Code Access Security
Code access security
is a new .NET runtime feature
that can dramatically reduce the likelihood of applications
performing damaging actions by putting significant restrictions in
place on untrusted or partially trusted code. While using code access
security programmatically in an application is well beyond the scope
of this book, even if you never call a single method related to code
access security, your ASP.NET applications still use it through
settings configured in the machine.config
configuration file.
The
<trustLevel>
element in machine.config
defines
the mapping of named trust levels to policy files that define the
code access security policies associated with a given named trust
level. The
<trust>
element in machine.config
sets the default trust level
to Full
.
If you want to restrict the actions that a given application can
take, you can do so by adding a
<location>
tag
to machine.config
that specifies
the path to that application and contains a
<trust>
element specifying the desired trust
level, as shown in the following code snippet. Setting the
allowOverride
attribute to
False
will prevent the trust level from being
overridden in the application’s web.config
file:
<location path="Application1" allowOverride="False"> <system.web> <trust level="Low"/> </system.web> </location>
Tip
As with web.config
, the
<location>
tag in machine.config
must be placed outside of the
<system.web>
tags, but must also appear
after the <configSections>
section, or an exception ...
Get ASP.NET in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.