In my previous post titled Install dasBlog, you need Full trust hosting I have talked about installing ASP.NET blog (dasBlog) and why it requires FULL TRUST hosting.
Today we will talk more about – What is full trust hosting and what is modified full trust hosting? A lot of web developers building web applications turn to web hosting companies to host their website. Web hosting companies offer a variety of plans.
Two type of plans largely offered are -
1. Shared web hosting or Shared plans
2. Dedicated web hosting or Dedicated plans
Shared plans, are the most economical and practical for low-traffic websites, can have anywhere from 25 to 150 separated websites hosted from the same web server. When hosting multiple websites on the same server, it is important that one website cannot affect or harm another site. For example, both the web hosting company and its customers want to prevent one website from, say, reading the connect string information from Web.config of another website.
Microsoft’s ASP.NET web technology / language allows for web hosting companies to define trust levels, which dictate what operations are permitted by ASP.NET applications. A web hosting company can either use one of the preset trust levels – Full, High, Medium, Low, or Minimal – or can create a custom trust level.
Full trust is the default, allows ASP.NET applications to execute native code, to read from the Registry and Windows Event Log, and to read and write to files outside of the application’s virtual directory. In short, with full trust one web application could delete the entire contents of another web application.
Now most web hosting companies run in medium trust, which greatly reduces the potential for harm by limiting the set of operations an ASP.NET application can perform. But Medium trust will place a number of restrictions on an application, including limiting an application’s file access to within the virtual directory where the application lives. While the protection granted by medium trust is reassuring, its limited functionality can be a cause of worry for developers. There are a lot of web applications and components in the market which do require full trust to work as desired.
Now what will happen, in this scenario. In this case a lot of web hosts run the web applications as modified full trust, which is a modified version of full trust and web hosting companies block certain modules or permissions of full trust. e.g. you can change this full trust to be effective only for the needed functionality (or vice versa, disable it for the File IO). This can be done through the .NET Framework Configuration tools on the server (caspol.exe etc) but it will require some additional setup.
Also, there are ways of allowing applications run in full trust while still keeping them in a sandbox. Many respectable shared hosts do allow this as its required for applications like FlexWiki, but is something that must be requested.