TrustedCodeService Class
Provides secure trusted type resolution and instance creation.
public static class TrustedCodeService- Inheritance:
- object object
Remarks
This service implements a security model where types or their containing assemblies must be explicitly marked as trusted before types can be resolved or instantiated from string type names. This secure-by-default approach prevents untrusted types from being dynamically loaded or instantiated. Applications can handle the TypeResolutionRequested event to apply custom logic when evaluating type trustworthiness.
Note that this service's members that are passed Type instances or type parameters are assumed to be implicitly trusted by the caller since the types are already available in the application domain.
Properties
AssemblyNameMatchingStrategy
The matching strategy used when evaluating string assembly names in the Resolve(string, bool) method.
public static AssemblyNameMatchingStrategy AssemblyNameMatchingStrategy { get; set; }Property Value
- AssemblyNameMatchingStrategy:
The default value is FullName for maximum security.
Remarks
Changing this property to a less strict matching strategy can introduce security risks.
TrustedAssemblies
The collection of trusted assemblies.
public static IReadOnlyCollection<Assembly> TrustedAssemblies { get; }Property Value
TrustedTypes
The collection of trusted types.
public static IReadOnlyCollection<Type> TrustedTypes { get; }Property Value
Methods
AddTrustedAssembly(Assembly)
Adds an assembly to the set of trusted assemblies.
public static void AddTrustedAssembly(Assembly assembly)| Parameter | Type | Description |
|---|---|---|
| assembly | Assembly | The assembly to trust. |
AddTrustedType(Type)
Adds a type to the set of trusted types.
public static void AddTrustedType(Type type)| Parameter | Type | Description |
|---|---|---|
| type | Type | The type to trust. |
CreateInstance(string)
Returns an instance of the specified type created using its parameterless constructor after type resolution via the Resolve(string, bool) method.
public static object CreateInstance(string typeName)| Parameter | Type | Description |
|---|---|---|
| typeName | string | The full name of the type to instantiate, optionally including the assembly name. |
Returns
CreateInstance(Type)
Returns an instance of the specified type created using its parameterless constructor.
public static object CreateInstance(Type type)| Parameter | Type | Description |
|---|---|---|
| type | Type | The type to instantiate. |
Returns
Remarks
The TypeResolutionRequested event is not raised for this method since the type is already available and assumed to be trusted.
CreateInstance(Type, params object?[])
Returns an instance of the specified type created using its constructor with matching parameters.
public static object CreateInstance(Type type, params object?[] args)| Parameter | Type | Description |
|---|---|---|
| type | Type | The type to instantiate. |
| args | object[] | Constructor arguments. |
Returns
Remarks
The TypeResolutionRequested event is not raised for this method since the type is already available and assumed to be trusted.
CreateInstance<T>()
Returns an instance of type T created using its parameterless constructor.
public static T CreateInstance<T>()- Type Parameters:
-
T-The type to instantiate.
Returns
- T
Remarks
The TypeResolutionRequested event is not raised for this method since the type is already available and assumed to be trusted.
CreateInstance<T>(params object?[])
Returns an instance of type T created using its constructor with matching parameters.
public static T CreateInstance<T>(params object?[] args)- Type Parameters:
-
T-The type to instantiate.
| Parameter | Type | Description |
|---|---|---|
| args | object[] | Constructor arguments. |
Returns
- T
Remarks
The TypeResolutionRequested event is not raised for this method since the type is already available and assumed to be trusted.
IsTrusted(Assembly)
Indicates whether the specified assembly is trusted.
public static bool IsTrusted(Assembly assembly)| Parameter | Type | Description |
|---|---|---|
| assembly | Assembly | The assembly to check. |
Returns
- bool:
trueif the assembly is trusted; otherwise,false.
IsTrusted(Type)
Indicates whether the specified type is trusted.
public static bool IsTrusted(Type type)| Parameter | Type | Description |
|---|---|---|
| type | Type | The type to check. |
Returns
- bool:
trueif the type is trusted or if its containing assembly is trusted; otherwise,false.
RemoveTrustedAssembly(Assembly)
Removes an assembly from the set of trusted assemblies.
public static bool RemoveTrustedAssembly(Assembly assembly)| Parameter | Type | Description |
|---|---|---|
| assembly | Assembly | The assembly to remove from the trusted set. |
Returns
- bool:
trueif the assembly was removed; otherwise,false.
RemoveTrustedType(Type)
Removes a type from the set of trusted types.
public static bool RemoveTrustedType(Type type)| Parameter | Type | Description |
|---|---|---|
| type | Type | The type to remove from the trusted set. |
Returns
- bool:
trueif the type was removed; otherwise,false.
Resolve(string, bool)
Returns the type specified by full type name after trust evaluation, or null if the type cannot be resolved.
public static Type? Resolve(string typeName, bool throwOnError = true)| Parameter | Type | Description |
|---|---|---|
| typeName | string | The full name of the type to resolve, which should include the full assembly name, unless the calling assembly is to be used. |
| throwOnError | bool | A value indicating whether to throw an exception if the type cannot be resolved or is not trusted. The default value is |
Returns
- Type:
The resolved type, or
nullif the type cannot be resolved andthrowOnErrorisfalse.
Remarks
The TrustedAssemblies and TrustedTypes collections are checked to determine if the type is trusted. Then the TypeResolutionRequested event is raised to allow custom trust evaluation logic, where the type can be marked as trusted or untrusted.
An exception will be thrown if the type cannot be resolved and throwOnError is true.
Events
TypeResolutionRequested
Occurs when the trustworthiness of a type name is being evaluated for type resolution.
public static event EventHandler<TypeResolutionEventArgs>? TypeResolutionRequested