TrustLevel Class

Configures a trust level for Web applications on a Web server.

Syntax

class TrustLevel : CollectionElement  

Methods

This class contains no methods.

Properties

The following table lists the properties exposed by the TrustLevel class.

Name Description
Name A required read-only string value that specifies a named security level that is mapped to a policy file. The possible values are listed later in the Remarks section. The key property.
PolicyFile A required read/write string value that specifies a configuration file that contains security policy settings for the security level specified in the Name property. The default is "internal".

The policy file must be located in the same directory as the computer-level Web.config file. By default this directory is %windir%\Microsoft.NET\Framework\{version}\Config.

You can apply the security policy file to an ASP.NET application by specifying the trust level name in the Level property of the TrustSection class.

Subclasses

This class contains no subclasses.

Remarks

Instances of this class are contained in the SecurityPolicy property of the SecurityPolicySection class.

You can establish the security policy for all Web applications on the server by setting the trust level. Because trust levels can be defined only at the computer level, configuration files must set the levels in the computer-level configuration directory. By default, this directory is %windir%\Microsoft.NET\Framework\{version}\Config.

You can create a custom policy by mapping a named <trustLevel> element in the computer-level Web.config file to a custom policy configuration file. The custom policy configuration file must also reside in the computer-level configuration directory.

The following table lists the possible values for the Name property. The default is "Full". For an explanation of what each trust level allows, see the TrustSection class.

Value Description
"Full" Specifies that ASP.NET does not restrict security policy with an application domain–specific policy. There is no security policy file associated with Full. By default, this trust-level value is mapped to "internal" in the PolicyFile property. Note: Because ASP.NET treats Full trust as a special case, Full trust does not have an associated policy file. If Full is set, the ASP.NET host does not add extra domain–level policy to the application. The Full trust level is always mapped to an internal handler, and the PolicyFile property is ignored.
"High" Specifies a high level of security for policy file mapping. By default, this trust-level value is mapped to the Web_hightrust.config policy file.
"Medium" Specifies a medium level of security for policy file mapping. By default, this trust-level value is mapped to the Web_mediumtrust.config policy file.
"Low" Specifies a low level of security for policy file mapping. By default, this trust-level value is mapped to the Web_lowtrust.config policy file.
"Minimal" Specifies a minimal level of security for policy file mapping. By default, this trust-level value is mapped to the Web_minimaltrust.config policy file.
"User Defined" Specifies the name of a user-defined trust level. For more information, see Administering Security Policy.

Example

The following example displays the trust-level names and corresponding security policy configuration files that are specified in the computer-level Web.config file.

' Connect to the WMI WebAdministration namespace.  
Set oWebAdmin = GetObject("winmgmts:root\WebAdministration")  

' Get the security policy section.  
Set oSite = oWebAdmin.Get("Site.Name='Default Web Site'")  
oSite.GetSection "SecurityPolicySection", oSection  

' Display the path and location.  
WScript.Echo "Path: " & oSection.Path   
WScript.Echo "Location: " & oSection.Location  
WScript.Echo  

' Display the security level names and their policy files.  
For Each oTrustLevel In oSection.SecurityPolicy  
    WScript.Echo "Security level: " & oTrustLevel.Name  
    WScript.Echo "   Policy file: " & oTrustLevel.PolicyFile  
    WScript.Echo   
Next  

Inheritance Hierarchy

CollectionElement

TrustLevel

Requirements

Type Description
Client - IIS 7.0 on Windows Vista
- IIS 7.5 on Windows 7
- IIS 8.0 on Windows 8
- IIS 10.0 on Windows 10
Server - IIS 7.0 on Windows Server 2008
- IIS 7.5 on Windows Server 2008 R2
- IIS 8.0 on Windows Server 2012
- IIS 8.5 on Windows Server 2012 R2
- IIS 10.0 on Windows Server 2016
Product - IIS 7.0, IIS 7.5, IIS 8.0, IIS 8.5, IIS 10.0
MOF file WebAdministration.mof

See Also

System.Web.Configuration.TrustLevel Administering Security Policy
ASP.NET Trust Levels and Policy Files
CollectionElement Class
SecurityPolicySection Class
trustLevel Element for securityPolicy (ASP.NET Settings Schema)