Advertisement
Advertisement


live asp.net web.config settings


Question

I've only recently started working with asp.net and c#. Is there a standard practice set of web.config settings for a live final website? There seem to be a ton of options available and I'm looking to streamline performance, close possible security holes and other unnecessary options.

2014/06/07
1
5
6/7/2014 8:56:22 PM

Accepted Answer

2008/09/11
3
9/11/2008 1:04:59 AM

An empty web.config (or at least an absent <system.web> element) would mean that all of the framework's recommended defaults would take effect. You would then just need to be concerned with the host (e.g., IIS) set-up.

2008/09/11

Start with a clean web.config and only add the sections you need.

For security, all you really can do is make sure you flag <compelation debug="false"> for your production box and set custom errors to true.

2008/09/11

Secure all folders containing any sensitive info with the location tag. Encrypt any connection strings with DPAPI.

2008/09/11