1) You can determine the exact permission requirement with
permcalc[
^].
2) I am not really on top with all permission requirements, but you want to do some low level stuff. I can imagine, that you need registryaccess permission to get mac address of the interface. With medium trust you won't have.
3) You can keep the medium trust level, but define custom policy to have access to what your application really needs:
https://msdn.microsoft.com/en-us/library/ff648344.aspx[
^]
4) What do you inted to do with local machine's MAC addresses all concatenated? First: use stringbuilder to concatenate, secound: you might have more than ten active interface MACs on a physical server.
5) IIS has built in IP access security:
https://www.iis.net/configreference/system.webserver/security/ipsecurity[
^]
Please clarify what your concrete intentions are...