I've heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.
I've read through MSDN's article but it didn't do much for me.
Can someone provide a real world example of when you would want to use the various levels (Full, High, Medium, Low, and Minimal) and explain what kind of security risk I would be exposing myself to if I were to use the wrong one?
In a nutshell, a trust level is a declarative representation of security rules that defines the set of . NET Framework classes your ASP.NET code can call as well as a set of . NET Framework features that your ASP.NET code can use. The declarative representation of this information is called a trust policy file.
Expand the website on which your Web Adaptor is deployed and select the Web Adaptor application. Double-click . NET Trust levels. From the Trust level drop-down list, choose Full (internal), High, or Medium, as necessary.
The Trust Level determines the actions that a program is allowed to perform. The Trust Levels are Super, Trusted, Restricted, Ask, Kill, and No Enforcement.
Trust levels are associated with policy files using the <securityPolicy> configuration element, which is valid only in a site-level configuration (Web. config) file. You can add or remove trust levels by adding entries to the configuration section that specify the trust level name and the policy file to be used.
This article might explain it a lot better than the technical one you were reading.
Here's the best part of it:
Medium Trust Summary
The main constraints placed on medium trust Web applications are:
OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.
EventLogPermission is not available. This means you cannot access the Windows event log.
ReflectionPermission is not available. This means you cannot use reflection.
RegistryPermission is not available. This means you cannot access the registry.
WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the element.
FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.
You are also prevented from calling unmanaged code or from using Enterprise Services.
An easy real-world situation to imagine where you need this is if you are an ISP offering hosting to people. Allowing anyone to write code that can access the filesystem means that anyone could do anything they want on your server, which might be hosting multiple clients.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With