Isolating Applications with Code Access Security | Improving Web Application Security: Threats and Countermeasures

With version 1.1 of the .NET Framework, you can configure applications to run at partial trust levels, using the <trust> element. The following configuration shows how to configure an application's trust level from Machine.config. In this example, the Medium trust level is used.

 <location path="Web Site Name/appvDir1" allowOverride="false">   <system.web>     <trust level="Medium" originUrl="" />   </system.web> </location>

If you configure an application to run with a trust level other than "Full," the application has restricted code access security permissions to access specific types of resources. In this way, you can constrain applications to prevent them from interacting with one another and from gaining access to system level resources such as restricted areas of the file system, the registry, the event log, and so on.

For more information about the ASP.NET trust levels and how they can be used to provide application isolation and about application specific design and development considerations, see Chapter 9, "Using Code Access Security with ASP.NET."

Note	If you use code access security to provide application isolation, you should still consider the operating system identity of the application. The recommended isolation model is to use code access security together with process level isolation on Windows Server 2003.