OriginUrl Supports Regular Expressions
In a recent post I
about how ASP.NET denies
WebPermission in Medium Trust. I also
mentioned that there may be some legitimate reasons to deny this
permission based on this hosting
(thanks!) emailed me and pointed out that the
originUrl does not take
wildcards, it takes a regular expression.
So I updated the <
trust /> element of
web.config like so:
<trust level="Medium" originUrl=".*" />
Lo and Behold, it works! Akismet works. Trackbacks work. All in Medium Trust.
Of course, a hosting provider can easily override this as Scott Guthrie points out in my comments. I need to stop blogging while sleep deprived. I have a tendency to say stupid things.
Now a smart hosting company can probably create a custom medium trust
policy in order to make sure this doesn’t work, but as far as I can
tell, this completely works around the whole idea of denying
WebPermission in Medium Trust.
If I can simply add a regular expression to allow all web requests,
what’s the point of denying WebPermission?