The topics discussed so far have centered on various pieces of security information: encryption key material, security identities, authentication and authorization, and so on. They dealt with security decisions that were tied to some concept of identity. The security identity may have been that of the browser user, or it may have been the identity of the running process.
A different aspect of ASP.NET security uses the .NET Framework code access security (CAS) functionality to secure the code that runs in an ASP.NET site. Although the concept of code having its own set of rights has been around since the first version of the .NET Framework, more often than not the actual use of CAS by developers has been limited. In large part, this has been due to the complexities of understanding just what CAS is as well as how to effectively use CAS with your code.
ASP.NET 1.1 substantially reduced the learning curve with CAS by introducing the concept of ASP.NET trust levels. In essence, an ASP.NET trust level defines the set of rights that you are willing to grant to an application's code. This chapter thoroughly reviews the concept of ASP.NET trust levels, as well as new features in ASP.NET 3.5 around enforcement of trust levels that have not changed since ASP.NET 2.0
You will learn about the following areas of ASP.NET trust levels:
Configuring and working with ASP.NET trust levels.
What an ASP.NET trust level looks like.
How a trust level definition actually works. ...