O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4.2. Summary

In this chapter, you took a comprehensive look at the concept of code access security (CAS) in ASP.NET. Although the .NET Framework has a rich set of classes and configuration information for enforcing code access security, ASP.NET simplifies CAS by introducing the concept of a trust level. A trust level is represented as a piece of XML in a trust policy file that defines the set of .NET Framework permissions granted to an ASP.NET application. You can choose permissions for your application by using the <trust /> configuration element and setting it to one of the following trust levels:

  • Full: The web application can call any code in the Framework as well as Win32 APIs.

  • High: The web application cannot call into Win32 APIs. Also, a default set of restricted permissions is defined by ASP.NET that gives your web application access to a reasonably large set of the Framework.

  • Medium: The recommended trust level for hosting machines. Also recommended for any Internet-facing web server.

  • Low: This trust level has a very limited set of CAS permissions. It is appropriate for applications that perform only local read-only operations. It is also used for applications that provide their own sandboxed execution model on top of ASP.NET such as SharePoint.

  • Minimal: The lowest trust level available. It allows you to write only code that deals with in-memory data. Your web application can't touch the file system or the network.

Make your web applications more secure by at least moving ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required