Jeffrey Palermo 1:11 pm on July 5, 2005  

ASP.NET trust levels demystified – level 300

The good news is that most of the web applications I write work just
fine in medium trust, so it’s very easy to run your ASP.NET app in
partial trust.  All it takes is a change to your web.config.
    <system.web>
        <trust level=”Full”/>
       . . ..
    </system.web>

ASP.NET runs at Full trust by default (trust levels didn’t exist in
v1.0).  Change the level attribute above to a different setting to
change the permissions of your ASP.NET code.  You can change your
trust level, and here’s the rundown of what each one means:

  • Full trust – your code can do anything that the account running it can do.
  • High trust – same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
  • Medium trust – same as above except your code cannot see any part of the file system except its application directory.
  • Low trust – same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
  • Minimal trust – code is restricted from anything but the most trival processing (calculating algorithms).

The above lines are the most significant differences that would lead
you to choose a particular trust level.  Read more about trust leves and code-access security from MSDN.