Windows SharePoint Services can use any of the following three options from ASP.NET and the CLR to provide assemblies installed in the BIN directory with sufficient permissions. The following table outlines the implications and requirements for each option.
Option Pros Cons Increase the trust level for the entire virtual server. For more information, see "Setting the trust level for a virtual server" Easy to implement. In a development environment, increasing the trust level allows you to test an assembly with increased permissions while allowing you to recompile assemblies directly into the BIN directory without resetting IIS. This option is least secure. This option affects all assemblies used by the virtual server.
There is no guarantee the destination server has the required trust level. Therefore, Web Parts may not work once installed on the destination server.
Create a custom policy file for your assemblies. For more information, see "How do I create a custom policy file?" Recommended approach.
This option is most secure.
An assembly can operate with a unique policy that meets the minimum permission requirements for the assembly.
By creating a custom security policy, you can ensure the destination server can run your Web Parts. Requires the most configuration of all three options.
Install your assemblies in the GAC
Easy to implement.
This grants Full trust to your assembly without affecting the trust level of assemblies installed in the BIN directory.
This option is less secure.
Assemblies installed in the GAC are available to all virtual servers and applications on a server running Windows SharePoint Services. This could represent a potential security risk as it potentially grants a higher level of permission to your assembly across a larger scope than necessary
In a development environment, you must reset IIS every time you recompile assemblies.
Licensing issues may arise due to the global availability of your assembly.