There are a lot of ASP.NET Hosters out there. So, logically you want to build ASP.NET applications and put them on the hosters. Simple, dimple? Well, for you. You can fire up Visual Notepad, Web Matrix or Visual Studio .NET  and hammer one out of silicon pretty fast.

However, let's now look at it from the Hosters' point of view. Here is a chunk of code that someone is trying to post on their servers. They have no clue (short of walking through it themselves) just what it may do. It could walk up and down their entire customer-base, grabbing information and mailing it to It could reformat drives by accident. There are many, many things that poorly written code may do. Yes, I know you never write poor quality code, but other people do. How can they protect themselves? Well, one method that many hosters implement as a first step in protection is to run ASP.NET in medium trust. This means that such things as ActiveX, file access (other than isolated access) and whatnot are completely out of the question. Here is a brief table from one of my favourite reference works:

Table 9.1   Restrictions Imposed by the ASP.NET Trust Levels

Trust Level

Main Restrictions
Full Unrestricted permissions. Applications can access any resource that is subject to operating system security. All privileged operations are supported.
High Not able to call unmanaged code

Not able to call serviced components

Not able to write to the event log

Not able to access Microsoft Message Queuing queues

Not able to access OLE DB data sources

Medium In addition to the above, file access is restricted to the current application directory and registry access is not permitted.
Low In addition to the above, the application is not able to connect to SQL Server and code cannot call CodeAccessPermission.Assert (no assertion security permission).
Minimal Only the execute permission is available.

We're working on getting you some content to help you design and build apps for Medium Trust, but in the meantime, you should try changing the web.config (or machine.config) to run as medium trust whenever possible. Certainly for apps that will be deployed to a hoster. It could prevent problems later when you try to deploy.