Custom ExportFactory

Dec 14, 2010 at 9:03 AM

Hello all,

I need to have more control over the way ExportFactory creates objects for me.

My parts constructors accept some parameters and ExportFactory is OK only with parameter-less constructors.

How can I replace part creation behavior of ExportFactory ?

Dec 14, 2010 at 12:20 PM

You already asked this question a few times on stackoverflow. Have you actually tried any of the answers? Why do you keep reposting?

Dec 15, 2010 at 8:15 AM

This is codeplex.com the vendor website while stackoverflow.com is a general programming website.

I didn't find my answer yet, so I'm asking here.

Is it very strange to ask for a ExportFactory which can create instances of parts with parameters in constructor ?!

Something like:

 

myPart.CreateExport(object dependency);

 

And after one week still (all the week I was seeking the answer, stepping through MEF code...) nobody knows the answer on stackoverflow.com.

And about your answer on stackoverflow.com I should say it would be a big security hole in my case. Exporting a Func and importing it at the constructor of the part will reveal all the structure of parent (container) class to the using part. Parts are not fully trusted in my case. Also since I have no idea (from exporter side) who is calling the exported Func so I need some identifier to be passed as parameter of the function. This way the part is claiming who he is. This is a security hole sine a part can claim to be somebody else and I will return sensitive data of another part to this one. This problem can be solved by design at the point I'm creating the object. At that point, using metadata, I know which part I'm creating and easily can inject it's specific dependencies to its constructor.

Dec 15, 2010 at 10:54 AM
Edited Dec 15, 2010 at 11:13 AM

If security is your concern, then you should only load trusted assemblies. Take a look at Daniel's post about How To Control Who Can Write Extensions For Your MEF Application.

 

If you don't trust the code but still want to run it, there is an alternative: you can run the code in a sandbox. However, getting that level of isolation involves creating a separate AppDomain. That comes with a whole new set of problems: objects can only cross AppDomain boundaries by serialization/deserialization, method calls need to be marshalled... MEF does not have built-in support for such scenarios.