限制插件汇编代码访问 [英] Restrict plug-in assembly code access

问题描述

我想创建一个插件架构，在那里我可以限制组件API的东西非常有限，即只允许功能的白名单。
是否有可能限制装配一个插件可以调用哪些功能/方法？
我可以做的AppDomain使用它？

I'd like to create a plug-in architecture where I can limit an assemblies API to something very restricted, i.e. only allow a whitelist of functions. Is it possible to restrict what functions/methods a plug in assembly can call? Can I do it using AppDomains?

有没有人有一个简单的例子？

Does anyone have a simple example?

推荐答案

.NET有添加了管理加载项框架，可能适合该法案。它具有以下特点：

.NET has added the "Managed Addin Framework" that might fit the bill. It has the following features:

• 隔离。插件的在自己的AppDomain运行如果需要的话，甚至他们的自己的进程如果您需要隔离的那个级别。


• 合同通讯。您在安装合同，这是你发给插件作者的唯一的事情。他们不需要知道你的应用程序的任何其他方面。


• 发现。具有从全组件文件夹嗅探出插件一个内建的机制。


• 安全即可。当您加载插件CASPOLs的集合被自动应用。有内置，使这个容易（见 AddInSecurityLevel枚举）。
几个选项

• Isolation. Plugins run in their own AppDomain if desired, or even their own process if you need that level of isolation.
• Contractual communication. You setup contracts and this is the only thing you distribute to plugin authors. They need not know about any other aspect of your application.
• Discovery. Has a builtin mechanism for sniffing out plugins from a folder full of assemblies.
• Security. Sets of CASPOLs are automatically applied when you load a plugin. There are a few options builtin to make this easy (see AddInSecurityLevel Enum).

大多数方法隔离也限制了沟通和UI集成。 MAF试图绕过这些限制。它需要你安装合同的沟通管道，但将执行大部分的工作，你通常必须做你自己。

Most approaches to isolation also limit communication and UI integration. MAF attempts to get around those limitations. It requires that you setup contractual communication pipelines, but will perform most of the work you would normally have to do yourself.

一个例子是在一起的两个运行中的UI件拼接单独的进程（这是魔法）或能够提高整个一个AppDomain或处理事件。这些东西是不平凡的，但MAF有很大帮助，在这方面。

An example would be stitching together UI pieces running in two seperate processes (this is magic) or being able to raise events across an AppDomain or process. These things are non-trivial, but MAF helps a lot in this regard.

下面是一个简单的例。由于壳的作者，你会被提供了一份合同，你的插件作者。下面是一个典型的合同（这只是一个抽象类）：

Here's a simple example. As the "Shell" author, you'll be supplying a contract to your plugin authors. Here's a typical contract (it's just an abstract class):

public abstract class Calculator 
{
    public abstract double Add(double a, double b);    
    public abstract double Subtract(double a, double b);
    public abstract double Multiply(double a, double b);
    public abstract double Divide(double a, double b);
}

如果插件作者想写一个插件，他们仅仅是继承本合同并添加加载项属性：

If a plugin author wanted to write a plugin, they would simply subclass this contract and add the "Addin" attribute:

[AddIn("Sample Calculator AddIn", Version="1.0.0.0")]
public class SampleCalculatorAddIn : Calculator
{
    public override double Add(double a, double b)
    {
        return a + b;
    }
    public override double Subtract(double a, double b)
    {
        return a-b;
    }
    public override double Multiply(double a, double b)
    {
        return a * b;
    }
    public override double Divide(double a, double b)
    {
        return a / b;
    }
}

和这里是你如何加载这些加载项和互动其中：

And here's how you would load these addins and interact with them:

// In this sample we expect the AddIns and components to 
// be installed in the current directory
String addInRoot = Environment.CurrentDirectory;

// Check to see if new AddIns have been installed
AddInStore.Rebuild(addInRoot);

// Look for Calculator AddIns in our root directory and 
// store the results
Collection<AddInToken> tokens = 
    AddInStore.FindAddIns(typeof(Calculator), addInRoot);

// Ask the user which AddIn they would like to use
AddInToken calcToken = ChooseCalculator(tokens);

// Activate the selected AddInToken in a new AppDomain set sandboxed 
// in the internet zone. You can find out what this gives access
// to by running "mscorcfg.msc", but essentially this will limit
// any access to the filesystem and other obvious OS services.
// Use of reflection is also very limited in this zone.
Calculator calculator = 
    calcToken.Activate<Calculator>(AddInSecurityLevel.Internet);

// Run the read-eval-print loop
RunCalculator(calculator);

这是相当多的要点。这里显然比这更给它，但你的想法。

That's pretty much the gist. There's obviously more to it than that, but you get the idea.

好介绍文章

http://msdn.microsoft.com/ EN-US /杂志/ cc163476.aspx

在MSDN概述

的http://msdn.microsoft.com/en-us/library/bb384200.aspx

System.Addin Codeplex上（大量样本）

的 http://www.codeplex.com/clraddins

< STRONG>管道生成器（有助于产生外壳和加载项之间的沟通管道）

的 http://clraddins.codeplex.com/wikipage?title=Pipeline%20Builder&ref​​erringTitle=Home

Pipeline Builder (helps to generate communication pipeline between shell and addins)
http://clraddins.codeplex.com/wikipage?title=Pipeline%20Builder&referringTitle=Home

FX-对于System.Addin

警察规则http://clraddins.codeplex.com/wikipage?title=Add-in%20FxCop%20Rules&ref​​erringTitle=Home

这篇关于限制插件汇编代码访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！