Is trying to develop for Medium Trust a lost cause?

by

The official position of the ASP.NET team is that Medium Trust is obsolete. This means a few things:

  • We are automatically resolving all Medium Trust-related bugs reported to us as “won’t fix”.
  • We have provided guidance to hosters that they should migrate away from Medium Trust and use proper OS-level isolation instead (http://support.microsoft.com/kb/2698981).
  • We are removing Medium Trust support from the frameworks we develop (MVC, WebAPI, SignalR, and so on). Going forward, applications built on these frameworks will require Full Trust.

Here, the term “Medium Trust” above to refers to all non-Full Trust configurations in ASP.NET, including use of the built-in trust levels (Minimal, Low, Medium, High) or any custom trust levels.

Edit 26 May 2015: The .NET Framework as a whole has deprecated partial trust, and customers are advised not to rely on it as a security boundary. From MSDN:

Code Access Security in .NET Framework should not be used as a
security boundary with partially trusted code, especially code of
unknown origin. We advise against loading and executing code of
unknown origins without putting alternative security measures in
place.

More Related Contents:

  1. What is ASP.NET Identity’s IUserSecurityStampStore interface?
  2. What is the difference between ‘classic’ and ‘integrated’ pipeline mode in IIS7?
  3. Asp.NET Web API – 405 – HTTP verb used to access this page is not allowed – how to set handler mappings
  4. Advantage of creating a generic repository vs. specific repository for each object?
  5. jqGrid: using multiple methods to filter data
  6. Has anyone implement RadioButtonListFor for ASP.NET MVC?
  7. Asp.Net Forms Authentication when using iPhone UIWebView
  8. How to programmatically clear outputcache for controller action method
  9. Why does the CheckBoxFor render an additional input tag, and how can I get the value using the FormCollection?
  10. How to receive JSON as an MVC 5 action method parameter
  11. How to add validation to my POCO(template) classes
  12. ASP.Net MVC Handling Segments with Route
  13. mvc uppercase Model vs lowercase model
  14. I’m lost. What happened to ASP.NET MVC 5?
  15. Visual Studio 2012 Web Publish doesn’t copy files
  16. You must add a reference to assembly ‘netstandard, Version=2.0.0.0
  17. Is it a good practice to avoid using Session State in ASP.NET MVC? If yes, why and how?
  18. SSL pages under ASP.NET MVC
  19. In asp.net mvc is it possible to make a generic controller?
  20. New Asp.Net MVC5 project produces an infinite loop to login page
  21. JQuery’s $ is in conflict with that of StringTemplate.Net in ASP.Net MVC
  22. Linq Orderby random ThreadSafe for use in ASP.NET
  23. Adding sub-directory to “View/Shared” folder in ASP.Net MVC and calling the view
  24. Unable to Retrieve Metadata
  25. Difference Between ViewResult() and ActionResult()
  26. Streaming large file uploads to ASP.NET MVC
  27. Change User Id type to int in ASP.NET Identity in VS2015
  28. I am getting a blank page while deploying MVC application on IIS
  29. Getting the GUID of the current user?
  30. Different users get the same cookie – value in .ASPXANONYMOUS

Leave a Comment