Can someone explain ASP.NET trust levels to me?

Question

I\'ve heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.

Answer 1

While not an expert, I would give one of the more common examples of trust is if you bought hosting through a shared hoster through some vendor for $10 a month, where you don't have direct access to the machine, but get an allotted storage space. In this scenario, you get medium trust typically because the hoster wants to limit what you can do (make sure you can't delete or modify something that's not supposed to be), and don't have access to certain resources (like try to read a file outside of the folder you have permission to) and other tasks.

We have full access to our machine where we host a site, and we give it full trust, it isn't a concern for us since its dedicated to our web site and not a shared resource.

Answer 2

This article might explain it a lot better than the technical one you were reading.

Here's the best part of it:

Medium Trust Summary

The main constraints placed on medium trust Web applications are:

• OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.

• EventLogPermission is not available. This means you cannot access the Windows event log.

• ReflectionPermission is not available. This means you cannot use reflection.

• RegistryPermission is not available. This means you cannot access the registry.

• WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the element.

• FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.

• You are also prevented from calling unmanaged code or from using Enterprise Services.

An easy real-world situation to imagine where you need this is if you are an ISP offering hosting to people. Allowing anyone to write code that can access the filesystem means that anyone could do anything they want on your server, which might be hosting multiple clients.

Answer 3

The problem with Trust levels is that so many plugins require elevated permissions that certain types of applications simply won't work under it.

I've personally seen Crystal Reports and a HTML to PDF conversion tool fail under Medium Trust - FileIOPermission is required to the Temp folder outside of your applications virtual directory. I've also seen issues with TCP Socket connections blocked because of certain Trust levels.

I actually had a rather annoying catch 22 situation with a web application last year where Medium Trust was required for security, but so was writing to the Event Log!

Fortunately you can overwrite Trust levels in your machine.config on the server (if you have access to it), or your web.config if your server is configured to allow it overwrite the machine.config file.

Doing that sort of defeats the purpose of fixed Trust levels though...