I have an app I've supported for about 5 years and we are now being required to go from "Full" Trust level in IIS, to a "Medium" ASP.NET Trust Level. As I understand it, the app can't call COM components, or make outside connections.
Can I whitelist a particular site in the medium trust level configuration to explicitly allow e.g. certificate revocation checks?
When I build a X509 chain and validate it, I get the following:
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
From my IIS detailed error message.
To cause this to occur I am using chain.Build() from an X509 Chain. (The app stores a digital signature and checks to ensure all the certs are valid and non-revoked before committing)
This is on IIS 8 and Server 2012. I get no such error on "Full" trust.
I am working with the sysadmins so if we can define a custom trust it is probably OK.
Medium trust is obsolete, so you shouldn't be heading in that direction. See this answer from one of the ASP.NET developers back then.