In .NET 3.5, WCF allows only a limited set of scenarios to execute in partial trust. It allows only the BasicHttpBinding, the WSHttpBinding, and the WebHttpBinding (with the notable exclusion of the WSDualHttpBinding) to be called under partial trust, and only with either no transfer security at all or Transport security. Furthermore, in the case of the WSHttpBinding, aspects such as Message security, reliable messaging, and transactions are disallowed. All partial-trust-enabled bindings must use text encoding. A WCF service (or client) running under partial trust cannot use additional WCF facilities, such as diagnostics and performance counters. To enable usage in a partially trusted environment, the System.ServiceModel assembly allows for partial trust callers by including the AllowPartiallyTrustedCallers attribute as part of the assembly definition:

[assembly: AllowPartiallyTrustedCallers]

In the first release of WCF, omitting this attribute precluded all partial trust use. In .NET 3.5, enforcing the limited set of supported features is now the responsibility of the bindings. Each non-HTTP binding actively demands full trust of its caller, be it the client proxy or the service host. The allowed HTTP bindings themselves do not demand full trust, but instead demand permissions according to the context of use. On the client side, the allowed HTTP bindings demand permission to execute (security permission with execution flag) and permission to connect ...