Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is Medium Trust in Asp.net?

Tags:

What is Medium Trust in Asp.net? When should we use Medium Trust in Asp.net?

like image 929
Amitabh Avatar asked Apr 11 '10 15:04

Amitabh

People also ask

What is .NET trust level?

NET Trust levels in IIS. In Internet Information Systems (IIS), an application's Trust level determines the permissions that are granted to it by . NET code access security (CAS) policy. By default, IIS is configured with Full trust, meaning that unrestricted permissions are granted to applications.

What is full trust?

Full trust is the default, allows ASP.NET applications to execute native code, to read from the Registry and Windows Event Log, and to read and write to files outside of the application's virtual directory. In short, with full trust one web application could delete the entire contents of another web application.

What is high trust level?

High (web_hightrust. config) - Specifies a high level of code access security, which means that the application cannot do any one of the following things by default: Call unmanaged code. Call serviced components.

What is trust level in web config?

Trust levels are associated with policy files using the <securityPolicy> configuration element, which is valid only in a site-level configuration (Web. config) file. You can add or remove trust levels by adding entries to the configuration section that specify the trust level name and the policy file to be used.

1 Answers

The most concise description I've seen is here:

  • Full trust - your code can do anything that the account running it can do.
  • High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
  • Medium trust - same as above except your code cannot see any part of the file system except its application directory.
  • Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
  • Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).

Those are the big differences, were you interested in the minor details as well? The trust levels overall refer to what the code is allowed to do.

like image 112
Nick Craver Avatar answered Sep 25 '22 21:09

Nick Craver
Sign in to Comment

Related questions

this == null // How can it be possible?
Question about [Pure] methods
Can I find a filename from a filehandle in Perl?
In Java, is a Comparator used in Collections.sort() thread safe?
How to remove accidental branch in TortoiseHg?
UUID collision risk using different algorithms
Parsing a string for dates in PHP
What is the purpose of the IsSerializable interface in GWT (regarding the RPC mechanism)
Using ASP.Net MVC Data Annotation outside of MVC
Using Mercurial with Visual Studio 2010 [closed]
How to launch PowerShell script from the OS command line?
How can I compare files in a JUnit test case? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!