Developing Sample Asp Website and Apps in Medium Trust Hosting Environment

Designing and developing sample ASP website or web apps for medium trust level may be a better idea rather than running them under full trust, as they may tend to have unrestricted access under the full trust level. Here are some important considerations that must be kept in mind, while working with medium trust level.

The first and the foremost thing that you need to do is to identify type of resources required by your application (i.e. that it needs to access). Next, you should consider the privileged operations that will be performed by the ASP.NET web app that you’re developing.

In a shared hosting environment, you may need full trust hosting, so it is good to look for ASP.NET full trust hosting, which gives web.config full trust, SharePoint full trust, and IIS full trust access privileges. But, when you’re building ASP.NET web apps, or sample ASP website it is advisable to design them to work under ASP.NET medium trust level in order to minimize the unforeseen problems created due to unrestricted access under full trust level.

Security exceptions are main reasons that even sometimes force you to switch from full trust level to medium trust level.

So, here are some of the common problems that ASP.NET medium trust apps don’t pose –

• Calling unmanaged code
• Connecting to unintended databases other than SQL Server
• Writing to the event log
• Accessing Web resources on remote servers
• Accessing the registry
• Accessing the file system beyond your application’s virtual directory hierarchy

Using Code Access Security in ASP.NET 2.0

Firstly, you should take a look at the permissions available at medium trust. You can do so by opening and examining the web_MediumTrust.config file.

It is located under the following folder: %windir%\Microsoft.NET\Framework\{Version}\CONFIG.

Now, you’re good to configure your application’s Web.config file for medium trust, and set the development environment.

Note: This must be done at the beginning of the development process, in order to quickly identify the permission requests that are failing, along with other sources of problems, which may pose greater problems later on.

If you’re planning to change the trust level of existing applications, you may consider using the Permcalc tool. However, before you make any changes to force an existing app to run at medium trust, you should do this only after verifying that all code paths have been executed through your application.

Caution: Without testing this, running your ASP.NET web app in medium trust level may cause unforeseen security exceptions, and you must not do it on your sample Asp website either!