ASP.NET Trust Levels and Policy Files

Trust levels are associated with policy files using the <securityPolicy> configuration element, which is valid only in a site-level configuration (Web.config) file. You can add or remove trust levels by adding entries to the configuration section that specify the trust level name and the policy file to be used. The default trust files are installed in the Config directory under the folder containing the Aspnet_isapi.dll file. This is the same location used for the Machine.config configuration file and the run-time security policy file.

The Full trust Level is a special case. Because it is exactly equivalent to having full trust in the local machine zone, the ASP.NET host does not apply any additional policy to these applications. Therefore, the Full trust level is mapped to an internal handler and ASP.NET does not add additional policy to the application domain for full-trust applications.

The following example shows the securityPolicy section of a configuration file that maps trust levels to different policy files.

<system.web>
    <securityPolicy>
    <trustLevel name="Full"    policyFile="internal"/>
    <trustLevel name="High"    policyFile="web_hightrust.config"/>
    <trustLevel name="Medium"  policyFile="web_mediumtrust.config"/>
    <trustLevel name="Low"     policyFile="web_lowtrust.config"/>
    <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
    </securityPolicy>
</system.web>

If you do not want applications to be able to specify their own trust level, you can specify a <location> directive and set the allowOverride attribute to false. You might do this on a server that hosts multiple applications and that needs to limit the trust level of the hosted applications.

Modifying Trust-Level Files

You can alter the policy files or create new ones with custom permission sets. For example, you can copy the contents of the Web_hightrust.config file and assign permission to make OLEDB connections by first adding the OleDbPermission class to the SecurityClasses section of the policy file, as shown in the following code example.

<SecurityClass Name="OleDbPermission" 
    Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, 
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

You can then specify the parameters for the specified OleDbPermission, including restrictions for OLEDB connection strings. Next, you can specify which permission sets include the OleDbPermission security class by adding an IPermission element to the PermissionSet element with a name of ASP.NET in the trust-policy file. For example, the following code example specifies that the only allowed OLEDB connection will grant unrestricted access to the Catalog.mdb Access database.

<PermissionSet
  class="NamedPermissionSet"
  version="1"
  Name="ASP.Net">
  <IPermission
    class="OleDbPermission"
    version="1"
    Unrestricted="true" />
</PermissionSet>

Some permissions, such as the OleDbPermission permission, allow you specify additional restrictions that narrow the access that is granted or denied. For example, the OleDbPermission permission allows you to grant access to make connections using the OLE DB .NET Framework Data Provider, but with restrictions on which OLEDB connection strings are allowed. The following code example specifies that the only allowed OLEDB connections to Access databases are allowed.

<IPermission class="OleDbPermission" version="1">
    <add ConnectionString=
        "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\access_data\catalog.mdb""
        KeyRestrictions=""data source=;user id=;password=;" 
        KeyRestrictionBehavior="AllowOnly"/>
</IPermission>

You can save your updated trust-policy file and put it in place of the current Web_hightrust.config file, or you can create a new trust-policy file and either specify that as the policy file for the High trust level, or create a new trust level as shown in the following code example.

    <trustLevel name="HighCustom"
    policyFile="web_highcustom.config"/>

In order to preserve the default settings, ASP.NET includes two copies of each file that contains trust-level settings. One copy is named with the file name extension .config, as shown in the configuration section earlier. The .config file contains the settings for each trust level used by the system. The second copy is named with the file name extension .config.default and contains the default settings for the related trust level. If the current trust-level settings have been modified and you want to restore the default settings, you can replace the contents of the .config file with the contents of the .config.default file.

For a more detailed description of managing a trust policy file, see "How to run in Medium trust" at Security Practices: ASP.NET 2.0 Security Practices at a Glance.

See Also

Concepts

ASP.NET Policy Mechanics

Other Resources

ASP.NET Web Application Security