Security with the Bin Folder
Putting compiled assemblies into the Bin folder can represent a security risk. If you wrote the code yourself and compiled it, then you know what the code does. However, you should treat compiled code in the Bin folder as you would treat any executable code. Be wary of compiled code until you have tested it and are confident that you understand what it does.
Note these security aspects of putting compiled code into the Bin folder:
*
Assemblies in Bin folder are scoped to the current application. Therefore, they cannot access resources or invoke code outside the current Web application.
*
At run time, the access levels of an assembly are established by the trust level specified on the local computer. For more information, see ASP.NET Trust Levels and Policy Files.
*
When you run a project in Visual Studio, code in the Bin folder runs in a different context than at run time. The Visual Studio Development Server runs under your logged-in identity. If you logged in as an administrator, the code will run with administrator permissions. When you deploy your site, however, the code typically does not run with administrator permissions. Therefore you should test your project with a IIS server before deploying it, to make sure that security errors do not occur in production.
