I'm doing a addin system where the main app loads assemblies Addin1.dll and Addin2.dll on runtime in new AppDomain's.
However, in case that Addin1.dll is signed (strong name) with my key and Addin2.dll is not, I want to be able to only load Addin1.dll and reject Addin2.dll.
I'm suspecting that it needs to be done by setting some parameters in AppDomainSetup?
Look into the Assembly.Load method that takes an Evidence parameter. You can find an example of how to create an evidence from your public key here.
You can use Load method of AppDomain class to load new assembly into Appdomain, provided the assembly's publisher policy is satisfied by the client or end user environment.
Also the strong named assembly follows all the rules laid down by publisher of the assembly and the CLR. So the user of the assembly needs to satisfy the security aspect of the assembly being loaded into the appdomain.
The CLR loads the referenced global assembly from the GAC using the strong name properties. If the referenced assembly is available in the GAC, CLR will return its containing subdirectory and the file holding the manifest is loaded. Finding the assembly this way assures the caller that the assembly loaded at runtime came from the same publisher that built the assembly the code was compiled against. Now comparison of public key token in the referencing assembly’s assemblyRef table and public key token in the referenced assembly’s AssemblyDef table. If the referenced assembly isn’t in the GAC, the CLR looks in the application’s base directory and then in the private paths identified in the application’s configuration file; if the application containing the assembly is installed using the MSI, then CLR invokes MSI to load the required assembly. IF the assembly is not found in any of these location, an exception is thrown and finally the binding of assembly fails.
You can implment a DomainManager and base your load/block decision's on whatever you like. I answered a somewhat related question here.
