How do I use code access security with ASP.NET?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

You can use code access security to restrict the capabilities of Web applications. This is particularly useful for ISPs who need to host multiple applications from different companies. They can use code access security to create a sandboxed execution environment to provide application isolation. This feature is also useful on intranet servers that host multiple applications.

To use code access security in ASP.NET you should:

  • Evaluate your application's permission requirements
  • Choose a trust level
  • Configure your application to use that level

To configure your application to use a specfic trust level

  • Evaluate the required permissions. You can do this by either doing a manual code review, or by using the PermCalc tool to help calculate the required permissions.
  • Choose a standard trust level (High, Medium, Low or Minimal) that meets application requirements. Ensure that you don’t grant more permissions than needed. If you don’t find a perfect match with standard trust levels, create a custom trust policy to meet application requirements. See How do I create a custom trust level for ASP.NET?
  • Configure the application to use the trust level as shown here.
           <system.web>
           ...
             <trust level="Medium" originUrl="" />
           ...
           </system.web>
           ...
Personal tools