Customizing the Microsoft .NET Framework Common Language Runtime
|
Host protection enables a host to prevent partially trusted add-ins from using APIs that don't fit well with the host's programming model. Although on the surface the goals of host protection seem very much like those of CAS, the two features have different motivations. CAS is a mechanism used to protect a resource from unauthorized access, whereas host protection is aimed at constraining an add-in to adhere to a host's programming model. Host protection consists of a set of categories that define capabilities deemed of interest to hosts, a custom attribute for grouping APIs into those categories, and a hosting interface that hosts use to specify which categories of functionality don't fit their programming model. The .NET Framework class libraries have been annotated with the custom attribute (the HostProtectionAttribute) to indicate which types and methods belong to which host protection categories. After determining which categories apply to its scenario, a host uses the ICLRHostProtectionManager interface to prevent the APIs belonging to those categories from being used in the process. |
|