The good news is that most of the web applications I write work just
fine in medium trust, so it’s very easy to run your ASP.NET app in
partial trust. All it takes is a change to your web.config.
. . ..
ASP.NET runs at Full trust by default (trust levels didn’t exist in
v1.0). Change the level attribute above to a different setting to
change the permissions of your ASP.NET code. You can change your
trust level, and here’s the rundown of what each one means:
- Full trust – your code can do anything that the account running it can do.
- High trust – same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
- Medium trust – same as above except your code cannot see any part of the file system except its application directory.
- Low trust – same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
- Minimal trust – code is restricted from anything but the most trival processing (calculating algorithms).
The above lines are the most significant differences that would lead
you to choose a particular trust level. Read more about trust leves and code-access security from MSDN.