If you host Web applications, you may choose to implement a medium trust security policy to restrict privileged operations. This section focuses on running medium trust applications, and shows you how to overcome the problems you are likely to encounter.
Running at medium trust has the following two main benefits:
Reduced attack surface
Application isolation
Since medium trust does not grant the application unrestricted access to all permissions, your attack surface is reduced by granting the application a subset of the full permission set. Many of the permissions granted by medium trust policy are also in a restricted state. If an attacker is somehow able to take control of your application, the attacker is limited in what he or she can do.
Application isolation with code access security restricts access to system resources and resources owned by other applications. For example, even though the process identity might be allowed to read and write files outside of the Web application directory, the FileIOPermission in medium trust applications is restricted. It only permits the application to read or write to its own application directory hierarchy.