The good news is that most of the web applications I write work just
fine in medium trust, so it's very easy to run your ASP.NET app in
partial trust. All it takes is a change to your web.config.
<system.web>
<trust level="Full"/>
. . ..
</system.web>
ASP.NET runs at Full trust by default (trust levels didn't exist in
v1.0). Change the level attribute above to a different setting to
change the permissions of your ASP.NET code. You can change your
trust level, and here's the rundown of what each one means:
- Full trust - your code can do anything that the account running it can do.
- High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
- Medium trust - same as above except your code cannot see any part of the file system except its application directory.
- Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
- Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).
The above lines are the most significant differences that would lead
you to choose a particular trust level. Read more about
trust leves and code-access security from MSDN.
Posted
07-05-2005 11:11 AM
by
Jeffrey Palermo