When running an ASP.NET application, you might encounter an error related to trust level, such as:
Security Exception: Request for the permission of type
System.Security.Permissions.SecurityPermissionfailed.
This typically indicates that the application is running in a partial trust environment, but the code requires full trust to function correctly.
What Is Trust Level in ASP.NET?
ASP.NET applications run under different trust levels that define what permissions the application code has. These include:
-
Full (unrestricted)
-
High
-
Medium
-
Low
-
Minimal
By default, some hosting environments enforce Medium Trust or lower for added security, which restricts certain operations like file access, reflection, or third-party libraries that need full permissions.
Common Symptoms
-
Security exceptions
-
Reflection, file I/O, or registry access errors
-
Failure in third-party libraries requiring full trust
Solution: Set Application to Run in Full Trust
Option 1: Modify web.config to Request Full Trust
In your application’s web.config file, specify the full trust level:
<configuration>
<system.web>
<trust level="Full" originUrl="" />
</system.web>
</configuration>
⚠️ Note: This will only work if the server or hosting provider allows full trust.
Option 2: Update IIS Settings (For Self-Hosted Environments)
If you control the server:
-
Open IIS Manager.
-
Select the website or application.
-
In the Features View, double-click .NET Trust Levels.
-
Choose Full (Internal) from the dropdown.
-
Click Apply.
Option 3: Contact Your Hosting Provider
If you’re on shared hosting, your provider may enforce Medium Trust. You’ll need to:
-
Request a trust level upgrade to Full Trust, or
-
Refactor your code to work within Medium Trust limitations
Security Note
Use Full Trust only when necessary. Full trust allows the application to perform unrestricted operations, which can be a security risk in multi-tenant environments.
