I found an interesting bug yesterday (you run across all kinds of funny stuff if you set the ASP.NET trust level to ‘Medium’ machine-wide, but you notice problems very early – compare to running as non-Admin).

In a partially trusted ASP.NET application the following code in global.asax (or an HttpModule) throws a SecurityException:

protected void Application_Error(object sender, EventArgs e)

{

  Server.Transfer(“~/error.aspx”);

}

Which is quite a big problem if you want to centralize error handling.

Some more testing (with the help of Shawn Farkas and Stefan Schackow – thanks!) showed that this only happens when hosting in Cassini – and not IIS. Fortunately.

So I broke my own rules and tested in Cassini – something I will try to avoid in the future (even if it is so comfortable).

To cut a long story short – Cassini is not the real thing, you should not use it for serious projects and testing. This bug shows that there a subtle differences in behavior compared to IIS and did cost me 3h of my time yesterday.