4.1. What Is an ASP.NET Trust Level?
ASP.NET 1.1, ASP.NET 2.0, and ASP.NET 3.5 have the concept of trust levels. In a nutshell, a trust level is a declarative representation of security rules that defines the set of .NET Framework classes your ASP.NET code can call as well as a set of .NET Framework features that your ASP.NET code can use. The declarative representation of this information is called a trust policy file. Because a trust level is a declarative representation, you can view the definitions of trust levels by looking at the trust policy files on disk, and you can edit these files to suit your needs. When you configure an ASP.NET site with a specific trust level, the application is said to be running in XYZ trust (where XYZ is specific trust level). Much of the code that runs in an ASP.NET application and certainly all of the code you write in code-behind files is restricted by the rules defined for the current trust level. Note that ASP.NET trust levels apply to only ASP.NET applications. Console applications, NT services, Winforms, and other applications still rely on a developer understanding the .NET Framework CAS features. Currently, no other execution environments provide a developer-friendly CAS abstraction like ASP.NET trust levels do.
The specific trust levels that ship with ASP.NET 1.1, ASP.NET 2.0, and ASP.NET 3.5 (no new trust levels were added in ASP.NET 3.5) are listed here from the most permissive to the most restrictive trust level:
Full trust
High trust ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
