Customize Policy | Improving Web Application Security: Threats and Countermeasures

If your Web application contains code that requires more permissions than are granted by a particular ASP.NET trust level, the easiest option is customizing a policy file to grant the additional code access security permission to your Web application. You can either modify an existing policy file and grant additional permissions or create a new one based on an existing policy file.

Note	If you modify one of the built-in policy files, for example, the medium-trust Web_mediumtrust.config policy file, this affects all applications that are configured to run with medium trust.

Task To customize policy for a specific application

Copy one of the existing policy files to create a new policy file. For example, copy the medium trust policy file and create a new policy file such as the following:
```
 %windir%\Microsoft.NET\Framework\{version}\CONFIG\web_yourtrust.config 
```
Add the required permission to the ASP.NET permission set in the policy file or, alternatively, modify an existing permission to grant a less restrictive permission.
Add a new <trustLevel> mapping beneath <securityPolicy> in Machine.config for the new trust level file, as follows :
```
 <securityPolicy>   <trustLevel name="Custom" policyFile="web_yourtrust.config"/>   . . . </securityPolicy> 
```
Configure your application to run with the new trust level by configuring the <trust> element in the application's Web.config file, as follows:
```
 <system.web>   <trust level="Custom" originUrl=""/> </system.web> 
```