.Net Trust Level setting for NFA
Article ID: 246028
Updated On:
Products
CA Network Flow Analysis (NetQos / NFA)
Issue/Introduction
We have a security finding requiring us to set the .Net Trust level at the server level;
However, when I set this level to anything other than full it breaks the application, as seen below. How can I set the trust level and still have the application function ?
Server Error in '/RA' Application.
Runtime Error
Description: An exception occurred while processing your request.
Resolution
If you look at the details of the .NET Trust Levels on the MS article, it says:
- Full (internal) - Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported.
- High (web_hightrust.config) - Specifies a high level of code access security, which means that the application cannot do any one of the following things by default:
- Call unmanaged code.
- Call serviced components.
- Write to the event log.
- Access Message Queuing service queue
- Access ODBC, OleDb, or Oracle data sources.
Within the NFA application, we need access to Event Log and ODBC Access so requires Full access. However, if Customer is worried about it, they can set the required Trust Level at the IIS Server Level but give "Full Trust Level" to the Site -> Default Web Site (NFA) and it should work fine.
Feedback
Yes
No
Powered by
