Are trust levels in ASP.NET 4.0 obsolete?

Question

Microsoft introduced a new security model on .NET 4.0 and above which is a replacement for code access security. Since trust levels are code access security, is this approach obsolete?

If above statement is in the right way, how do you define a PermissionSet for a concrete ASP.NET application in .NET 4.x?

Voted to close before I read the whole thing..silly me. The first part of your question belongs on programmers.se. I'd recommend moving it and sticking with your second question here. — NotMe, Feb 15 '12 at 19:52

score 2 · Accepted Answer · answered Feb 16 '12 at 16:12

No, ASP.NET trust levels are not obsolete. Your concern that this might be the case seems to be due to a misunderstanding of how CAS has changed in .NET 4.0. CAS has not actually been replaced. Instead, there have been two major changes in how CAS is enforced:

The transparency mechanism now plays a key role in code permission enforcement and
The "naked" CLR no longer enforces CAS policy.

However, if you read the second linked article above, you will see that it is fully expected that hosts such as ASP.NET will continue to enforce CAS permission restrictions. Unless you see a direct indication that some future version of ASP.NET will handle code permission restrictions differently, you should continue to rely on trust levels just as you have in the past.

+1 NicoleCalinoiu Thank you for your clarification and for these links, very useful for me and others. — Matías Fidemraizer, Feb 16 '12 at 16:15

Are trust levels in ASP.NET 4.0 obsolete?

1 Answers1