none
need help on code access permissions for a plugin system RRS feed

  • Question

  • Hello

    I've developed a plugin system for my server based application. Users can write their own code for manipulating the main application and this code is compiled and invoked by Activatore.CreateInstance method.

    Now I want to put some restrictions on what users can do. I mean they must not be able to perform file operations, call other unmanaged code, use UI, ...

    My architecture is like this:

    public class Macrobase

    {

    public virtual void Event1(ref Data_from_Main_App a)

    {

    }

    public virtual void Event2(ref Data_from_Main_App a)

    {

    }

    ....

    }

    then each plugin is a child class of MacroBase class and these events are overriden.

    I want to add attributes like:

    [System.Security.Permissions.FileIOPermission(SecurityAction.PermitOnly,Unrestricted=false)]

    to Macrobase Class so that child customized class is restricted from doing unwanted things.

    So, what my question is?

    Getting to know all tips and tricks of security namespace seems to be a distinguished experty.  I want a quick guide about:

    1- what measures shall I take to avoid my security attributes to be overridden by child class?

    2- I need a correct sample of defining security attributes considering the fact that there is usually no condition in restricting my user c# scripts; every operation which seems dangerous to server must be restricted unconditionally for all end users/developers. e.g. is applying SecurityAction.PermitOnly,Unrestricted=false to all classes of 'System.Security.Permissions' conservatively safe?

    3- in 'System.Security.Permissions' there are classes which need vast experience of security work to understand what they do, e.g: zonidentity, hostprotection, principalpermission, etc. My question is: shall I apply a permitonly attribute by all of these classes for my pluging system? is there a brief article about it?

    Thanks in advance

    Tuesday, May 6, 2014 8:20 PM

Answers

  • Hello,

    >>1- what measures shall I take to avoid my security attributes to be overridden by child class?

    In general though you can prevent the override case by not making a property virtual in the first place or preventing further overrides by specifying the sealed modifier on the property

    public sealed override IsDeleted { get; set; }

    >> 3- in 'System.Security.Permissions' there are classes which need vast experience of security work to understand what they do, e.g: zonidentity, hostprotection, principalpermission, etc. My question is: shall I apply a permitonly attribute by all of these classes for my pluging system? is there a brief article about it?

    For using the permitonly attribute, you can refer this article:
    http://msdn.microsoft.com/en-us/library/y6abcbh4(v=vs.110).aspx

    Hope it to be helpful.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, May 8, 2014 3:52 AM
    Moderator