(thanks!) emailed me and pointed out that the
originUrl does not take
wildcards, it takes a regular expression.
So I updated the <
trust /> element of
web.config like so:
<trust level="Medium" originUrl=".*" />
Lo and Behold, it works! Akismet works. Trackbacks work. All in Medium Trust.
Of course, a hosting provider can easily override this as Scott Guthrie points out in my comments. I need to stop blogging while sleep deprived. I have a tendency to say stupid things.
Now a smart hosting company can probably create a custom medium trust
policy in order to make sure this doesn’t work, but as far as I can
tell, this completely works around the whole idea of denying
WebPermission in Medium Trust.
If I can simply add a regular expression to allow all web requests,
what’s the point of denying WebPermission?