Share via

trustLevel Element for securityPolicy (ASP.NET Settings Schema)

  • Article

Adds a mapping between a security policy file and a named security trust level to the collection of security policy mappings. The security policy file can then be applied to an ASP.NET application by specifying the trust level name in the level attribute of the trust element.

<trustLevel 
   name="trust level name" 
   policyFile="file name" 
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

name

Required String attribute.

Specifies a named security level that is mapped to a policy file.

This attribute can be either a user-defined value or one of the following possible values

Value Description

Full

Specifies that ASP.NET does not restrict security policy with an application domain–specific policy. There is no security policy file associated with Full. By default, this trust level name is mapped to "internal" in the policyFile attribute.

High

Specifies a high level of security for policy file mapping. By default, this trust level name is mapped to the Web_hightrust.config policy file.

Medium

Specifies a medium level of security for policy file mapping. By default, this trust level name is mapped to the Web_mediumtrust.config policy file.

Low

Specifies a low level of security for policy file mapping. By default, this trust level name is mapped to the Web_lowtrust.config policy file.

Minimal

Specifies a minimal level of security for policy file mapping. By default, this trust level name is mapped to the Web_minimaltrust.config policy file.

User Defined

Specifies the name of a user-defined trust level. For more information, see Administering Security Policy.

For an explanation about what each trust level allows, see AspNetHostingPermissionLevel or trust.

policyFile

Required String attribute.

Specifies the configuration file that contains security policy settings for the named security level. The configuration file must exist in the same directory as the configuration file that contains the trustLevel definition.

Child Elements

None.

Parent Elements

Element Description

configuration

Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.

system.web

Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

securityPolicy

Defines a collection of mappings between security policy files and the associated trust level names.

Remarks

You can extend the security system by providing your own named <trustLevel> element mapped to a file that is specified by the policyFile attribute. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files and Administering Security Policy.

Because ASP.NET treats Full trust as a special case, Full trust does not have an associated policy file. If Full is set, the ASP.NET host does not add extra application domain–level policy to the application. The Full trust level is always mapped to an internal handler and the policyFile attribute is ignored.

Default Configuration

The following default trustLevel elements are configured in the root Web.config file.

<location allowOverride="true">
<system.web>
   <securityPolicy>
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low" policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
   </securityPolicy>
   <trust 
      level="Full" 
      originUrl="" 
      processRequestInApplicationTrust="true" 
   />
</system.web>
</location>

Example

The following code example demonstrates how to specify a custom trust level name and policy file for an ASP.NET application, adding the security policy mapping to the inherited collection.

<securityPolicy>
   <trustLevel 
      name="CustomTrustLevel" 
      policyFile="customtrust.config"
   />
</securityPolicy>

Element Information

Configuration section handler

System.Web.Configuration.SecurityPolicySection

Configuration member

System.Web.Configuration.SecurityPolicySection.TrustLevels

System.Web.Configuration.TrustLevelCollection.Add(System.Web.Configuration.TrustLevel)

System.Web.Configuration.TrustLevel

Configurable locations

Machine.config

Root-level Web.config

Application-level Web.config

Requirements

Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0

The .NET Framework version 1.0, 1.1, or 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005

See Also

Tasks

How to: Configure Specific Directories Using Location Settings
How to: Lock ASP.NET Configuration Settings

Reference

securityPolicy Element (ASP.NET Settings Schema)
system.web Element (ASP.NET Settings Schema)
configuration Element (General Settings Schema)
trust Element (ASP.NET Settings Schema)
System.Configuration
System.Web.Configuration
System.Web.Configuration.SecurityPolicySection
System.Web.Configuration.TrustLevel

Concepts

ASP.NET Trust Levels and Policy Files
Administering Security Policy
Securing ASP.NET Configuration
ASP.NET Configuration Scenarios

Other Resources

ASP.NET Web Application Security
General Configuration Settings (ASP.NET)
ASP.NET Configuration Settings
Configuring ASP.NET Applications
ASP.NET Configuration Files
ASP.NET Configuration API