'Blazor Server and Sandboxing assemblies

I'm currently working on a .NET 5.0 Blazor Server project that imports and utilizes user-uploaded .NET assemblies (in either DLL or NUPKG form). Currently, these assemblies are loaded using Collectible AssemblyLoadContexts which, if I understand correctly, is a major security hazard for both my user-base and the server itself. That said, I'm searching for methods that can sandbox the inclusion/execution of those assemblies. The main concerns that I can think of are:

  1. Access to sensitive system information/environment variables
  2. Access to processes
  3. Access to internet (sockets/clients)
  4. File System access

but I probably haven't thought about a plethora of other factors I should be aware of.

How could I achieve such feat?

ps: The server runs on a Linux machine and all uploaded assemblies must be valid architecture-irrelevant .net5 or .netStandard2.0 in order to be loaded.

.net-assembly.net-5blazor-server-sidesandboxassembly-loading


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Namespace and assembly names when porting .NET code between platforms and technologies

Are there specific issues with .NET Core apps and System.Reflection.Assembly.LoadFrom(...)?

BindingRedirects in .net 6

Blazor Textfield Oninput User Typing Delay

onclick method not working in Blazor server-side razor component

How do I set focus to a text box in Blazor

Blazor Navigation Manager Go Back?

How to add fonts to a MudTextField with MudBlazor API?

How do I define the SignedOut page in Microsoft.Identity.Web?

Blazor Server cookie authentication with custom AuthenticationScheme

Blazor server app still authorized even after altering cookies

Call method in MainLayout from a page component in Blazor

Best way to use multiple awaits C# .NET Blazor

Blazor server not scaling (zoomed) on mobile

Blazor Re-Ordering A list With Drag And Drop