Jeffrey Palermo (.com)

Sponsors

The Lounge

News

Recent Posts

Syndication

Tags

View more

Archives

Advertisement

Jeffrey Palermo (.com) » ASP.NET trust levels demystified - level 300
Images in this post missing? We recently lost them in a site migration. We're working to restore these as you read this. Should you need an image in an emergency, please contact us at imagehelp@codebetter.com
ASP.NET trust levels demystified - level 300
The good news is that most of the web applications I write work just fine in medium trust, so it's very easy to run your ASP.NET app in partial trust.  All it takes is a change to your web.config.
    <system.web>
        <trust level="Full"/>
       . . ..
    </system.web>

ASP.NET runs at Full trust by default (trust levels didn't exist in v1.0).  Change the level attribute above to a different setting to change the permissions of your ASP.NET code.  You can change your trust level, and here's the rundown of what each one means:
  • Full trust - your code can do anything that the account running it can do.
  • High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
  • Medium trust - same as above except your code cannot see any part of the file system except its application directory.
  • Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
  • Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).
The above lines are the most significant differences that would lead you to choose a particular trust level.  Read more about trust leves and code-access security from MSDN.

Posted 07-05-2005 11:11 AM by Jeffrey Palermo

[Advertisement]

Comments

Christopher Steen wrote Link Listing - July 5, 2005
on 07-05-2005 8:11 PM
Link Listing - July 5, 2005
Joshua Flanagan wrote re: ASP.NET trust levels demystified - level 300
on 07-07-2005 9:06 PM
I can see how this would be useful in a hosting scenario, where you want to be able to limit what applications can do on your server, without having to do full code reviews. You could set the trust level in machine.config with allowOverride=false.
Dave MCSD.NET wrote re: ASP.NET trust levels demystified - level 300
on 08-01-2005 7:33 PM
Thank you very much. Your information above regarding trust solved a problem very quickly for me. The default trust on a hosted site was more restricted than I had expected. Modifying within the web.config was a quick solution. The problem was associated with an ole.db connection to an excel document.
The 2nd associated problem was very strange. I was having a problem after the users clicked a button on a page (that would show/hid a div section). I dont quite understand why security would have been related to this solution. However... Thanks again.