Disadvantages Of Asp.Net Full Trust Security Level

Posted Mar 14 2010 by in ASP.NET Articles with 1 Comment

Why shouldn’t we allow any domain to run Asp.Net application under the Full Trust level? Below are the reasons:

If the Asp.Net application is allowed to run under Full Trust level then it can:

1. Browse(create/edit and delete too) files in the Windows directory using the System.IO namespace.
2. Browse(create/edit and delete too) folders in the Program Files directory using the System.IO namespace.
3. Browse(create/edit and delete too) files in the System32 directory using the System.IO namespace.
4. Output of the OS name and version number using the System.Environment class.
5. Output of the server’s local IP address using server variables, etc.

In short, full trust Asp.Net application can do anything with the server since it gains the full access of the server when run under the Full Trust.

Therefore, do not ever offer any domain a full trust level in the shared server if your are a shared hosting provider. :)

Tags: , Category: ASP.NET Articles

Mayur Gondaliya - CTO - CaseTronyx, Inc. Director - ExaSpring Information Services Pvt. Ltd. Web Investor. Software Engineer. Workaholic. Insomniac.

One Comment


  1. Gaurav
    Sep 27, 2010

    How we can delete a file from a server in full trust mode whether we didn’t write any code for delete?

Leave a Reply