How to analyze which permissions are needed by an .net assembly

I need to know which permissions are requested by an assembly. With permission I mean 开发者_JAVA技巧for example the WebPermission

Background: I have a service which executes plugins in a sandbox. These plugins are restricted with code-access security. For example: they aren't allowed to access the file system or the registry. Networking is restricted to only http, ...

I would like to analyze these plugins in our build-process to ensure that only classes are used, which are covered by the granted permissions.

In .NET 2.0 through 3.5, the permcalc tool would have allowed you to extract a "best guess" minimum permission set for an assembly. However, the tool has not been updated for .NET 4.0 where, for example, the new transparency approach would have a considerable impact on the analysis results.

AFAIK, there is no permcalc substitute (Microsoft or third-party, commercial or free) available for .NET 4.0. In the absence of such a tool, your best bet for verifying the plug-ins would probably be an appropriate set of integration tests run under the runtime permission set.