Sunday, February 6, 2011

What security level is set for Windows ASP.NET?

default for hosting companies as recommended by Microsoft.  Code in Medium Trust applications can read and write its own application directories and can interact with SQL Server’s databases. Medium trust is the recommended setting for a shared server because it allows connections to SQL Server databases and restricts all other permissions to the application root structure.
Medium Trust Summary is available directly from Microsoft’s website: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000020.asp

The main constraints placed on medium trust Web applications are:

  1. OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.
  2. EventLogPermission is not available. This means you cannot access the Windows event log.
  3. ReflectionPermission is not available. This means you cannot use reflection.
  4. RegistryPermission is not available. This means you cannot access the registry.
  5. WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the <trust> element.
  6. FileIOPermission is restricted. This means you can only access files in your application’s virtual directory hierarchy. Your application is granted Read, Write, Append, and Path Discovery permissions for your application’s virtual directory hierarchy.
  7. You are also prevented from calling unmanaged code or from using Enterprise Services.
For additional ASP.NET support and resources we recommend the following web sites: