ASP.NET trust level is the file permission set in the Config directory, which makes it possible for you to set the security rules of your site. Trust level has something to do with policy files as well as Security Policy configuration element, and will influence the ability of web applications as what they can do and what they can’t do. In addition, there are 5 different trust levels of ASP.NET: full, high, medium, low and minimal. We are going to develop this posts with three parts.
Kinds of ASP.NET Trust Level
Full ASP.NET Trust Level
Full ASP.NET trust level allows website owners to have entire permission to the web applications provided by those web-hosting providers, with which they can execute in their own web hosting accounts and take advantage of all resources that are subject to operating system security at their option. For instance, users can be allowed to write and read files that not pertain to the virtual directories and execute any local code they need.
Note that, if you use shared hosting, it’s not favorable for you to choose full trust level unless each of the website has its own independent application pool and identity. Each Zhuji91 Windows web hosting package comes with a dedicated application pool, so with us, you are able to enjoy the advantages of full trust level.
High ASP.NET Trust Level
High ASP.NET trust level offers the same application rights as the full ASP.NET trust level but has restriction with COM Interop and unmanaged code. Besides, high ASP.NET trust level has other limitations, such as no rights to approach to OlEDB, ODBC, Oracle and Message Queuing service. This level is rather advisable for those who run authentic applications but hope to reduce risks with limited accesses.
Medium ASP.NET Trust Level
Under medium trust level, users’ rights are limited compared with high trust level. Users with medium trust level can only read and write on the directories that are associated with them, and those application directories can also interact with MSSQL database.
Furthermore, users are not granted rights to access to OlEDB, ODBC and the event blog. Therefore, you’re recommended to set this mostly on shared hosting server for it allows connections to SQL server files but withholds the user rights to root structure of a web application.
Low ASP.NET Trust Level
Low trust level only allows users to read codes that are in their application directories, but not permits them to go deep into other system resources any longer nor connect a database or to the network. Therefore, with low trust level, users can hide applications in the settled directories.
Minimal ASP.NET Trust Level
Minimal trust level just enables users to operate code. As for any interaction with recourse that is protective, is absolutely not permitted. Therefore, this minimal ASP.NET trust level is suitable for hosting sites with a high number of websites.
How Trust Levels Affect Your Site?
As it is shown above, ASP.NET trust levels do have impacts on your websites. That’s to say, different ASP.NET trust levels provide different share of permission on the performance of web applications, so they can accordingly guard your websites against damage caused by other undesirable websites.
We know that full ASP.NET trust level has no limitation to web applications, and provides web users with much convenience. However, it may also generate the highest risk when hackers invade your servers and lead to great losses and damages to your websites.
What’s more, the obvious impact of high ASP.NET trust level that has on your site is the inability to access some files, but the risks of it is relatively lower. As for medium ASP.NET trust level, rights provided are further reduced. Users can only read and write the code in its application. The effect of the low ASP.NET trust level is that you can only read the code on its own application. Users do not have access to resources or networks. As for minimal ASP.NET trust level, it only gives you the right to operate code.
How to Select One?
Actually, not every website has the need to set full ASP.NET trust level, hence, you’d better choose ASP.NET trust level based on the requirements of your website. An ASP.NET trust level may have effect on one website on a specific host but fail to have the same effect from a different host. What’s more, as provider of the asp.net hosting service configures the parameter in advance, therefore before you decide which trust level to choose, you must verify your web host with a suitable ASP.NET trust level.