trustLevel Element for securityPolicy (ASP.NET Settings Schema)
Adds a mapping between a security policy file and a named security trust level to the collection of security policy mappings. The security policy file can then be applied to an ASP.NET application by specifying the trust level name in the level attribute of the trust element.
configuration Element (General Settings Schema)
system.web Element (ASP.NET Settings Schema)
securityPolicy Element (ASP.NET Settings Schema)
trustLevel Element for securityPolicy (ASP.NET Settings Schema)
<trustLevel
name="trust level name"
policyFile="file name"
/>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
Attribute |
Description |
---|---|
name |
Required String attribute. Specifies a named security level that is mapped to a policy file. This attribute can be either a user-defined value or one of the following possible values
ValueDescription
Full Specifies that ASP.NET does not restrict security policy with an application domain–specific policy. There is no security policy file associated with Full. By default, this trust level name is mapped to "internal" in the policyFile attribute.
High Specifies a high level of security for policy file mapping. By default, this trust level name is mapped to the Web_hightrust.config policy file.
Medium Specifies a medium level of security for policy file mapping. By default, this trust level name is mapped to the Web_mediumtrust.config policy file.
Low Specifies a low level of security for policy file mapping. By default, this trust level name is mapped to the Web_lowtrust.config policy file.
Minimal Specifies a minimal level of security for policy file mapping. By default, this trust level name is mapped to the Web_minimaltrust.config policy file.
User Defined Specifies the name of a user-defined trust level. For more information, see Administering Security Policy.
For an explanation about what each trust level allows, see AspNetHostingPermissionLevel or trust. |
policyFile |
Required String attribute. Specifies the configuration file that contains security policy settings for the named security level. The configuration file must exist in the same directory as the configuration file that contains the trustLevel definition. |
Child Elements
None.
Parent Elements
Element |
Description |
---|---|
configuration |
Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications. |
system.web |
Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave. |
securityPolicy |
Defines a collection of mappings between security policy files and the associated trust level names. |
Remarks
You can extend the security system by providing your own named <trustLevel> element mapped to a file that is specified by the policyFile attribute. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files and Administering Security Policy.
Because ASP.NET treats Full trust as a special case, Full trust does not have an associated policy file. If Full is set, the ASP.NET host does not add extra application domain–level policy to the application. The Full trust level is always mapped to an internal handler and the policyFile attribute is ignored.
Default Configuration
The following default trustLevel elements are configured in the root Web.config file.
<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
<trust
level="Full"
originUrl=""
processRequestInApplicationTrust="true"
/>
</system.web>
</location>
Example
The following code example demonstrates how to specify a custom trust level name and policy file for an ASP.NET application, adding the security policy mapping to the inherited collection.
<securityPolicy>
<trustLevel
name="CustomTrustLevel"
policyFile="customtrust.config"
/>
</securityPolicy>
Element Information
Configuration section handler |
|
Configuration member |
|
Configurable locations |
Machine.config Root-level Web.config Application-level Web.config |
Requirements |
Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0 The .NET Framework version 1.0, 1.1, or 2.0 Microsoft Visual Studio 2003 or Visual Studio 2005 |
See Also
Tasks
How to: Configure Specific Directories Using Location Settings
How to: Lock ASP.NET Configuration Settings
Reference
securityPolicy Element (ASP.NET Settings Schema)
system.web Element (ASP.NET Settings Schema)
configuration Element (General Settings Schema)
trust Element (ASP.NET Settings Schema)
System.Web.Configuration.SecurityPolicySection
System.Web.Configuration.TrustLevel
Concepts
ASP.NET Trust Levels and Policy Files
Securing ASP.NET Configuration
ASP.NET Configuration Scenarios
Other Resources
ASP.NET Web Application Security
General Configuration Settings (ASP.NET)
ASP.NET Configuration Settings