What is Medium Trust in Asp.net? When should we use Medium Trust in Asp.net?
+5
A:
The most concise description I've seen is here:
- Full trust - your code can do anything that the account running it can do. High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
- Medium trust - same as above except your code cannot see any part of the file system except its application directory.
- Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
- Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).
Those are the big differences, were you interested in the minor details as well? The trust levels overall refer to what the code is allowed to do.
Nick Craver
2010-04-11 15:13:26
Stupid question: Why should I, as a developer of a web app, set the trust level to anything other than Full Trust? I could imagine that this is in the interest of a web hosting company to restrict the trust level. As an example: The hosting company has set the trust level to medium (in the machine config file?). What happens if I want to install a web app now at this hosting company which I've developed with Full Trust (in my web.config)? Can I start the app at all or do only "forbidden" methods throw exceptions?
Slauma
2010-04-11 16:02:50
@Slauma - 1) When you develop for medium trust if that's your target environment, if you were building a portal that people will deploy on their servers, you probably want to target medium trust, something like DotNetNuke comes to mind. 2) Hosting company wins with the trust level, you can't override their settings (assuming they did it correctly). 3) *Maybe*, if you have code in app startup that needs access above the trust level you're running at, it'll blow up on start...if it's code that runs later, it'll blow up when a method trying to access something it can't executes.
Nick Craver
2010-04-11 19:27:58