简体繁体 English

MVC5 Web应用程序中的应用程序设置-使用C＃类还是Web.Config？

[英]Application Settings in MVC5 Web App - Using C# class vs Web.Config?

原文 2014-12-31 15:57:26 5 2 c#/ asp.net/ asp.net-mvc-4

I'm building out my application and I'm at a point where I've hardcoded a lot of settings at the top of my class files - stuff like ApiSid and ApiKey , SmtpServiceUsername , MyEmailPassword etc. I'm now trying to consolidate these and I see two options: 我正在构建我的应用程序，现在我已经在类文件的顶部对很多设置进行了硬编码-诸如ApiSid和ApiKey ， SmtpServiceUsername ， MyEmailPassword等之类的东西。我现在正在尝试整合这些设置我看到两个选择：

1) Push them all into web.config . 1）将它们全部推送到web.config 。 I don't like the thought of muddling up my web.config with tens (almost 100) settings though... I also feel uncomfortable with security here. 我不喜欢将我的web.config与数十个（近100个）设置混为一谈的想法……我也对这里的安全性感到不舒服。
2) Build a static class that just contains these settings (Settings.cs) - basically housing a bunch of constants that are referenced throughout the app. 2）建立一个仅包含这些设置的静态类（Settings.cs）-基本上包含一堆在整个应用程序中引用的常量。

I feel more comfortable with the second approach because I can keep my settings totally isolated and not worry about exposing them via web.config - is there anything inherently wrong with this approach? 我对第二种方法更满意，因为我可以使设置完全隔离，而不必担心通过web.config公开它们-这种方法有天生的错误吗？

2 个解决方案

This is not necessarily the best approach but I'd store these kind of settings in the database. 这不一定是最好的方法，但是我会将这些设置存储在数据库中。 This gives you database security for the settings plus it's easy to update the settings without having to stop / restart the application so you avoid kicking out users. 这为您提供了设置的数据库安全性，而且无需停止/重新启动应用程序即可轻松更新设置，从而避免了淘汰用户。

Once you have your settings in the database, you can load them periodically (like every 15-20 minutes) to detect changes. 将设置保存在数据库中后，可以定期（例如每15-20分钟一次）加载它们以检测更改。 In the meantime, create a dictionary of the data and either wrap it in a class that provides type-safe access through properties or just use the dictionary directly. 同时，创建数据字典，然后将其包装在通过属性提供类型安全访问的类中，或者直接使用字典。 Since this is web application, you'll have to use a thread-safe class (like ConcurrentDictionary ) to make sure multiple threads can safely access your settings. 由于这是Web应用程序，因此必须使用线程安全类（例如ConcurrentDictionary ）来确保多个线程可以安全地访问您的设置。

If you have so many settings, web.config would be cluttered and every change would force an app pool restart. 如果设置太多，web.config将会混乱不堪，每次更改都会强制重新启动应用程序池。 As @David mentions in his answer, the config file gives you an easy way to have different settings for different environments but this is also easy to do with a database approach where settings may be present once per environment. 正如@David在回答中提到的那样，配置文件为您提供了一种针对不同环境进行不同设置的简便方法，但是使用数据库方法也很容易做到这一点，每个环境中可能只存在一次设置。

is there anything inherently wrong with this approach? 这种方法有天生的错误吗？

What makes you think putting constants in the code is any more secure than in the config? 是什么让您认为在代码中放置常量比在配置中更安全？ The compiled DLLs are right there next to the Web.Config , if somebody can examine one of them they can examine the other one. 编译的DLL就在Web.Config旁边，如果有人可以检查其中一个，则可以检查另一个。 Hard-coded values can be de-compiled pretty easily. 硬编码的值可以很容易地反编译。
Config files exist for a reason. 配置文件存在是有原因的。 Specifically, if any value is going to change per environment then it belongs in the config file. 具体来说，如果要根据环境更改任何值，则它属于配置文件。 That way the same identical codebase can be used in any environment (development, test, production, etc.) and you'd just edit the config values for that environment. 这样，可以在任何环境（开发，测试，生产等）中使用相同的代码库，而您只需编辑该环境的配置值。 Having to re-compile the code just to deploy the same version to a new environment is less than ideal, since it's no longer the same version. 仅仅为了将相同版本部署到新环境而不得不重新编译代码是不理想的，因为它不再是相同版本。

I don't like the thought of muddling up my web.config with tens (almost 100) settings though 我不喜欢将我的web.config与数十个（近100个）设置混为一谈的想法

Why not? 为什么不？ If they're all flat static values, a list of appSettings keys would be fine. 如果它们都是平面静态值，则可以使用appSettings键列表。 If there's more structure to them, create custom config sections . 如果需要更多结构，请创建自定义配置部分。