Can someone explain ASP.NET trust levels to me?

Question

I\'ve heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.

Answer 1

This article might explain it a lot better than the technical one you were reading.

Here's the best part of it:

Medium Trust Summary

The main constraints placed on medium trust Web applications are:

• OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.

• EventLogPermission is not available. This means you cannot access the Windows event log.

• ReflectionPermission is not available. This means you cannot use reflection.

• RegistryPermission is not available. This means you cannot access the registry.

• WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the element.

• FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.

• You are also prevented from calling unmanaged code or from using Enterprise Services.

An easy real-world situation to imagine where you need this is if you are an ISP offering hosting to people. Allowing anyone to write code that can access the filesystem means that anyone could do anything they want on your server, which might be hosting multiple clients.