CodeBetter.Com
CodeBetter.Com
RSS 2.0 via Feedburner
           Do you Twitter? Follow us @CodeBetter

Jeffrey Palermo (.com)

Blog moved to www.jeffreypalermo.com

ASP.NET trust levels demystified - level 300

The good news is that most of the web applications I write work just fine in medium trust, so it's very easy to run your ASP.NET app in partial trust.  All it takes is a change to your web.config.
    <system.web>
        <trust level="Full"/>
       . . ..
    </system.web>

ASP.NET runs at Full trust by default (trust levels didn't exist in v1.0).  Change the level attribute above to a different setting to change the permissions of your ASP.NET code.  You can change your trust level, and here's the rundown of what each one means:
  • Full trust - your code can do anything that the account running it can do.
  • High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
  • Medium trust - same as above except your code cannot see any part of the file system except its application directory.
  • Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
  • Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).
The above lines are the most significant differences that would lead you to choose a particular trust level.  Read more about trust leves and code-access security from MSDN.



Comments

Christopher Steen said:

Link Listing - July 5, 2005
# July 5, 2005 8:11 PM

Joshua Flanagan said:

I can see how this would be useful in a hosting scenario, where you want to be able to limit what applications can do on your server, without having to do full code reviews. You could set the trust level in machine.config with allowOverride=false.
# July 7, 2005 9:06 PM

Dave MCSD.NET said:

Thank you very much. Your information above regarding trust solved a problem very quickly for me. The default trust on a hosted site was more restricted than I had expected. Modifying within the web.config was a quick solution. The problem was associated with an ole.db connection to an excel document.
The 2nd associated problem was very strange. I was having a problem after the users clicked a button on a page (that would show/hid a div section). I dont quite understand why security would have been related to this solution. However... Thanks again.
# August 1, 2005 7:33 PM

About Jeffrey Palermo

Jeffrey Palermo is a software management consultant and the CTO of Headspring Systems in Austin, TX. Jeffrey specializes in Agile coaching and helps companies double the productivity of software teams. Jeffrey is an MCSD.Net , Microsoft MVP, Certified Scrummaster, Austin .Net User Group leader, AgileAustin board member, INETA speaker, INETA Membership Mentor, Christian, husband, father, motorcyclist, Eagle Scout, U.S. Army Veteran, and Texas A&M University graduate. Check out Devlicio.us!

Our Sponsors

This Blog

Syndication

News

Headspring Systems

View Jeffrey Palermo's profile on LinkedIn

See my new blog at .jeffreypalermo.com