ConfigurationPermission and requirePermission

I was actually wrong (and too lazy to properly test it). Here’s the correct information:

The new ConfigurationPermission CAS permission in 2.0 protects access to configuration files using the new Web/ConfigurationManager APIs. In ASP.NET only full and high trust levels have this permission.

If you still want to be able to access config sections whithout granting this permission, you can attribute the config sections declaration in question with the requirePermission attribute, e.g. for appSettings:



  type=System.Configuration.AppSettingsSection, …  



By default only the appSettings, connectionStrings and the xmlSerializer sections require no permission.


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s