Programming Microsoft ASP.NET 4 - Dino Esposito [410]
The problem is not with the ASP.NET application itself, but with the fact that it is publicly exposed over the Internet—one of the most hostile environments for computer security you can imagine. If a fully trusted ASP.NET account is hijacked, a hacker can perform restricted actions from within the worker thread. In other words, a publicly exposed, fully trusted application is a potential platform for hackers to launch attacks. The less an application is trusted, the more secure that application happens to be.
The By tweaking the Table 19-2 describes the levels of trust available. Table 19-2. Levels Permitted in the Level Description Full Applications run fully trusted and can execute arbitrary native code in the process context in which they run. This is the default setting. High Code can use most permissions that support partial trust. This level is appropriate for applications you want to run with least privilege to mitigate risks. Medium Code can read and write its own application directories and can interact with databases. Low Code can read its own application resources but can’t interact with resources located outside of its application space. Minimal Code can’t interact with any protected resources. Appropriate for nonprofessional hosting sites that simply intend to support generic HTML code and highly isolated business logic. Admittedly, restricting the set of things an application can do might be painful at first. However, in the long run (read, if you don’t just give up and deliver the application), it produces better and safer code. Note The ASP.NET Permissions Table 19-3. Main Permissions in ASP.NET Trust Levels High Medium Low Minimal FileIO Unrestricted Read/Write to application’s space Read None IsolatedStorage Unrestricted ByUser ByUser (maximum of 1 MB) None Printing DefaultPrinting Same as High None None Security Assertion, Execution, ControlThread, ControlPrincipal Same as High Execution Execution SqlClient Unrestricted Unrestricted (no blank password allowed) None None Registry Unrestricted None None None Environment Unrestricted None None None Reflection ReflectionEmit None None None Socket Unrestricted None None None Web Unrestricted Connect to origin host, if configured Same as Medium None More detailed information about the permissions actually granted to the default trust levels are available in the security configuration files for each level. The name of the file for each level is stored in the In the end, full-trust applications run unrestricted. High-trust applications have read/write permission for all the files in their application space. However, the physical access
By default, ASP.NET applications run unrestricted and are allowed to do whatever their account is allowed to do. The actual security restrictions that sometimes apply to ASP.NET applications (for example, the inability to write files) are not a sign of partial trust, but more simply the effect of the underprivileged account under which ASP.NET applications normally run.
Let’s review in more detail the permission granted to ASP.NET applications when the various trust levels are applied. Key ASP.NET permissions for each trust level are outlined in Table 19-3.