Hi Shimon,
Welcome to the MSDN newsgroup.
As for the security access setting for .net assembly in ASP.NET web
application, it is divided into two parts:
1. By default, the .NET Code Access security (CAS) setting for ASP.NET
application is at "Full" trust level, so there is not limit for .net
security restriction on the managed code executing in ASP.NET applcation.
What we need to take care of is the raw windows OS level security. This
concern with the ASP.NET's process identity (or the impersonated account)
with those protected resource our ASP.NET application will access(such as
eventlog, registry, filesystem....).
2. Also, we can apply .net's code access security setting (policy) for the
code, assembly in our ASP.NET web application. This security is configured
and checked within the .net managed runtime, independent of the operating
system's security. Here are some msdn reference on applying .net CAS to
ASP.NET web application:
#Chapter 9 ¨C Using Code Access Security with ASP.NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/THCMCh09.asp
#How To: Use Code Access Security in ASP.NET 2.0
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html
/paght000017.asp
Hope this helps.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)