What are the limitation of different trust level in a application
Posted on 12/2/2007 9:32:39 AM
in #ASP.NET 2.X
Hi,
Most of us have worked with web application and one thing which is very commonly heard is of trust level at which the application is running. I have read many articles which talks (in some way or the other about trust level of the application). But I also feel that most of the developers do not know the limitations or capabilities of different levels.
Here is a list of major restriction and capabilities for an application at different trust levels.
Full trust –
No restriction is imposed on the application by the code aces security.
High trust -
Application can access no unmanaged code.
Application can access no enterprise services
Application can access Sql server and other oledb data services.
Can send Email with the help of SMPT server.
Very limited reflection permission. The application does not have permission to invoke code using reflection.
Abroad set of other features are available and Application also have access to file system and socket.
Medium trust – (Most shared hosting run in this level of trust) Application is limited to the directory structure of the application.
No file access is allowed outside the application virtual directory hierarchy
Can access SQL Server
Can send email by using SMPT server
Very limited rights to some common environment variables
Application has no reflection permission what so ever.
No permission on socket.
To access Web resources, you must explicitly add endpoint URLs (either in the original Url attribute of the <trust> element or inside the policy file).
Low trust – The low trust level is intended to model the concept of a read only application with no network connectivity. The application has read only access to the file IO within the Virtual directory of the application.
Minimal trust – The application has Execute only permission.
The application does not have ability to change the IPrincipal on a thread or on the httpcontext.
Vikram
|