How to limit prism 4 to load only special signed modules?

Question

I have a WPF Desktop application using Prism 4, in my bootstrapper i have the following code :

protected override IModuleCatalog CreateModuleCatalog()
{
   var filepath = Assembly.GetExecutingAssembly().Location;
   var path = Path.GetDirectoryName(filepath);
   System.IO.Directory.SetCurrentDirectory(path);
   path = Path.Combine(path, "Modules");
   var moduleCatalog = new DirectoryModuleCatalog() { ModulePath = path };
   return moduleCatalog;
}

the above code is telling prism to load all the .dlls from "[my app root]\Modules" path and check them to see if any class has implemented IModule. What I want to do is to limit the loading process to only DLLs which have been signed with a specific sign key so that prevent any developer to inject it's module in my application. please advice if I'm following the wrong path for such issue.

Answer 1

You are on the right path, however, you need to go a little further. The DirectoryModuleCatalog is designed to load any types in the specified directory that implement the IModule interface, as you have seen. If you want to limit the modules that are loaded further (for example, to assemblies signed with a specific key), you need to create a custom module catalog (likely derived from DirectoryModuleCatalog), and override the Initialize method. Initialize is where the module catalog will examine the directory and load a collection of ModuleInfo objects that contain the information about any modules in the directory. By overriding this method, you can examine the assemblies in the directory and only load modules from assemblies with the proper signature. In the Initialize method, you would populate the Modules property with ModuleInfos of Modules contained in valid assemblies.

Then, in the above code, rather than creating a new DirectoryModuleCatalog(), you would create your custom module catalog.

Please note, depending on how you check the signature of the assembly, you may be loading the assembly into memory (even if you don't make any modules available in the catalog). If this is the case, you may want to verify the assemblies in a separate AppDomain which can then be unloaded (therefore unloading the unsigned assemblies from memory).