<div>
Hi folks;
We have a problem. We have a web site with a number of web applications residing under it. Each of these web applications make use of a customize configuration file which was called web.config but really does not contain any of the standard elements of a web.config file. The web site contains one directly called CustomWebConfig with the web.config residing under it and another called "OurWeb". All of the web applications reside in folders under "OurWeb".
Our web site has been running on IIS 6.0 for a considerable time. Now we have to move it to IIS 7.0. Government Requirements state that the Web server must utilize the Medium Trust Level. Medium Trust Level specifies that application have no access to any files outside of their application root. This causes a problem since the web.config file is not under any application root. Nor can it go under any specific application root as that would make in inaccessible to the other applications. It seemed to me that there should be some way to allow an exception. Sure enough I found that you can Customize a Trust Level. I found a Word Doc on the web called "ASPNET35_HostingDeploymentGuide[1].doc" which should the basics on how to customize a Trust Level config file. Except it really wasn't all that basic. It provided explicit instructions on how to customize the "Medium Trust Level" to add a new security class and named permission set to allow access to OLEDB database connections. However, it did not really explain the various elements and attributes, what they were for and how to add permission to open a single specific folder. (Although I've read that this can be done.)
So I would appreciate it if anyone knowing how to add a permission set to do that or at least a source of detailed documentation on how to customize Trust Level config file I would appreciate it very much.
Thanks in advance for your assistance.
</div>