This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut. Original Post: ASP.NET 2.0 Partial Trust Web Sites Feed Title: Robert Hurlbut's .Net Blog Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases Latest .NET Buzz Posts Latest .NET Buzz Posts by Robert Hurlbut Latest Posts From Robert Hurlbut's .Net Blog

Prompted by Dinis Cruz's question on my CLR Hosting in Whidbey/2.0 post, I checked if it is now easier to create Partial-trust ASP.NET web sites in 2.0. Fortunately, it appears that it is.

By default, ASP.NET sites run and are built as "Full Trust" sites. This means a web application has full access to the machine's resources. That may be OK if you are hosting the site on your own server (I would still caution running with "Full trust" on your own server as well!), but what if you are hosting your web application on a shared server such as at an ISP with multiple other companies and people you don't know hosting their site as well?  If each ASP.NET web site is running with Full Trust (and using the same Windows user), one web application could read the files from another application's folder, i.e. web.config!

In ASP.NET 1.0, you could only run your web applications with Full Trust. In ASP.NET 1.1, this was fixed slightly by allowing web applications to run in partial-trust mode. The standard trust levels are "Full", "High", "Medium", "Low", and "Minimal". The problem with 1.1, though, was that you had to set this trust level at machine level, i.e. machine.config. And, of course, that would affect the entire machine. If you reset the level at the top, many web applications that were running correctly would probably start throwing exceptions as it does take some extra coding to get partial-trust sites to run correctly.

For this reason and others, ISPs usually don't bother setting this up globally. Interestingly, many don't allow you to have your own process space and Windows user for your site. Keith Brown mentioned this issue in his article on Beware of Fully Trusted Code. So, what can you do?

As I mentioned, in ASP.NET 2.0, this seems to be a little better. Now, you can set the trust level at the web application level! This article ASP.NET Code Access Security (from the .NET 2.0 Beta docs) mentions this key line:

   The <trust> configuration tag can apply to the machine level or to any application root directory in the hierarchy.

I tested this in 1.1 just to be sure, and it was ignored, but in 2.0, it works as expected. In both cases I created a sample web application called TestPartialTrust (under localhost). I added this line

   <trust level="High" originUrl="http://localhost/TestPartialTrust"/>

(this is placed inside the System.Web tag)

In my test, I tried reading from the registry. A site set with Full Trust allows this, but anything below Full Trust will fail. This worked as expected in 2.0 with the above setting in web.config: 

   Error occured in attempting to read from the Registry: System.Security.SecurityException: Request for the permission of type System.Security.Permissions.RegistryPermission

This is good news! Now, developers have an even better reason to learn how to write real partial-trust applications!