Can someone explain ASP.NET trust levels to me?

2019-02-16 13:15发布

问题:

I've heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another.

I've read through MSDN's article but it didn't do much for me.

Can someone provide a real world example of when you would want to use the various levels (Full, High, Medium, Low, and Minimal) and explain what kind of security risk I would be exposing myself to if I were to use the wrong one?

回答1:

This article might explain it a lot better than the technical one you were reading.

Here's the best part of it:

Medium Trust Summary

The main constraints placed on medium trust Web applications are:

  • OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.

  • EventLogPermission is not available. This means you cannot access the Windows event log.

  • ReflectionPermission is not available. This means you cannot use reflection.

  • RegistryPermission is not available. This means you cannot access the registry.

  • WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the element.

  • FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.

  • You are also prevented from calling unmanaged code or from using Enterprise Services.

An easy real-world situation to imagine where you need this is if you are an ISP offering hosting to people. Allowing anyone to write code that can access the filesystem means that anyone could do anything they want on your server, which might be hosting multiple clients.



回答2:

While not an expert, I would give one of the more common examples of trust is if you bought hosting through a shared hoster through some vendor for $10 a month, where you don't have direct access to the machine, but get an allotted storage space. In this scenario, you get medium trust typically because the hoster wants to limit what you can do (make sure you can't delete or modify something that's not supposed to be), and don't have access to certain resources (like try to read a file outside of the folder you have permission to) and other tasks.

We have full access to our machine where we host a site, and we give it full trust, it isn't a concern for us since its dedicated to our web site and not a shared resource.



回答3:

The problem with Trust levels is that so many plugins require elevated permissions that certain types of applications simply won't work under it.

I've personally seen Crystal Reports and a HTML to PDF conversion tool fail under Medium Trust - FileIOPermission is required to the Temp folder outside of your applications virtual directory. I've also seen issues with TCP Socket connections blocked because of certain Trust levels.

I actually had a rather annoying catch 22 situation with a web application last year where Medium Trust was required for security, but so was writing to the Event Log!

Fortunately you can overwrite Trust levels in your machine.config on the server (if you have access to it), or your web.config if your server is configured to allow it overwrite the machine.config file.

Doing that sort of defeats the purpose of fixed Trust levels though...