It was a dark and stormy coding session; the rain fell in torrents as my eyes were locked to two LCD screens in a furious display of coding … …sorry sorry, I just can’t continue. It’s all a lie. This actually a cautionary tale describing one subtle way that you can run afoul Code Access Security (CAS) when attempting to run an application in partial trust. But who wants to read about that? Right? Right? Well this isn’t a sordid tale, but if you bear with me, you may just find it interesting. Either...
In a recent post I ranted about how ASP.NET denies WebPermission in Medium Trust. I also mentioned that there may be some legitimate reasons to deny this permission based on this hosting guide. Then Cathal (thanks!) emailed me and pointed out that the originUrl does not take wildcards, it takes a regular expression. So I updated the <trust /> element of web.config like so: <trust level="Medium" originUrl=".*" />
Lo and Behold, it works! Akismet works. Trackbacks work. All in Medium Trust.
Of course, a hosting provider can easily override this as Scott Guthrie points out in my comments. I need to stop...
This is a bit of rant born out of some frustrations I have with ASP.NET. When setting the trust level of an ASP.NET site, you have the following options:Full, High, Medium, Low, Minimal It turns out that many web hosting companies have chosen to congregate around Medium trust as a sweet spot in terms of tightened security while still allowing decent functionality. Only natural as it is the one in the middle. For the most part, I am sure there are very good reasons for which permissions make it into Medium trust and which ones are not allowed. But...