What is a partially trusted assembly/application/code/etc in .NET?

Question

Could someone please explain? I couldn't find anything on the internet, everything talks about how to go about it in some way, but nothing says exactly what it is.

Also, what is a fully trusted assembly and how do they differ from one another?

I have a MS certification exam and this is the only topic that I just don't understand.

EDIT: Thanks guys. Now I have a better understanding of security in .NET. I was able to pass my certification exam.

Answer 1

.NET implements a security model called code access security. Unmanaged code runs with the privileges and rights of the user starting the application, even if the code happens to originate from evil sources.

Managed code needs to provide evidence of its origin; there are various ways to do that (e.g. code is signed with a certain key, code was downloaded from a certain URL, code lives in a certain directory on disk, etc). Based on that evidence, assemblies are put into groups, for which policies are applied. A policy can grant certain permissions to a code group, primarily with regard to accessing system resources (performing DNS lookup, opening network connections, accessing "isolated storage", accessing the local file system (all of it, or just selected directories), accessing the registry, accessing network shares, etc). There is a tool in the control panel that allows you to define such policies.

When an assembly tries to perform some restricted operation, a privilege check is made. If access is granted, the operation proceeds. If the check fails, an exception is thrown. The check typically involves a stack traversal (i.e. all callers must be trusted for that operation), but there are exceptions.

As a special case, one may assign "Full Trust" to an assembly, granting all permissions. While I haven't heard the term "partial trust" before, I'd assume it refers to assemblies who have some rights, but not Full Trust.

Please understand that this is just an overview - there is much more to be said about code access security.

Answer 2

A full-trust assembly has an unrestricted set of code access security permissions, which allows the code to access all resource types and perform privileged operations, subject only to operating system security. For example, if user Bob cannot access file Y, then neither can a full-trust assembly running in Bob's user space.

A partial-trust assembly means that the code runs at less than full trust. The .NET Framework has several predefined trust levels that you can use directly or customise to meet your specific security requirements. For example, you can prevent an assembly from accessing SQL databases by denying SQLClientPermission.

The trust level of an assembly can also be diminished by its origin. For example, code coming from a network share (in older versions of .NET) is trusted less than code coming from the local computer, and as a result is limited in its ability to perform privileged operations.