How do I host possibly malicious code in its own app domain in a multi-tenant host?

Question

I need to allow users to upload and run .NET scripts in a multitenant environment. Many users will have scripts running concurrently (that will be somehow limited in CPU cycles).

I've read this MSDN article that explains clearly how to load such an assembly, but it is lacking in security details relevant to my scenario.

Some questions I have are:

• Should each hosted app have a separate ApplicationBase
• Should each hosted app have a separate ConfigurationFile
• What configuration file settings are appropriate
• Can I emulate Silverlight's "sandbox" mode of fully isolated assemblies
• ...? (prevent or control network IO access)

Answer 1

Have you tried reading the documentation? While that may be somehow hidden and there are not many howtos on the internet for that stuff, it is quite well documented. Code Access Security is what you are looking for.

A good start is:

http://msdn.microsoft.com/en-us/library/dd233103(v=vs.110).aspx

which is titled "Security Changes in the .NET Framework" (and no, I wont start quoting here). YOu look for things like "Code Access Security" to create a sanbox style environment. This is possible, but like all security it is seriously non trivial because if you overlook a single thing, then the sandbox is open. Expect to spend serious time in that stuff - or have an illusion of security with hugh open holes you simply are not aware of.