4.2. Summary
In this chapter, you took a comprehensive look at the concept of code access security (CAS) in ASP.NET. Although the .NET Framework has a rich set of classes and configuration information for enforcing code access security, ASP.NET simplifies CAS by introducing the concept of a trust level. A trust level is represented as a piece of XML in a trust policy file that defines the set of .NET Framework permissions granted to an ASP.NET application. You can choose permissions for your application by using the <trust /> configuration element and setting it to one of the following trust levels:
Full: The web application can call any code in the Framework as well as Win32 APIs.
High: The web application cannot call into Win32 APIs. Also, a default set of restricted permissions is defined by ASP.NET that gives your web application access to a reasonably large set of the Framework.
Medium: The recommended trust level for hosting machines. Also recommended for any Internet-facing web server.
Low: This trust level has a very limited set of CAS permissions. It is appropriate for applications that perform only local read-only operations. It is also used for applications that provide their own sandboxed execution model on top of ASP.NET such as SharePoint.
Minimal: The lowest trust level available. It allows you to write only code that deals with in-memory data. Your web application can't touch the file system or the network.
Make your web applications more secure by at least moving ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
