PhilMIntertec: Our deployment of Aspose.PDF for .NET requires it to be run on medium trust. If we use the latest standard version, does that mean we should have no problems with medium trust? Or do we need to request a custom DLL to work around the issue?
Hi Phil,
Thanks for your patience.
I have further discussed the scenario with product team and following our observations. The Medium trust was added to our product 2 years ago for .net 2.0. However Microsoft implemented other security systems starting from .net 4.0 and medium trust was marked as deprecated.
The official position of the ASP.NET team is that Medium Trust is obsolete, so it means following actions were taken:
We are automatically marked all Medium Trust-related bugs reported to us as “won’t fix”.
We are removing Medium Trust support from the frameworks we developed (MVC, WebAPI, SignalR, and so on) and going forward, applications built on these frameworks will require Full Trust.
In current context, the term “Medium Trust” above refers to all non-Full Trust configurations in ASP.NET, including use of the built-in trust levels (Minimal, Low, Medium, High) or any custom trust levels.
Later on in May 2015, the .NET Framework as a whole was deprecated for partial trust and customers were advised not to rely on it as a security boundary. From MSDN:
Code Access Security in .NET Framework should not be used as a security boundary with partially trusted code, especially code of unknown origin. We advise against loading and executing code of unknown origins without putting alternative security measures in place.
Therefore, it is not recommended to use medium trust. We support medium trust for .net 2.0 but we recommend to get rid of it and use assemblies under .net v. 4.0 and higher. In case you get errors in .net 4.0, we need your code snippet in order to investigate the code and fix the issues.
Should you have any further query, please feel free to contact.