Hi,
You're having this problem because the Medium trust level doesn't have the Unmanaged Code flag set on the SecurityPermission. In other words, your code is not allowed to call unmanaged code, in this case your ActiveX control. Even the High trust level doesn't have this permission.
There are two decent options. One is to create a custom trust level that adds the permission to the medium trust level. This isn't hard, but takes a few steps. The downside of this technique is that your entire application then has this dangerous permission. But if you are using this ActiveX component throughout your app this might be a reasonable option.
The other, better option is to sandbox the dangerous code, which calls this ActiveX component. Put the code that calls it into a separate assembly, grant that assembly either full trust or a custom trust level, and call into that assembly from your Web page code. This option is a bit more involved because now you have partially trusted callers into the sandboxed assembly, which requires a few extra steps.
The best description I've seen about these techniques is in Dominick Baier's Developing More-Secure Microsoft ASP.NET 2.0 Applications.
Make sense?
Don
Don Kiely, MCP, MCSD
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!