trust Element (ASP.NET Settings Schema)

<trust>

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework General Reference

trust Element (ASP.NET Settings Schema)

Configures the level of code access security (CAS) that is applied to an application. Use this element, if you want to run a Web application that has less than Full trust.

configuration Element (General Settings Schema)
system.web Element (ASP.NET Settings Schema)
trust Element (ASP.NET Settings Schema)

<trust 
   level="[Full|High|Medium|Low|Minimal]" 
   originUrl="URL"
   processRequestInApplicationTrust = "[True|False]" 
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute	Description
level	Required String attribute. Specifies the trust level under which the application will run. Each trust level is mapped to an individual XML policy file using a trustLevel element in the configuration file. The policy file lists the set of permissions that are granted by each trust level. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files. This attribute can be a user-defined value, if there is a matching security policy mapping defined in a trustLevel element in the securityPolicy Element (ASP.NET Settings Schema) element or one of the following possible values, in increasing order of restrictiveness. Value Description Full Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported. This setting is named Unrestricted in the AspNetHostingPermissionLevel enumeration. High Specifies a high level of code access security, which means that the application cannot do any one of the following things by default: Call unmanaged code. Call serviced components. Write to the event log. Access Microsoft Message Queuing queues. Access ODBC, OleDb, or Oracle data sources. Medium Specifies a medium level of code access security, which means that, in addition to the restrictions for High, the ASP.NET application cannot do any of the following things by default: Access files outside the application directory. Access the registry. Make network or Web service calls (using the HttpWebRequest class, for example). Low Specifies a low level of code access security, which means that, in addition to the restrictions for Medium, the application cannot do any of the following things by default: Write to the file system. Call the Assert()()() method. Minimal Specifies a minimal level of code access security, which means that the application has only execute permissions. The default is Full (no restrictions).
originUrl	Optional String attribute. Specifies a URL for use with the restricted WebPermission permission that is configured in Medium trust. If present, this can be used for some classes, such as HttpWebRequest, that allow connectivity to only specific URLs that are specified by a WebPermission. This allows permissions that rely on the notion of a host to function correctly.
processRequestInApplicationTrust	Optional Boolean attribute. Specifies whether page requests are automatically restricted to the permissions that are configured in the trust policy file that is applied to the ASP.NET application. Trust policy files are specified in trustLevel elements in the securityPolicy element. A single trust policy is applied to an ASP.NET application by using the level attribute of the trust element. If set to False, ASP.NET requests can potentially execute under Full trust, even if the level attribute specifies a different trust level. Unless there are specific reasons for doing this, do not reset this attribute from the default of true. This attribute is new in the .NET Framework version 2.0. The default is True.

Attribute

Description

level

Required String attribute.

Specifies the trust level under which the application will run. Each trust level is mapped to an individual XML policy file using a trustLevel element in the configuration file. The policy file lists the set of permissions that are granted by each trust level. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files.

This attribute can be a user-defined value, if there is a matching security policy mapping defined in a trustLevel element in the securityPolicy Element (ASP.NET Settings Schema) element or one of the following possible values, in increasing order of restrictiveness.

Value Description

Full Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported. This setting is named Unrestricted in the AspNetHostingPermissionLevel enumeration.

High Specifies a high level of code access security, which means that the application cannot do any one of the following things by default:

Call unmanaged code.
Call serviced components.
Write to the event log.
Access Microsoft Message Queuing queues.
Access ODBC, OleDb, or Oracle data sources.

Medium Specifies a medium level of code access security, which means that, in addition to the restrictions for High, the ASP.NET application cannot do any of the following things by default:

Access files outside the application directory.
Access the registry.
Make network or Web service calls (using the HttpWebRequest class, for example).

Low Specifies a low level of code access security, which means that, in addition to the restrictions for Medium, the application cannot do any of the following things by default:

Write to the file system.
Call the Assert()()() method.

Minimal Specifies a minimal level of code access security, which means that the application has only execute permissions.

