我需要让我的用户执行.NET code，它的他们提供的我的服务器上。我知道，安全是一个大问题，但它必须那么做。

I have a need to allow my users to execute .NET code that they provide on my server. I know security is a big concern, but it has to be done that way.

目前，我运行在一个有限的Windows帐户我的用户'code。但是，我很担心，.NET框架提供了很多类，如果使用的恶意，可能会损害服务器 - 反思命名空间下的类就是一个例子，codeDOM是另外一个问题。

Currently, I run my users' code under a limited Windows account. But, I am worried that .NET framework provides many classes that, if used maliciously, can harm the server -- classes under the Reflection namespace is one example, CodeDom is another concern.

我希望有一种方式来创建一个轻量级的虚拟环境，它可以运行.NET code，但完全隔离。有点像虚拟PC，但更轻巧的 - 唯一的功能是，用户可以做计算，可能的话，调用第三方Web服务

I wish there was a way to create a "lightweight virtual environment" that can run .NET code, but is fully isolated. Kind of like Virtual PC, but much more lightweight -- the only capability would be that users can do calculations and, possibly, call a 3rd party web service.

有什么，它提供了.NET应用程序的隔离环境在市场上？

Is there something on the market that provides an isolated environment for .NET applications?

感谢。

推荐答案

.NET已建成的安全功能做你想要做的事情。不知道他们是如何.NET应用程序被启动，我不能肯定地说，如果它会帮助你，但如果你控制应用程序的启动就可以的应用安全上下文自己的AppDomain，并限制他们可以访问。从你的原发帖说，如果你阻止pretty的每样东西，除了的 WebPermission的（甚至可以限制其具体地址），它应该是安全的，您的系统上运行。

.NET has built in security features to do exactly what you want to do. Without knowing how their .NET apps are being launched I can't say for sure if it will help you, but if you control the launching of the apps you can apply a security context to their AppDomain and restrict what they can access. From what you said in the original posting if you blocked pretty much everything except WebPermission (and you can even restrict it to specific addresses) it should be safe to run on your system.