Reputation: 71101
Sandboxing a .NET Assembly - Upload a DLL and then Reflection
I'd like to write an MVC application that allows someone in our development group to upload a .NET assembly, and then I want to reflect over the .dll to gather information from it. I want to do this safely. Never loaded an assembly like this in a "sandbox". What is the correct way to do it?
Upvotes: 3
Views: 678
Answers (1)
Reputation: 141588
If all you want to do is inspect metadata than you can use Assembly.ReflectionOnlyLoadFrom. Loading an assembly with this API loads the assembly, but none of the code inside of it is executable:
You cannot execute code from an assembly that has been loaded into the reflection-only context. To execute the code, load the assembly with the LoadFile method.
You may want to do this in a new AppDomain if you need to be able to unload the assembly. Assemblies cannot be unloaded, but AppDomains containing them can.
If you need to execute some code, but want to ensure the library doesn't do anything bad, you can load a new AppDomain and use code permissions to restrict the AppDomain. This CodeProject Article gives a nice walk-through on how to do it.
Upvotes: 4
Related Questions
- Loading/Injecting .Net Assembly into existing .net process?
- Good way to preload .NET assembly
- How to load an .exe as a .NET assembly?
- Loading External Assembly using reflection
- C# Reflection - Consuming a dll in other machine
- Is there a way to use reflection to examine an assembly in isolation?
- Modify and run existing .NET assembly without saving to disk
- C# Load Sandboxed Assembly
- C# In Memory Assembly to DLL File
- Loading Assemblies from a .Net Application in a 'Sandbox Environment'