The default is Full (no restrictions).

originUrl

Optional String attribute.

Specifies a URL for use with the restricted WebPermission permission that is configured in Medium trust. If present, this can be used for some classes, such as HttpWebRequest, that allow connectivity to only specific URLs that are specified by a WebPermission. This allows permissions that rely on the notion of a host to function correctly.

processRequestInApplicationTrust

Optional Boolean attribute.

Specifies whether page requests are automatically restricted to the permissions that are configured in the trust policy file that is applied to the ASP.NET application.

Trust policy files are specified in trustLevel elements in the securityPolicy element. A single trust policy is applied to an ASP.NET application by using the level attribute of the trust element.

If set to False, ASP.NET requests can potentially execute under Full trust, even if the level attribute specifies a different trust level. Unless there are specific reasons for doing this, do not reset this attribute from the default of true.

This attribute is new in the .NET Framework version 2.0.

The default is True.

Child Elements

None.

Parent Elements

Element	Description
configuration	Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.
system.web	Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

Remarks

The trust element configures the level of code access security (CAS) that is applied to an application. Security policy files are mapped to trust level names in the securityPolicy collection element. The policy file lists the set of permissions that are granted by the trust level. The trust element specifies which trust level to apply to the ASP.NET application. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files.

By default, Web applications run with Full trust. Full-trust applications are granted unrestricted code access permissions by code access security policy. These permissions include built-in system and custom permissions. This means that code access security will not prevent your application from accessing any secured resources. The success or failure of the resource access attempt is determined purely by operating system-level security. If an application is configured with a trust level other than Full, it is referred to as a partial-trust application. Partial-trust applications have restricted permissions, which limit access to secured resources for the application.

For improved security in a hosted environment, use the location element in the root Web.config file to enclose securityPolicy and trust elements for hosted applications and the allowOverride="False" attribute to prevent applications from overriding the settings in a more local Web.config file. You can optionally make use of multiple location elements, each with a different path attribute, if you want to configure different trust levels for different hosted applications. For an example of this kind of configuration, see "Example," later in this topic.

Note:
Web applications that are built on the .NET Framework version 1.0 always run with Full trust because the types in System.Web demand full-trust callers. When you upgrade to a newer version of the .NET Framework, do not change the trust level without testing any previously existing applications.

Default Configuration

The following default trust element is configured in the root Web.config file.

<location allowOverride="true">
<system.web>
   <securityPolicy>
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low" policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
   </securityPolicy>
   <trust 
      level="Full" 
      originUrl="" 
      processRequestInApplicationTrust="true" 
   />
</system.web>
</location>

Example

The following code example demonstrates how to use a root Web.config file to specify Medium trust level settings for all ASP.NET applications on the server and the location element to lock the settings. Another location element in the same configuration file is used to allow the Web.config file for the Default Web Site/Temp application to override the settings in the root Web.config file.

<location allowOverride="false">
  <system.web>
    <securityPolicy>
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low"  policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
    </securityPolicy>
  </system.web>
</location>

<location allowOverride="false">
  <system.web>
    <trust level="Medium" originUrl="" />
  </system.web>
</location>

<location allowOverride="true" path="Default Web Site/Temp">
  <system.web>
    <trust level="Medium" originUrl="" />
  </system.web>
</location>

Element Information

Configuration section handler	TrustSection
Configuration member	AspNetHostingPermission
Configurable locations	Machine.config Root-level Web.config Application-level Web.config
Requirements	Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0 The .NET Framework version 1.0, 1.1, or 2.0 Microsoft Visual Studio 2003 or Visual Studio 2005

System.Configuration

System.Net.Configuration

TrustSection

AspNetHostingPermission

Other Resources

ASP.NET Web Application Security

General Configuration Settings (ASP.NET)

ASP.NET Configuration Settings

Administering ASP.NET Web Sites

ASP.NET Configuration Files

ASP.NET Configuration API

Attributes

Child Elements

Parent Elements

Default Configuration

Tasks

Concepts

Reference

Other Resources