I found an interesting bug yesterday (you run across all kinds of funny stuff if you set the ASP.NET trust level to ‘Medium’ machine-wide, but you notice problems very early – compare to running as non-Admin).
In a partially trusted ASP.NET application the following code in global.asax (or an HttpModule) throws a SecurityException:
protected void Application_Error(object sender, EventArgs e)
Which is quite a big problem if you want to centralize error handling.
Some more testing (with the help of Shawn Farkas and Stefan Schackow – thanks!) showed that this only happens when hosting in Cassini – and not IIS. Fortunately.
So I broke my own rules and tested in Cassini – something I will try to avoid in the future (even if it is so comfortable).
To cut a long story short – Cassini is not the real thing, you should not use it for serious projects and testing. This bug shows that there a subtle differences in behavior compared to IIS and did cost me 3h of my time yesterday.