Configure ASP.NET sites with security permissions for HealthVault

The HealthVault SDK assemblies require certain Code Access Security permissions in order to work properly in an ASP.NET application. In medium trust or partial trust configurations, the code permissions granted to an ASP.NET application are determined by a Code Access Security (CAS) policy file on the Web server.

Many Web hosting providers run ASP.NET applications in a medium trust environment. Medium trust does not provide all the permissions required by the Microsoft.Health.dll and Microsoft.Health.Web.dll assemblies. You may need to negotiate with your hosting provider to get additional permissions for your application. (If you manage your own ASP.NET server but do not want to run your application with full trust, you will need to configure the CAS permissions yourself. For more information, see Chapter 9 of "Improving Web Application Security: Threats and Countermeasures", Using Code Access Security with ASP.NET).

Required permissions

The following permissions are always required by Microsoft.Health.Web.dll:

Additional permissions

Certain features exposed through Microsoft.Health.Web.dll and Microsoft.Health.dll require additional permissions or security demands.


All HealthVault exceptions are serializable using the ISerializable.GetObjectData virtual method, which requires a LinkDemand for the SecurityPermissionAttribute.SerializationFormatter property.

In addition, the HealthRecordItem.ValidateCertificate and HealthRecordItem.IsSignatureValid methods require full trust in order to run. Calls to these methods will fail in partial trust environments.


In a Minimal trust environment, both a LinkDemand and an InheritanceDemand are required for the HealthRecordItemDataGrid and HealthServicePage classes.