Setting the .Net trust level to Medium on a site will ensure that no code can access files outside the application directory.
I have an ASP.Net site that must run in Full Trust. I have configured my website in IIS to use its own Application Pool Identity (IIS Apppool\www.site-name.com).
Currently it is possible for scripts/code in this app to read files outside of the application directory. This occurs because by default, accounts that are a member of the BUILTIN\users group are able to read most files on the system, including c:\ and c:\windows. It appears that Applicaion Pool Identity accounts are also members of BUILTIN\users.
Is it possible to prevent file access outside the website folder while keeping Full Trust?
