ASP.Net, MVC, MEF and loading approved plugins (ie, plugins with known signer)

I'm working on an ASP.Net MVC/MEF based project.

Is it possible to build the catalog such that the DLLs added to the application are approved using a known signer? We don't want to load any old plugin that conforms - just those that have been approved (approving a plugin means its signed with a known key).

Jeff

Answers


You need to perform filtering like this before you initialise the MEF catalog. I.e., if you're using AssemblyCatalog:

var assemblies = // all assemblies
var catalog = new AggregateCatalog(
    assemblies
        .Where(a => IsAcceptable(a))
        .Select(a => new AssemblyCatalog(a))
);

You need to supply the IsAcceptable method to perform assembly filtering as appropriate:

bool IsAcceptable(Assembly a) { ... }

var c = X509Certificate.CreateFromSignedFile(assemblyFile);
if (c.Issuer = "Joe") ...

just an idea, didnt tried :) let us know if it works..


Need Your Help

How to tell which PHP files are actually used and which are not?

php dependencies

I got a large PHP website which I'm now about to take care of. It contains hundreds of separate PHP files, but I suspect only less than a half is really being used. Most of them probably can be del...