ASP Web Hosting | Windows Hosting Technology News

ASP Hosting – Does Your ASP Hosting Plan Support Full Trust Mode?

Posted on: April 17, 2009

ASP Hosting

ASP Hosting

Why you need to use Full Trust Mode for your application?

If you host multiple applications on the same server, you can use code access security and the medium trust level to provide application isolation. By setting and locking the trust level in the machine-level Web.config file, you can establish security policies for all Web applications on the server. Running at medium trust with ASP.NET version 2.0 is easier than with ASP.NET version 1.1 because when using ASP.NET 2.0, you have access to Microsoft SQL Server databases at medium trust.

To lock down an ASP.NET application and to provide an additional level of application isolation in a hosted environment, you can use code access security to restrict the resources the application can access and the privileged operations it can perform. You do this by configuring the
element as shown below.

Differences between ASP.NET version 1.1 and ASP.NET version 2.0 for the trust levels

1 – In ASP.NET versions 1.1 and 2.0, medium trust applications can access SQL Server databases because the SQL Server managed data provider does not demand full trust and SqlClientPermission is granted to medium trust applications.
2 – In .NET Framework version 2.0, the Oracle .NET data provider, the OLE DB .NET data provider, and the ODBC .NET data provider no longer demand full trust. This allows you to access SQL Server and other databases from partial trust applications. To use these providers from medium trust applications in ASP.NET, you need to customize policy and grant the appropriate permission: for example, OraclePermission, OleDbPermission or OdbcPermission.
3 – In ASP.NET version 2.0, SmtpPermission is available at full, high, and medium trust levels. This allows applications to send e-mail.
4 – In ASP.NET version 1.1, you had to grant code full trust to access the event log. This is no longer required in ASP.NET version 2.0, although you must still create a custom trust policy file to grant the EventLogPermission, as described later in this document.

ASP Medium Trust Summary

The main constraints placed on medium trust Web applications are:

1 – OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.
2 – EventLogPermission is not available. This means you cannot access the Windows event log.
3 – ReflectionPermission is not available. This means you cannot use reflection.
4 – RegistryPermission is not available. This means you cannot access the registry.
5 – WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the
element.
6 – FileIOPermission is restricted. This means you can only access files in your application’s virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application’s virtual directory hierarchy.

You are also prevented from calling unmanaged code or from using Enterprise Services.

How to implement Full Trust Mode for your application?

The best approach is to target your trust level before you begin design and development work and to design and develop specifically for this trust level. Common causes of security exceptions when you switch an existing application to medium trust include:

1 – Calling unmanaged code.
2 – Accessing the registry.
3 – Writing to the event log.
4 – Connecting to databases other than SQL Server.
5 – Accessing Web resources on remote servers.
6 – Accessing the file system beyond your application’s virtual directory hierarchy.

You can always seek for expert assistance on setup and implementing full trust mode for your ASP.NET application. But you have to make sure your hosting plan support full trust mode as some of the web hosting plan out there are not full trust mode compatible.

Visit SeekDotNet.com, one of the leading ASP hosting provider for advice on ASP.NET hosting plan that supported full trust mode and get 3 months free on the web hosting plan today.

Advertisements

1 Response to "ASP Hosting – Does Your ASP Hosting Plan Support Full Trust Mode?"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow SeekDotNet on Twitter

Web Hosting Categories

Top Clicks

  • None
April 2009
M T W T F S S
« Mar   May »
 12345
6789101112
13141516171819
20212223242526
27282930  
%d bloggers like this: