Medium Trust ASP.NET Applications

Saturday, October 29, 2005

If you are an ISP offering shared hosting, or you are a developer deploying your app in a shared hosting environment, then there is no doubt you want to avoid running ASP.NET applications with full trust. Full trust is the default trust level for ASP.NET.

What is full trust? The runtime defines several trust levels we can use to constrain what an application can do. These trust level range from minimal trust, which is a highly restrictive level, to full trust, which has no restrictions at all. The recommended trust level for an ASP.NET application is right in the middle: medium trust (see the ASP.NET 2.0 Hosting Deployment Guide).

What is wrong with full trust? For starters, the AppDomain hosting the application is no longer a security boundary. Full trust allows native code to execute, and native code can poke around a process that is hosting multiple AppDomains to find or corrupt data from other applications. Full trust also leaves resource protection up to the operating system, which is a bad idea when all the applications are running with the same identity, and thus have equal access to files and registry keys.

For instance…

    1 string parentPath = Server.MapPath("~") + @"\..\";

    2 

    3 string[] webDirectories;

    4 webDirectories = Directory.GetDirectories(parentPath);

    5 

    6 foreach (string directory in webDirectories)

    7 {           

    8     string appDataPath = directory + @"\App_Data\";

    9 

   10     string[] appDataFiles;

   11     appDataFiles = Directory.GetFiles(appDataPath);

   12 

   13     foreach (string file in appDataFiles)

   14     {

   15         try

   16         {

   17             // goodbye, data

   18             File.Delete(file);

   19         }

   20         catch(Exception)

   21         {

   22             // eat it and go on

   23         }

   24     }           

   25 }

The above code tries to walk through the web sites on a server and destroy any files in the well known App_Data directories. Perhaps a database file will be in use and the runtime will throw an exception – that’s ok, we can try again later. The real problem here is that the code can even successfully retrieve a listing of files and directories outside of the root where the code executes.

Medium trust will place a number of restrictions on an application, including limiting an application’s file access to within the virtual directory where the application lives. If we run the above code under medium trust (see How To: Use Medium Trust in ASP.NET 2.0), the runtime will throw a System.Security.SecurityException exception on line 4. Line 4 is the where the code tries to get a list of directories one level above the application’s home directory.

In ASP.NET 2.0, Microsoft has made changes to make life easier for ISPs and developers who want to run code with the medium trust level. You can read more in the PAG document: Security Guidelines for ASP.NET 2.0.


Comments
Dinis Cruz Friday, November 4, 2005
Hello

Do you know which ISPs are running their shared hosting environments in Partial Trust these days?

It seems that 1And1 is running their websites in partial trust (see faq.1and1.com/.../15.html) although it is a bit non-ethical the fact that they don't talk about these limitations in their Asp.Net explanation page (http://order.1and1.com/xml/order/MsHostingDevNet" title="http://order.1and1.com/xml/order/MsHostingDevNet">http://order.1and1.com/xml/order/MsHostingDevNet) which is linked from their hosting plan page (http://order.1and1.com/xml/order/MsHostingDev)

What other ISPs are doing this?

I googled a little bit at its seems that there are more ISPs doing this (when compared with a couple years ago) but nobody wants to publicly admit it.

Is there a list with this information?

Dinis Cruz
.Net Security Consultant
Owasp .Net Project
www.owasp.net
scott Friday, November 4, 2005
I do not know of a list. It doesn't seem to be the type of "feature" that the ISPs are advertising.

Perhaps we should work on a list...
David Burns Tuesday, November 22, 2005
This has been a real help reading your comments. The company hosting my asp.net application didn't tell me that they were running medium trust. My application ran really well locally but just won't retrieve any data from my the databse when run from the server as a website.

Is there any simple way around this? People need to order from my site so they have to be able to read/write to an orders database.

perhaps I need another ISP? Any recommendations?

Thanks.
scott Wednesday, November 23, 2005
David:

What database are you using? Which version of the runtime are you using?
Rick Sunday, January 22, 2006
It seems that medium trust is also blocking access to asp.net framework dll's like aspjpeg and others, how can I allow access to my clients applications without compromsing security?
scott Sunday, January 22, 2006
Rick:

I'm not sure what aspjpeg is, it doesn't sound like a framework dll. Some assemblies require full trust, there is just no way to avoid the requirement. What you could do is wrap calls to the assembly with an assembly that allows partially trusted callers (search for the APTCA attribute set). There are some details here: msdn.microsoft.com/.../default.asp
Neel Tuesday, February 14, 2006
I have an asp .net application which uses remoting and works fine at my end. But many hosting providers will not aloowing that as it would need high trust. What should I do. What is the minimum grant required to support this case.
scott Monday, February 20, 2006
Neel: I'm not an expert on remoting. You might need to try one of the newsgroups or forums.
Matt Fausey Thursday, October 12, 2006
Even when in Full Trust, your application is still limited by what the account can or cannot do. If your application is running under the ASPNET account, the shared hosting provider can still provide customized limitations. I believe this to be a better way because Medium Trust is too limiting.
gravatar Niranjan Thursday, April 29, 2010
can you please let me know what chanes do i need to make for my web.config to make it Medium trust level.
I am getting security exception when uploading Files to the hosted Server.

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Comments are now closed.
by K. Scott Allen K.Scott Allen
My Pluralsight Courses
The Podcast!