AppDomains with true fault tolerance??
Posted on 2004-04-27
I am working on a server application in C# that allows the users to add their clients or plug-ins. I provide an API for what functions the client has to implement and load the client object (and assembly) into a new application domain. The client objects are either MarshalByRefObj or are serializable as needed. My server will then call one or two functions on the client object to set it up and let it run (perhaps in a separate thread, or using a GUI, created by the client).
My question is: how do I get true fault tolerance?
Right now, for the sake of testing, I am loading in a client object that does a division by zero after loading up a GUI, and it crashes my entire server! Perhaps I was mistaken, but I thought the application domains are supposed to provide isolation and fault tolerance. Is there a way to add a layer of fault tolerance, in case the user's plugin/client does something stupid? I know there are security permissions, but from what I can tell they only stop things like file and network access, not isolate the exceptions from the server.
Do I have to go to seperate processes and use remoting to talk to my server? I'd really rather not, unless it is the only way.
I really appreciate any assistance!
Thanks in advance.