Detect trust level

Question

How can a .NET application detect the trust level in which it is running under?

Specifically, I'm wanting a way to do something like

  if (RUNNING IN GREATER THAN MEDIUM TRUST) { 
    // set private fields & properties using reflection
  }

My current solution is to use

public static class CodeAccessSecurityTool {
    private static volatile bool _unrestrictedFeatureSet = false;
    private static volatile bool _determinedUnrestrictedFeatureSet = false;
    private static readonly object _threadLock = new object();

    public static bool HasUnrestrictedFeatureSet {
        get {
            if (!_determinedUnrestrictedFeatureSet)
                lock (_threadLock) {
                    if (!_determinedUnrestrictedFeatureSet) {
                        try {
                            // See if we're running in full trust
                            new PermissionSet(PermissionState.Unrestricted).Demand();
                            _unrestrictedFeatureSet = true;
                        } catch (SecurityException) {
                            _unrestrictedFeatureSet = false;
                        }
                        _determinedUnrestrictedFeatureSet = true;
                    }
                }
            return _unrestrictedFeatureSet;
        }
    }
}

But, it's a bit of a hack.

[Here](http://stackoverflow.com/a/11660205/969613) is somebody checking to see if they are running as an administrator, might be useful! — JMK, Feb 21 '13 at 12:04
@JMK: OS privielges and CLR privileges aren't connected (silverlight code will run in medium trust for all users for example). — Herman Schoenfeld, Feb 21 '13 at 12:09
possible duplicate http://stackoverflow.com/questions/1064274/get-current-asp-net-trust-level-programmatically — Antonio Bakula, Feb 21 '13 at 12:12
Not a duplicate since ASP.NET is a subset of the .NET platform. — Herman Schoenfeld, Feb 21 '13 at 12:28

Alex Filipovici · Answer 1 · 2013-02-21T12:38:44.697

7

Maybe this is helpful:

ActivationContext ac = AppDomain.CurrentDomain.ActivationContext;
ApplicationIdentity ai = ac.Identity;
var applicationTrust = new System.Security.Policy.ApplicationTrust(ai);
var isUnrestricted = applicationTrust.DefaultGrantSet.PermissionSet.IsUnrestricted();

Or

AppDomain.CurrentDomain.ApplicationTrust
  .DefaultGrantSet.PermissionSet.IsUnrestricted();

edited Feb 21 '13 at 12:38

answered Feb 21 '13 at 12:19

Alex Filipovici

31,789
6
54
78

Thanks Alex for your response. Better than the try/catch I had. – Herman Schoenfeld Feb 21 '13 at 12:37
For me, accessing the `ApplicationTrust` from a partially trusted context threw an exception – Kieren Johnstone Sep 13 '13 at 07:43
@KierenJohnstone: yes, see (new) answer below. – Herman Schoenfeld Oct 16 '13 at 06:12
Your second code block is prone to a NullReferenceException if ApplicationTrust is null (e.g., [but not exclusively] a .NET 2.0 app) – Jeffrey LeCours Mar 07 '17 at 17:21

Drew Noakes · Answer 2 · 2016-12-07T00:56:14.897

6

From .NET 4.0 onwards there is the AppDomain.IsFullyTrusted property which may be helpful.

If you wish to test this on the current app domain, use:

if (AppDomain.CurrentDomain.IsFullyTrusted)
{
    // ...
}

edited Dec 07 '16 at 00:56

answered Dec 27 '15 at 10:21

Drew Noakes

300,895
165
679
742

score 1 · Answer 3 · answered Feb 21 '13 at 12:13

You can use this code:

private AspNetHostingPermissionLevel[] aspNetHostingPermissionLevel = new AspNetHostingPermissionLevel[] 
{  
   AspNetHostingPermissionLevel.Unrestricted, 
   AspNetHostingPermissionLevel.High, 
   AspNetHostingPermissionLevel.Medium,
   AspNetHostingPermissionLevel.Low,
   AspNetHostingPermissionLevel.Minimal
};

public AspNetHostingPermissionLevel GetTrustLevel()
{
   foreach (AspNetHostingPermissionLevel aspNetHostingPermissionLevel in aspNetHostingPermissionLevel)
   {
      try
      {
         new AspNetHostingPermission(aspNetHostingPermissionLevel).Demand();
      }
      catch (System.Security.SecurityException)
      {
         continue;
      }    

      return aspNetHostingPermissionLevel;
   }

   return AspNetHostingPermissionLevel.None;
}

@Herman Schoenfeld - sure. But with the information you gave us with the first edition of your question - the idea of this answer was to show you the right direction. — MikroDel, Feb 21 '13 at 12:35

Herman Schoenfeld · Accepted Answer · 2014-07-02T03:14:36.243

    public static class CodeAccessSecurity {
        private static volatile bool _unrestrictedFeatureSet = false;
        private static volatile bool _determinedUnrestrictedFeatureSet = false;
        private static readonly object _threadLock = new object();

        public static bool HasUnrestrictedFeatureSet {
            get {
#if __IOS__
                return false;
#elif __ANDROID__
                return false;
#else
                if (!_determinedUnrestrictedFeatureSet)
                    lock (_threadLock) {
                        if (!_determinedUnrestrictedFeatureSet) {
                            _unrestrictedFeatureSet = AppDomain.CurrentDomain.ApplicationTrust == null || AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet.IsUnrestricted();
                            _determinedUnrestrictedFeatureSet = true;
                        }
                    }
                return _unrestrictedFeatureSet;
#endif
            }
        }

    }
}

Detect trust level

4 Answers4