Wednesday, September 19, 2007

* ASP.NET : Partial Trust Environment

ASP.NET runtime allows server administrators to configure runtime so that various applications can run in various levels of isolation and with various permissions.

  • This is most relevant in shared hosting kind of scenarios.
  • The various levels of trust available are : Full|High|Medium|Low|Minimal
  • By 'Partial Trust' means, server admin trust the applications hosted in web server only partially and so applications cannot perform lot of low level functions and do not have access to lot of system resources.
  • For each level the various kinds of restrictions are applied on applicaitons.
  • "Full" trust means that applications are assumed to be fully trusted and so have full permissions and access to all system resources.
  • These permission are independent of what Operating System allows applications to do.
  • The trust level at machine level can be configured using machine level web.config.

<location allowOverride="true">
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low" policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>

  • 'allowOverride' determines whether the machine level web.config can override the settings in machine level web.config. 'False' means NO.
  • The permissions granted as part of various levels can be configured using the config files mentioned in <securityPolicy> section.
  • Custom policies can also be created and registered.
  • <trust> element can be used to configure the current level.
  • So, when you deploy your applications in third party servers or production servers, make sure that you test your applications with their security configuration first.
  • While these settings determine the permissions given to hosted applications in web server, they are independent of how your applications react to partial trusted callers.
  • On broad level this is covered under 'Code Access Security' .
  • By default under 'medium'  level, the application cannot do any of the following :
      • Call unmanaged code.

      • Call serviced components.

      • Write to the event log.

      • Access Microsoft Message Queuing queues.

      • Access ODBC, OleDb, or Oracle data sources.

No comments:

Post a Comment