TrustSection.LegacyCasModel Property


Gets or set a value that indicates whether the legacy code access security is enabled.

 property bool LegacyCasModel { bool get(); void set(bool value); };
[System.Configuration.ConfigurationProperty("legacyCasModel", DefaultValue=false)]
public bool LegacyCasModel { get; set; }
[<System.Configuration.ConfigurationProperty("legacyCasModel", DefaultValue=false)>]
member this.LegacyCasModel : bool with get, set
Public Property LegacyCasModel As Boolean

Property Value


true if legacy code access security is enabled; otherwise, false. The default is false.



When legacy code access security is enabled, the following security rules apply:

  • Code access security (CAS) policy is established from the combination of machine policy and the specified ASP.NET partial trust policy file.

  • Partial trust application domains revert to being full trust at the application domain level.

  • The legacy partial trust files located in the CONFIG directory in the .NET Framework install directory are used instead of the new partial trust configuration files that are located in the same directory. The legacy files include the membership conditions that were found in the .NET Framework 1.1 or .NET Framework 2.0 SP1 versions of the .NET Framework.

  • Additional membership conditions to evaluate permissions are applied, as defined in ASP.NET partial trust files. The CONFIG directory that ships with the .NET Framework 4 release contains legacy partial-trust policy files. The names of these files include the string "legacy" and contain the .NET Framework 2.0 SP1 sections. These sections contain non-empty membership conditions that are needed to evaluating CAS policy against assemblies.

  • If the ASP.NET application is running in partial trust and the security policy file for the trust level maps to one of the default partial trust configuration files, ASP.NET automatically chooses the corresponding legacy configuration file. For example, if the security policy would ordinarily be loaded from Web_mediumtrust.config, then in legacy mode ASP.NET will instead load security policy from Legacy.web_mediumtrust.config.

Applies to