ArcGIS Web Adaptor can optionally be modified to communicate with Portal for ArcGIS using Microsoft .NET Trust levels of High or Medium in Internet Information Systems (IIS). This is for organizations with higher security constraints that grant limited permissions to applications.
You're required to set the Trust level to Full when you initially configure the Web Adaptor with Portal for ArcGIS. When the configuration is complete and you've verified that you can access the portal through the Web Adaptor URL, you can modify the Web Adaptor to communicate with the portal using a Trust level of High or Medium from that point forward. The use of Low and Minimal Trust levels are not supported by the Web Adaptor. The Trust level can be set regardless of the Web Adaptor application pool being set to version 2.0 or 4.0 in IIS.
About Microsoft .NET Trust levels in IIS
In Internet Information Systems (IIS), an application's Trust level determines the permissions that are granted to it by .NET code access security (CAS) policy. By default, IIS is configured with Full trust, meaning that unrestricted permissions are granted to applications. However, in some organizations with higher security constraints, only partial trust is granted to applications. Partial trust can be assigned one of four levels: High, Medium, Low, and Minimal.
About using Microsoft .NET Trust levels with the Web Adaptor
When you install the Web Adaptor, the Trust level assigned to the application is inherited from the IIS website to which the Web Adaptor is being deployed. This behavior is identical regardless of the Web Adaptor application pool being set to version 2.0 or 4.0 in IIS.
If the Trust level for the website is assigned to Full, then no action is required on your part. You can configure the Web Adaptor with Portal for ArcGIS normally. If the Trust level assigned to the Web Adaptor is set to High or Medium and you access the configuration page, you'll see the following error:
Before you can configure the ArcGIS Web Adaptor with Portal for ArcGIS, you must set the .NET Trust level of the Web Adaptor application to Full in IIS. After configuring, you can set the Trust level of the application back to the original level and access your portal through the Web Adaptor as normal.
Low and Minimal levels are not supported by the ArcGIS Web Adaptor application. You will not be able to access the configuration page or communicate with Portal for ArcGIS. Because no communication with the ArcGIS software is possible at the Low and Minimal levels, you will only see an IIS error page.
You're required to set the Trust level to Full when you initially configure the Web Adaptor with Portal for ArcGIS. Once configured, the Web Adaptor can be modified to a Trust level of High or Medium. Using the Web Adaptor to forward requests is supported at a Trust level of High or Medium. Follow the steps below to modify the Trust level.
Modifying the Web Adaptor's Trust level
- Open Internet Information Systems (IIS) Manager.
- In the Connections pane, expand Sites.
- Expand the website on which your Web Adaptor is deployed and select the Web Adaptor application.
- Double-click .NET Trust levels.
- From the Trust level drop-down list, choose Full (internal), High, or Medium, as necessary.
- Click Apply.