How to write to Web.Config in Medium Trust?

50
votes

Uploading my first decently sized web app to my shared host provided me with a fresh set of challenges, by which I mean, sleepless nights. The issue was that I had most certainly not developed my application for medium trust (or had any clue what that was.)

I mitigated all of the issues, save one.

I had written an installer for the admin to be able to specify their connection string and other preferences, but I cannot find a way to write to a web.config in medium trust. Does anyone have a solution, or should I just be putting preferences in another file?

1
c#asp.netmedium-trust
One solution: 4guysfromrolla.com/articles/100307-1.aspxChris S

1 Answers

23
votes

That actually sounds like IIS's Low level. If it is, then you won't be able to write to any file, not just the web.config.

Here are the levels from IIS's help file:

  • Full (internal) - Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported.
  • High (web_hightrust.config) - Specifies a high level of code access security, which means that the application cannot do any one of the following things by default:
    • Call unmanaged code.
    • Call serviced components.
    • Write to the event log.
    • Access Message Queuing service queues.
    • Access ODBC, OleDb, or Oracle data sources.
  • Medium (web_mediumtrust.config) - Specifies a medium level of code access security, which means that, in addition to High Trust Level restrictions, the ASP.NET application cannot do any of the following things by default:
    • Access files outside the application directory.
    • Access the registry.
    • Make network or Web service calls.
  • Low (web_lowtrust.config) - Specifies a low level of code access security, which means that, in addition to Medium Trust Level restrictions, the application cannot do any of the following things by default:
    • Write to the file system.
    • Call the Assert method.
  • Minimal (web_minimaltrust.config) - Specifies a minimal level of code access security, which means that the application has only execute permissions.

I would suggest that if you are dead set on having an installer, have it create a web.config in memory that the user can save locally and FTP up afterward.