In this chapter, you took a comprehensive look at the concept of code access security (CAS) in ASP.NET. Although the .NET Framework has a rich set of classes and configuration information for enforcing code access security, ASP.NET simplifies CAS by introducing the concept of a trust level. A trust level is represented as a piece of XML in a trust policy file that defines the set of .NET Framework permissions granted to an ASP.NET application. You can choose permissions for your application by using the <trust /> configuration element and setting it to one of the following trust levels:
Full: The web application can call any code in the Framework as well as Win32 APIs.
High: The web application cannot call into Win32 APIs. Also, a default set of restricted permissions is defined by ASP.NET that gives your web application access to a reasonably large set of the Framework.
Medium: The recommended trust level for hosting machines. Also recommended for any Internet-facing web server.
Low: This trust level has a very limited set of CAS permissions. It is appropriate for applications that perform only local read-only operations. It is also used for applications that provide their own sandboxed execution model on top of ASP.NET such as SharePoint.
Minimal: The lowest trust level available. It allows you to write only code that deals with in-memory data. Your web application can't touch the file system or the network.
Make your web applications more secure by at least moving ...