Configuring the .NET Trust level in IIS

NoteNote:

This functionality is available as part of the ArcGIS 10.1 SP1 Web Adaptor (IIS) .NET 4 Support and Trust Patch. You'll need to download and install the patch in order to use your Web Adaptor with a Microsoft .NET Trust level of High or Medium.

The ArcGIS Web Adaptor can optionally be modified to communicate with ArcGIS Server using Microsoft .NET Trust levels of High or Medium in Internet Information Systems (IIS). This is for organizations with higher security constraints that grant limited permissions to applications.

You're required to set the Trust level to Full when you initially configure the Web Adaptor with ArcGIS Server. When the configuration is complete and you've verified that you can access the server through the Web Adaptor URL, you can modify the Web Adaptor to communicate with the server using a Trust level of High or Medium from that point forward. The use of Low and Minimal Trust levels are not supported by the Web Adaptor. The Trust level can be set regardless of the Web Adaptor application pool being set to version 2.0 or 4.0 in IIS.

About Microsoft .NET Trust levels in IIS

In Internet Information Systems (IIS), an application's Trust level determines the permissions that are granted to it by .NET code access security (CAS) policy. By default, IIS is configured with Full trust, meaning that unrestricted permissions are granted to applications. However, in some organizations with higher security constraints, only partial trust is granted to applications. Partial trust can be assigned one of four levels; High, Medium, Low, and Minimal.

About using Microsoft .NET Trust levels with the Web Adaptor

When you install the Web Adaptor, the Trust level that is assigned to the application is inherited from the IIS web site that the Web Adaptor is being deployed to. This behavior is identical regardless of the Web Adaptor application pool being set to version 2.0 or 4.0 in IIS.

If the Trust level for the website is assigned to Full, then no action is required on your part. You can configure the Web Adaptor with ArcGIS Server normally. If the Trust level assigned to the Web Adaptor is set to High or Medium and you access the configuration page, you'll see the following error:

Before you can configure the ArcGIS Web Adaptor with ArcGIS Server, you must set the .NET Trust level of the Web Adaptor application to Full in IIS. After configuring, you can set the Trust level of the application back to the original level and access your server through the Web Adaptor as normal.

Low and Minimal levels are not supported by the ArcGIS Web Adaptor application. You will not be able to access the configuration page or communicate with ArcGIS Server. Because no communication with the ArcGIS software is possible at the Low and Minimal levels, you will only see an IIS error page.

You're required to set the Trust level to Full when you initially configure the Web Adaptor with ArcGIS Server. Once configured, the Web Adaptor can be modified to a Trust level of High or Medium. Using the Web Adaptor to forward requests is supported at a Trust level of High or Medium. Follow the steps below to modify the Trust level.

Modifying the Web Adaptor's Trust level

Steps:
  1. Open Internet Information Systems (IIS) Manager.
  2. In the Connections pane, expand Sites.
  3. Expand the web site on which your Web Adaptor is deployed and select the Web Adaptor application.
  4. Double-click .NET Trust levels.
  5. From the Trust level drop-down list, choose Full (internal), High, or Medium as necessary.
  6. Click Apply.
9/6/2013