custom appdomain in c#

1.8k views Asked by At

I want to create a sandbox mode in my c# application. I need to load a dll in my custom or user defined app domain and then execute a method from it.

I need to make sure that application cant access any of the system resources(hdd etc). It should live and die in its own memory.

Thanks

1

There are 1 answers

0
Colin Smith On BEST ANSWER

See this article.

Basically you need to create an AppDomain that uses a custom PermissionSet...which locks down the kind of things the .NET application has permission to do.

There are different ways to create one.

You can use a obtain a predefined one as defined by an existing Code Group Zone (Intranet, Internet, MyComputer, etc), or you can create your own one.

That can be done programmatically, or it could be done with caspol.exe.

When you create this secondary AppDomain it actually "lives" within the same Windows process as your application....NET just provides an "isolation" layer that keeps each AppDomain seperated. If you are ultra paranoid and don't trust that isolation layer, then you could create a new Windows process and run your DLL inside that one....though that might be taking it a bit far.

To restrict access that the AppDomain has to Windows resources (files, registry, etc), you can change the Windows Security Principal i.e. get it to be run under a different Windows Account which has lower privileges.

Probably off on a tangent here...but some other things that might help...depending on what you are trying to achieve...

If you have sensitive information that you want to minimize being discoverable (e.g. by someone trawling through memory), then use SecureString.

If you want to prevent any of your "code" or "data" being paged out to disk (into the page file), then you can use a custom CLR Host so that it keeps it all in physical memory.