Developing ASP.NET applications for shared commercial web hosting space can give rise to a security issue that will restrict your options as a developer. If you developing an ASP.NET application that works fine in your development environment any attempt to run it in the live environment may well give rise to the following error:
System.Security.SecurityException: That assembly does not allow partially trusted callers.
This is being caused by the security level that your application is being forced to run under.
This security level is known as the trust level in .NET and it can be set to one of the following values:
Full trust – your code can do anything that the account running it can do.
High trust – same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
Medium trust – same as above except your code cannot see any part of the file system except its application directory. This is the most common trust level that is used in shared hosting environments.
Low trust – same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).
Medium trust is the level most commonly used by shared hosting environments and it places severe restrictions on what your code can do – i.e. you cannot call unmanaged code, such as Win32 APIs and COM components and you cannot do anything with the file system or system registry.
Medium trust also prevents your assemblies from running unless they are marked with a strong name and installed into the server’s Global Assembly Cache (GAC). However, this becomes a problem in a hosted environment where you have no direct access to the GAC.
Solution
Allow Partially Trusted Callers
To ensure that your assemblies will work in a medium trusted environment, you need to give them a strong name and mark them with an attribute that tells the .NET security runtime to allow the code.
To allow partially trusted callers from your code, add the following attribute to the assembly’s AssemblyInfo.cs file:
[assembly: AllowPartiallyTrustedCallers]
You will also need to ensure that the file references the System.Security namespace.
In addition, you will also need to give your assembly a strong name by signing the assembly though the project properties dialog. An explanation of how to do this can be found here: http://msdn.microsoft.com/en-us/library/ms247123(VS.80).aspx.