Re: ASP.NET apps security restriction
From: Jason Taylor (jasont@wellmed.com)
Date: 08/02/02
- Next message: AWolf: "HttpModules and HttpContext.Current.User"
- Previous message: Tor K. Haugen: "Re: Is there a managed version of OpenDSObject"
- In reply to: Alex: "Re: ASP.NET apps security restriction"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jasont@wellmed.com (Jason Taylor) Date: 2 Aug 2002 11:05:53 -0700
"Alex" <alex@nodomain.com> wrote in message news:<u7t4kCXOCHA.2480@tkmsftngp08>...
> Arild,
>
> Thanks for your message. Unfortunately below is a quite from this document:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
> ml/V1securitychanges.asp?frame=true
>
> "ASP.NET does not support the <trust> configuration directive that allows
> Web applications to be run with partial trust. This directive is supported
> only with the default setting of "Full". "
>
> It seems to be a big problem, doesn't it?
I am running into this problem too, I think. I can't assume that the
assemblies on my web server are valid to run -- I want to strong-name
the assemblies I create, and set up a policy that only allows
Microsoft-certified code, or mine, to run, and deny everything else.
I've tried a couple ways to enforce this. Through machine.config,
editing the trust levels, anything less than "Full" keeps the web site
from starting at all. Through the runtime policy editor, if I give
anything less than "Full" access to the MyComputer group, the debugger
doesn't work, and I can't start my app.
- Next message: AWolf: "HttpModules and HttpContext.Current.User"
- Previous message: Tor K. Haugen: "Re: Is there a managed version of OpenDSObject"
- In reply to: Alex: "Re: ASP.NET apps security restriction"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
