trust Element (ASP.NET Settings Schema)

Configures the level of code access security (CAS) that is applied to an application. Use this element, if you want to run a Web application that has less than Full trust.

configuration Element (General Settings Schema)
  system.web Element (ASP.NET Settings Schema)
    trust Element (ASP.NET Settings Schema)

<trust 
   hostSecurityPolicyResolverType ="security policy resolution type"
   legacyCasModel = "[True|False]"
   level="[Full|High|Medium|Low|Minimal]" 
   originUrl="URL"
   permissionSetName = "name of the permission set"
   processRequestInApplicationTrust = "[True|False]" 
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

hostSecurityPolicyResolverType

Optional string attribute.

Specifies a custom security policy resolution type. When this attribute is set to an empty string, ASP.NET uses the default policy to determine an assembly's permissions. The default policy for evaluating permissions grants full trust to the Global Assembly Cache (GAC) assemblies and partial trust to the other assemblies.

This attribute cannot be set to a null value.

The default value is an empty string.

legacyCasModel

Optional Boolean attribute.

Specifies whether the legacy code access (CAS) security is enabled.

When legacy code access security is enabled, the following security rules apply:

  • Code access security (CAS) policy is established from the combination of machine policy and the specified ASP.NET partial-trust policy file.

  • Partial-trust application domains revert to being full trust at the application-domain level.

  • The legacy partial-trust files in the CONFIG directory of the .NET Framework install directory are used instead of the new partial-trust configuration files located in the same directory. The legacy files include the membership conditions that were found in the .NET Framework version 1.1 or the .NET Framework 2.0 SP1.

  • Additional membership conditions to evaluate permissions are applied. These conditions are defined in ASP.NET partial-trust files. The CONFIG directory that ships with the .NET Framework 4 release contains legacy partial trust policy files. These files have legacy in their name and contain the .NET Framework 2.0 SP1 sections. These sections contain non-empty membership conditions that are needed to evaluating CAS policy against assemblies.

  • If the ASP.NET application is running in partial trust and the security policy file for the trust level maps to one of the default partial-trust configuration files, ASP.NET automatically chooses the corresponding legacy configuration file. For example, if the security policy would ordinarily be loaded from Web_mediumtrust.config, in legacy mode ASP.NET instead loads security policy from Legacy.web_mediumtrust.config.

The default value is false.

level

Required String attribute.

Specifies the trust level under which the application will run. Each trust level is mapped to an individual XML policy file that uses a trustLevel element in the configuration file. The policy file lists the set of permissions that are granted by each trust level. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files.

This attribute can be a user-defined value, if there is a matching security policy mapping defined in a trustLevel element in the securityPolicy Element (ASP.NET Settings Schema) element or one of the following possible values, in increasing order of restrictiveness.

ValueDescription
Full Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported. This setting is named Unrestricted in the AspNetHostingPermissionLevel enumeration.
High Specifies a high level of code access security, which means that the application cannot do any one of the following things by default:
  • Call unmanaged code.

  • Call serviced components.

  • Write to the event log.

  • Access Microsoft Message Queuing queues.

  • Access ODBC, OleDb, or Oracle data sources.

Medium Specifies a medium level of code access security, which means that, in addition to the restrictions for High, the ASP.NET application cannot do any of the following things by default:
  • Access files outside the application directory.

  • Access the registry.

  • Make network or Web service calls (using the System.Net.HttpWebRequest class, for example).

Low Specifies a low level of code access security, which means that, in addition to the restrictions for Medium, the application cannot do any of the following things by default:
  • Write to the file system.

  • Call the Assert method.

Minimal Specifies a minimal level of code access security, which means that the application has only execute permissions.

The default is Full (no restrictions).

originUrl

Optional String attribute.

Specifies a URL for use with the restricted WebPermission permission that is configured in Medium trust. If present, this can be used for some classes, such as HttpWebRequest, that allow connectivity to only specific URLs that are specified by a WebPermission. This allows permissions that rely on the notion of a host to function correctly.

permissionSetName

Optional string attribute.

Specifies the name of the permission set.

