.NET Core limit plugin permissions

Question

In .NET Framework, I'm able to load plugins (dll's) into their own AppDomains, limit the permissions that the App Domin has (only able to read from a given directory, for example), and safely execute these plugins. With the removal of AppDomain support in .NET core, is there any way to achieve something like this now?

Answer 1

Let's refer to an official sources. Here is a quote from "Sandboxing" section of Porting to .NET Core article:

Why was it discontinued? Sandboxing, i.e. relying on the runtime or the framework to constrain which resources a managed application can access, is considered a non-goal for .NET Core. Sandboxing applications and components is also really hard to get right, which is why generally recommend customers not to rely on it. It also makes the implementation more complicated and often negatively affects performance of applications that don’t use sandboxing. Hence, we do not offer sandboxing features in .NET Core.

What should I use instead? Use operating system provided security boundaries, such as user accounts for running processes with the least set of privileges.

So the proper way to have a correct isolation for an untrusted plugin, is to load it in separate process launched under restricted user account. Of course, it complicates the things, especially in sharing the state and communication between the host and plugin. However .Net Core does not offer any other approach for this moment.