How to sandbox an assembly or C# source file

We want to provide some programmability features to our clients,
so we allow them to write their own code,
but they must not have access to system features, like

File.Delete( "test.txt" );

We partially accomplished this by not allowing global or local using statements.

But the users still would be able to access all .NET features by writing fully qualified names, like:

System.IO.File.Delete( "test.txt" );

Do you know of ways to restrict certain source files, or complete assemblies, from accessing system functions?

If you are using .net framework (not net core or net5+) you could run the user's code in a separate AppDomain with restricted permissions.

Just a few hints (there are a lot of other permissions you can set):

var setup = new AppDomainSetup();

var perm = new PermissionSet(PermissionState.None);

perm.AddPermission(
       new SecurityPermission(SecurityPermissionFlag.Execution));

perm.AddPermission(
       new FileIOPermission(FileIOPermissionAccess.Read, "PathToReadOnlyFolder"));

var userCodeDomain = AppDomain.CreateDomain("UserCodeDomain", null, setup, perm);

The most secure alternative would likely be to create a new user that only has permission to run the specific program, and some way to communicate with your main process. Users are the main security primitive most operating systems, so that is probably what you need to use.

Trying to restrict the source code sounds like it will be next to impossible, since it was never intended as a security barrier.

That said, I would probably either use some smaller scripting language that is designed to run in a sandbox, something like javascript or Lua. Or to run your system in a virtual machine, or docker container, specific for each customer, so that they could only possibly access their own data, or break their own system. Just remember to keep frequent backups so you can restore the system when they break it.