trustLevel Element for securityPolicy (ASP.NET Settings Schema)

Adds a mapping between a security policy file and a named security trust level to the collection of security policy mappings. The security policy file can then be applied to an ASP.NET application by specifying the trust level name in the level attribute of the trust element.

configuration Element (General Settings Schema)
  system.web Element (ASP.NET Settings Schema)
    securityPolicy Element (ASP.NET Settings Schema)
      trustLevel Element for securityPolicy (ASP.NET Settings Schema)

   name="trust level name" 
   policyFile="file name" 

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.





Required String attribute.

Specifies a named security level that is mapped to a policy file.

This attribute can be either a user-defined value or one of the following possible values

Full Specifies that ASP.NET does not restrict security policy with an application domain–specific policy. There is no security policy file associated with Full. By default, this trust level name is mapped to "internal" in the policyFile attribute.
High Specifies a high level of security for policy file mapping. By default, this trust level name is mapped to the Web_hightrust.config policy file.
Medium Specifies a medium level of security for policy file mapping. By default, this trust level name is mapped to the Web_mediumtrust.config policy file.
Low Specifies a low level of security for policy file mapping. By default, this trust level name is mapped to the Web_lowtrust.config policy file.
Minimal Specifies a minimal level of security for policy file mapping. By default, this trust level name is mapped to the Web_minimaltrust.config policy file.
User Defined Specifies the name of a user-defined trust level. For more information, see Administering Security Policy.

For an explanation about what each trust level allows, see AspNetHostingPermissionLevel or trust.


Required String attribute.

Specifies the configuration file that contains security policy settings for the named security level. The configuration file must exist in the same directory as the configuration file that contains the trustLevel definition.

Child Elements


Parent Elements




Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.


Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.


Defines a collection of mappings between security policy files and the associated trust level names.


You can extend the security system by providing your own named <trustLevel> element mapped to a file that is specified by the policyFile attribute. For information about ASP.NET and policy files, see ASP.NET Trust Levels and Policy Files and Administering Security Policy.

Because ASP.NET treats Full trust as a special case, Full trust does not have an associated policy file. If Full is set, the ASP.NET host does not add extra application domain–level policy to the application. The Full trust level is always mapped to an internal handler and the policyFile attribute is ignored.

Default Configuration

The following default trustLevel elements are configured in the root Web.config file.

<location allowOverride="true">
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low" policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>


The following code example demonstrates how to specify a custom trust level name and policy file for an ASP.NET application, adding the security policy mapping to the inherited collection.


Element Information

Configuration section handler


Configuration member




Configurable locations


Root-level Web.config

Application-level Web.config


Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0

The .NET Framework version 1.0, 1.1, or 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005

See Also


How to: Configure Specific Directories Using Location Settings

How to: Lock ASP.NET Configuration Settings


securityPolicy Element (ASP.NET Settings Schema)

system.web Element (ASP.NET Settings Schema)

configuration Element (General Settings Schema)

trust Element (ASP.NET Settings Schema)






ASP.NET Trust Levels and Policy Files

Administering Security Policy

Securing ASP.NET Configuration

ASP.NET Configuration Scenarios

Other Resources

ASP.NET Web Application Security

General Configuration Settings (ASP.NET)

ASP.NET Configuration Settings

ASP.NET Web Site Administration

ASP.NET Configuration Files

ASP.NET Configuration API