We've posted a new article that should be of interest to readers in this ASP.NET 2.0 professional forum. The article is an excerpt from Stefan Schackow's book Professional ASP.NET 2.0 Security, Membership, and Role Management. Here's the beginning:

Using the WebPermission Setting in ASP.NET Partial Trust
One of the permissions defined in ASP.NET's Medium and High partial trust files is System.Net.WebPermission. This is probably one of the most confusing permissions for developers to use due to the interaction between ASP.NET's <trust /> element and the settings for this permission. The default declaration for System.Net.WebPermission looks like this:

<IPermission
 class="WebPermission"
         version="1">
              <ConnectAccess>
                    <URI uri="$OriginHost$"/>
              </ConnectAccess>
</IPermission>
Although a WebPermission can be used to define both outbound and inbound connection permissions, normally, you use WebPermission to define one or more network endpoints that your code can connect to. The default declaration shown previously defines a single connection permission that allows partially trusted code the right to make a connection to the network address defined by the <URI /> element.
...

And you can read the complete article here.


Jim Minatel
Senior Acquisitions Editor
Wiley Technology Publishing
WROX Press
Blog: http://wroxblog.typepad.com/
Jim's Book of the week: No book this week - Donate to the Red Cross!

__________________
Jim Minatel
Associate Publisher, WROX - A Wiley Brand
Did someone here help you? Click on their post!