Information
An application's trust level determines the permissions that are granted by the ASP.NET code access security (CAS) policy. CAS defines two trust categories: full trust and partial trust. An application that has full trust permissions may access all resource types on a server and perform privileged operations, while applications that run with partial trust have varying levels of operating permissions and access to resources.
The possible values for the Level property of the TrustSection class are:
Full: Specifies unrestricted permissions and grants the ASP.NET application permissions to access any resource that is subject to operating system security; all privileged operations are supported
High: specifies a high level of code access security which limits the application from doing the following:
Call unmanaged code
Call serviced components
Write to the event log
Access Microsoft Windows Message Queuing queues
Access ODBC, OLD DB, or Oracle data sources
Medium: specifies a medium level of code access security, which means that in addition to the restrictions for High, the ASP.NET application cannot do any of the following things:
Access files outside the application directory
Access the registry
Low: specifies a low level of code access security, which means that in addition to the restrictions for Medium, the application is prevented from performing any of the following actions:
Write to the file system
Call the System.Security.CodeAccessPermission.Assert method to expand permissions to resources
Minimal: specifies a minimal level of code access security, which means that the application has only execute permission
It is recommended that the global .NET Trust Level be set to Medium or lower.
Rationale:
The CAS determines the permissions that are granted to the application on the server. Setting a minimal level of trust that is compatible with the applications will limit the potential harm that a compromised application could cause to a system.
Impact:
If not set properly, the application may not run.
Solution
Trust level can be set by using the UI, running appcmd.exe commands, by editing configuration files directly, or by writing WMI scripts. To set the .Net Trust Level to Medium at the server level using an appcmd.exe command:
%systemroot%\system32\inetsrv\appcmd set config /commit:WEBROOT /section:trust /level:Medium
When Appcmd.exe is used to configure the element at the global level in IIS, the /commit:WEBROOT switch must be included so that configuration changes are made to the root web.config file instead of ApplicationHost.config.
OR
Enter the following command in PowerShell to configure:
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter 'system.web/trust' -name 'level' -value 'Medium'
Default Value:
By default, ASP.NET web applications run under the full trust setting.