ASP.NET Trust level

ASP.NET on Loopia hosting runs under a configured Trust Level, which controls what an application’s code is permitted to do. This article describes the Trust Level we apply to ASP.NET applications on our Windows/IIS servers, the additional permissions we grant, and the operations that remain restricted.

What is an ASP.NET Trust Level?

In ASP.NET, administrators (in this case, us) set a so-called Trust Level for each application, which specifies what the application’s code is and is not permitted to do.

Trust Level on Loopia servers

We run all ASP.NET 2.0 applications under Medium trust, with the following additions:

• We allow OleDbPermission for accessing Access databases.
• We allow OdbcPermission for generic ODBC (Open Database Connectivity) access, and more specifically to allow MyODBC.
• We allow WebPermission so that applications can use external web services.
• We allow SocketPermission for opening sockets for outgoing network connections.
• We have a permitted version of Connector/NET installed. More information is available here.
• Outgoing email must be sent through mailcluster.loopia.se on port 25 with authentication.

Operations that are not allowed

The following operations are not permitted under our Trust Level configuration:

• Access to the event log, registry and other resources that are not relevant to shared hosting.
• Reflection.
• Unmanaged code.
• The use of assemblies that do not allow callers with Partial trust.
• Sending email over SMTP using an external provider.