Does CSLA 4.5 still require full trust on server for ASP.NET MVC 4 internet applications?
That depends entirely on you.
If you use the MobileFormatter (instead of BinaryFormatter or NDCS) for serialization then full trust should not be required.
The problem has always been with those two Microsoft serializers, because they are built in a way that requires full trust.
The MobileFormatter is something we wrote to support Silverlight, so it was designed around the assumption of partial trust. Somewhere around version 3.8 or 4.0 we made MobileFormatter available to any code, not just Silverlight.
The 'Using CSLA 4: Data Portal Configuration' book talks about how to configure CSLA to use different serializers.
So an ASP.NET MVC 4/5 public internet application with CSLA server-side can happen for me then.
Copyright (c) Marimer LLC