Advertisement

live asp.net web.config settings

Advertisement


live asp.net web.config settings


Question

I've only recently started working with asp.net and c#. Is there a standard practice set of web.config settings for a live final website? There seem to be a ton of options available and I'm looking to streamline performance, close possible security holes and other unnecessary options.

2014/06/07
1
5
6/7/2014 8:56:22 PM

Accepted Answer

2008/09/11
3
9/11/2008 1:04:59 AM

An empty web.config (or at least an absent <system.web> element) would mean that all of the framework's recommended defaults would take effect. You would then just need to be concerned with the host (e.g., IIS) set-up.

Mark Cidade
2008/09/11

Start with a clean web.config and only add the sections you need.

For security, all you really can do is make sure you flag <compelation debug="false"> for your production box and set custom errors to true.

Rob Allen
2008/09/11

Secure all folders containing any sensitive info with the location tag. Encrypt any connection strings with DPAPI.

Gulzar Nazim
2008/09/11

Source: https://stackoverflow.com/questions/55572
Licensed under CC-BY-SA with attribution
Not affiliated with Stack Overflow
Email: [email protected]

Related Url

Learning Tools