The default value is "ASP.Net".

processRequestInApplicationTrust

Optional Boolean attribute.

Specifies whether page requests are automatically restricted to the permissions that are configured in the trust policy file that is applied to the ASP.NET application.

Trust policy files are specified in trustLevel elements in the securityPolicy element. A single trust policy is applied to an ASP.NET application by using the level attribute of the trust element.

If set to False, ASP.NET requests can potentially execute under Full trust, even if the level attribute specifies a different trust level. Unless there are specific reasons for doing this, do not reset this attribute from the default of true.

This attribute is new in the .NET Framework version 2.0.

The default is True.

Child Elements

None.

Parent Elements

Element

Description

configuration

Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.

system.web

Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

Remarks

The trust element configures the level of code access security (CAS) that is applied to an application. Security policy files are mapped to trust level names in the securityPolicy collection element. The policy file lists the set of permissions that are granted by the trust level. The trust element specifies which trust level to apply to the ASP.NET application. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files.

By default, Web applications run with Full trust. Full-trust applications are granted unrestricted code access permissions by code access security policy. These permissions include built-in system and custom permissions. This means that code access security will not prevent your application from accessing any secured resources. The success or failure of the resource access attempt is determined purely by operating system-level security. If an application is configured with a trust level other than Full, it is referred to as a partial-trust application. Partial-trust applications have restricted permissions, which limit access to secured resources for the application.

For improved security in a hosted environment, use the location element in the root Web.config file to enclose securityPolicy and trust elements for hosted applications and the allowOverride="False" attribute to prevent applications from overriding the settings in a more local Web.config file. You can optionally make use of multiple location elements, each with a different path attribute, if you want to configure different trust levels for different hosted applications. For an example of this kind of configuration, see "Example," later in this topic.

Note

Web applications that are built on the .NET Framework version 1.0 always run with Full trust because the types in System.Web demand full-trust callers. When you upgrade to a newer version of the .NET Framework, do not change the trust level without testing any previously existing applications.

Default Configuration

The following default trust element is configured in the root Web.config file.

<location allowOverride="true">
<system.web>
   <securityPolicy>
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low" policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
   </securityPolicy>
   <trust 
      level="Full" 
      originUrl="" 
      processRequestInApplicationTrust="true" 
   />
</system.web>
</location>

Example

The following code example demonstrates how to use a root Web.config file to specify Medium trust level settings for all ASP.NET applications on the server and the location element to lock the settings. Another location element in the same configuration file is used to allow the Web.config file for the Default Web Site/Temp application to override the settings in the root Web.config file.

<location allowOverride="false">
  <system.web>
    <securityPolicy>
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low"  policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
    </securityPolicy>
  </system.web>
</location>

<location allowOverride="false">
  <system.web>
    <trust level="Medium" originUrl="" />
  </system.web>
</location>

<location allowOverride="true" path="Default Web Site/Temp">
  <system.web>
    <trust level="Medium" originUrl="" />
  </system.web>
</location>

Element Information

Configuration section handler

TrustSection

Configuration member

AspNetHostingPermission

Configurable locations

Machine.config

Root-level Web.config

Application-level Web.config

Requirements

Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0

The .NET Framework version 1.0, 1.1, or 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005

See Also

Tasks

How to: Configure Specific Directories Using Location Settings

How to: Lock ASP.NET Configuration Settings

Reference

system.web Element (ASP.NET Settings Schema)

configuration Element (General Settings Schema)

trustLevel Element for securityPolicy (ASP.NET Settings Schema)

securityPolicy Element (ASP.NET Settings Schema)

System.Configuration

System.Net.Configuration

TrustSection

AspNetHostingPermission

Concepts

ASP.NET Trust Levels and Policy Files

ASP.NET Trust Levels and Policy Files

Administering Security Policy

Securing ASP.NET Configuration

ASP.NET Configuration Scenarios

Other Resources

ASP.NET Web Application Security

General Configuration Settings (ASP.NET)

ASP.NET Configuration Settings

ASP.NET Web Site Administration

ASP.NET Configuration Files

ASP.NET Configuration API