Can someone explain ASP.NET trust levels to me?

Question

I\'ve heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.

Answer 1

The problem with Trust levels is that so many plugins require elevated permissions that certain types of applications simply won't work under it.

I've personally seen Crystal Reports and a HTML to PDF conversion tool fail under Medium Trust - FileIOPermission is required to the Temp folder outside of your applications virtual directory. I've also seen issues with TCP Socket connections blocked because of certain Trust levels.

I actually had a rather annoying catch 22 situation with a web application last year where Medium Trust was required for security, but so was writing to the Event Log!

Fortunately you can overwrite Trust levels in your machine.config on the server (if you have access to it), or your web.config if your server is configured to allow it overwrite the machine.config file.

Doing that sort of defeats the purpose of fixed Trust levels though...