JavaScript Editor jscript editor     Web designer 



Main Page

Trust levels are associated with policy files using the <securityPolicy> configuration element, which is valid only in a site-level configuration (Web.config) file. You can add or remove trust levels by adding entries to the configuration section that specify the trust level name and the policy file to be used. The default trust files are installed in the Config directory under the folder containing the Aspnet_isapi.dll file. This is the same location used for the Machine.config configuration file and the run-time security policy file.

The Full trust Level is a special case. Because it is exactly equivalent to having full trust in the local machine zone, the ASP.NET host does not apply any additional policy to these applications. Therefore, the Full trust level is mapped to an internal handler and the host does not add additional policy to the application domain for full-trust applications.

The following example shows the securityPolicy section of a configuration file that maps trust levels to different policy files.

В CopyCode imageCopy Code
<system.web>
  <securityPolicy>
    <trustLevel name="Full"    policyFile="internal"/>
    <trustLevel name="High"    policyFile="web_hightrust.config"/>
    <trustLevel name="Medium"  policyFile="web_mediumtrust.config"/>
    <trustLevel name="Low"     policyFile="web_lowtrust.config"/>
    <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
  </securityPolicy>
</system.web>

If you do not want applications to be able to specify their own trust level, you can specify a <location> directive and set the allowOverride attribute to false. You might do this on a server that hosts multiple applications and that needs to limit the trust level of the hosted applications.

In order to preserve the default settings, ASP.NET ships two copies of each file that contains trust level settings. One copy is named with the extension .config, as shown in the configuration section earlier. The .config file contains the settings for each trust level used by the system. The second copy is named with the extension .config.default and contains the default settings for the related trust level. If the current trust level settings have been modified, and you want to restore the default settings, you can replace the contents of the .config file with the contents of the .config.default file.

See Also



JavaScript Editor jscript editor     Web designer