What is Medium Trust in Asp.net?
Asked Answered
Z

2

23

What is Medium Trust in Asp.net? When should we use Medium Trust in Asp.net?

Zena answered 11/4, 2010 at 15:7 Comment(0)
C
32

The most concise description I've seen is here:

  • Full trust - your code can do anything that the account running it can do.
  • High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
  • Medium trust - same as above except your code cannot see any part of the file system except its application directory.
  • Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
  • Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).

Those are the big differences, were you interested in the minor details as well? The trust levels overall refer to what the code is allowed to do.

Courtland answered 11/4, 2010 at 15:13 Comment(2)
Stupid question: Why should I, as a developer of a web app, set the trust level to anything other than Full Trust? I could imagine that this is in the interest of a web hosting company to restrict the trust level. As an example: The hosting company has set the trust level to medium (in the machine config file?). What happens if I want to install a web app now at this hosting company which I've developed with Full Trust (in my web.config)? Can I start the app at all or do only "forbidden" methods throw exceptions?Moluccas
@Moluccas - 1) When you develop for medium trust if that's your target environment, if you were building a portal that people will deploy on their servers, you probably want to target medium trust, something like DotNetNuke comes to mind. 2) Hosting company wins with the trust level, you can't override their settings (assuming they did it correctly). 3) Maybe, if you have code in app startup that needs access above the trust level you're running at, it'll blow up on start...if it's code that runs later, it'll blow up when a method trying to access something it can't executes.Courtland
K
0

Medium trust still provides a constrained environment for isolating applications from one another and from shared server resources. Medium trust applications have no registry access, no event log access, and no ability to use reflection. Web access is limited to the network address that you define in the "trust" element, and file system access is limited to the application's virtual directory. keep in mind that you cannot edit your web.config by declaring that your Application use medium trust, if your application is coded to do something in the above list, it will still throw an error exception.

Kermitkermy answered 13/11, 2015 at 17:58 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.