Trust levels let you define security rules. They define what types of operations an application can perform, such as reading from disk or accessing the registry. Each trust level has an associated policy file, except for Full trust. When an application runs with Full trust, code access security places no restrictions on the resources and operations that the application is allowed to access. Access to resources is based on operating system security and Microsoft Windows® access control lists (ACLs). Full trust is mapped to an internal handler, so it is not possible to edit the user rights to perform operations for an application. Full trust is effectively the absence of an application domain policy, and therefore it never has an associated policy file.
To protect ASP.NET applications, you can restrict access to resources and the operations that they can perform. You do this by setting the <trust> element to a predefined trust level in either the machine-level Web.config file or the application’s Web.config file.
The following list describes the predefined trust levels:
Applications that run at Full trust level can execute arbitrary native code in the process context in which they run. Because of the inherent risks that come with running in Full trust mode, this mode is not recommended in a shared environment except when every Web site uses its own application pool and application pool identity.
Important The default trust level is Full trust. You should evaluate the security requirements for your environment and set the trust level appropriately.
Code in High trust applications can use most .NET Framework permissions that support partial trust. This mode is often appropriate for trusted applications that you want to run with fewer user rights in order to mitigate risks. For example, this level provides the same access as Full trust, but restricts access to unmanaged code and COM interop.
Code in Medium trust applications can read and write in its own application directories and can interact with Microsoft SQL Server™ databases. However, by default, the user rights that are needed to access OLE DB and ODBC are not granted to Medium trust applications. Medium trust is the recommended setting for a shared server, because it allows connections to SQL Server databases and restricts most other user rights to the application root structure.
Code in Low trust applications can read its own application resources but cannot make any out-of-process calls, such as calls to a database, to the network, and so on. By using Low trust, you effectively lock applications down to their application directory and remove all access to system resources.
Code in Minimal trust applications can execute but cannot interact with any protected resources. Minimal trust may be appropriate for mass hosting sites that want to support dynamic generation of Hypertext Markup Language (HTML) and isolated business logic.
The definition of the trust levels is essentially the same from ASP.NET version 1.1 through version 4. However, some of the user rights or operations that can be granted at each trust level vary slightly. For example, in ASP.NET 2.0 and later, Medium trust code can enable access to OLE DB APIs.
For information about how to run ASP.NET applications in a hosted environment, including trust levels and code access security, download the Microsoft Solution for Windows-based Hosting version 3.5 tool kit from the Microsoft download center. For information about hosting environments and architecture, see the Hosting Guidance for the Microsoft Web Platform on the IIS.net Web site.