简体繁体 English

在服务器上保留ASP .NET代码隐藏文件？

[英]Keep ASP .NET code-behind files on server?

原文 2010-09-21 04:30:28 5 6 c#/ asp.net

I'm inheriting a web application and the previous programmer compiled all his code into a .dll. 我正在继承一个Web应用程序，之前的程序员将他的所有代码编译成.dll。 The .cs files are not present on the server. 服务器上不存在.cs文件。

Working on previous projects, I've always uploaded the .aspx file and the corresponding .cs file. 在以前的项目上工作，我总是上传.aspx文件和相应的.cs文件。 It's never been a problem for me and I always thought it was standard procedure. 这对我来说从来都不是问题，我一直认为这是标准程序。 Am I wrong or just paranoid? 我错了还是只是偏执狂？

6 个解决方案

Will,I think this is quite common to keep code precompiled into dll. Will，我认为将代码预编译成dll是很常见的。 Then the code is less exposed for potential security holes. 然后代码暴露在潜在的安全漏洞中。 This provides also many advantages, which include faster initial response time, error checking, source-code protection, and efficient deployment. 这也提供了许多优点，包括更快的初始响应时间，错误检查，源代码保护和高效部署。 This is particularly important in large sites where there are frequent changes in Web pages and code files. 这在网页和代码文件频繁更改的大型站点中尤为重要。

Leaving source code as a part of the project isn't necessarily the best source code management process. 将源代码作为项目的一部分不一定是最好的源代码管理过程。 There are tools for that. 有工具可以做到这一点。

Also, precompiling source code isn't out of the ordinary (this is a Web Application project rather than a Web Site project in Visual Studio), and has many benefits. 此外，预编译源代码并非与众不同（这是一个Web应用程序项目，而不是 Visual Studio中的Web站点项目），并且具有许多优点。

Note that this doesn't make you wrong or paranoid. 请注意，这不会让你错或偏执。

There are good reasons for both strategies you just have to figure out what is going to work best for you environment and for the application. 这两种策略都有很好的理由，你必须弄清楚什么才能最适合你的环境和应用程序。

In some ways it is good to have it precompiled if you worry about someone accidently making a change on the server but not checking the change into source control. 在某些方面，如果您担心某人意外地在服务器上进行更改但未检查更改为源代码管理，那么最好对其进行预编译。 With non-precompiled if you don't have change control on your server it can be hard to figure out who "accidently" made a change and why without checking it in. 如果您没有预编译，如果您的服务器上没有更改控制，则可能很难确定谁“意外地”进行了更改以及为什么不检查它。

On the other side, if you don't precompile it can make deployment more straight forward. 另一方面，如果您不进行预编译，则可以使部署更直接。

Just do a little research behind both strategies and decide what is going to work best in your situation. 只需对这两种策略进行一些研究，并确定哪种方法最适合您的情况。

As Nader pointed out, in a Web Application you don't need the CS files at all. 正如Nader所指出的，在Web应用程序中，根本不需要CS文件。 There is not a huge risk of the source files being served accidentally, as protecting these files is a core function of IIS request management. 由于保护这些文件是IIS请求管理的核心功能，因此不会意外地提供源文件的巨大风险。 Still, it is generally good practice not to deploy them to a production web server. 但是，通常不要将它们部署到生产Web服务器。

In any case, source files should at the bare minimum always be backed up in a location that is not the web server and should be source controlled whenever possible. 在任何情况下，源文件应该至少始终备份在不是Web服务器的位置，并且应尽可能地进行源代码控制。 I have seen too many websites where the source files were lost and the site was useless as a result. 我看到太多的网站丢失了源文件，因此网站没用。

Like everyone above has said, compiling source code into DLLs is considered best practice. 像上面所说的那样，将源代码编译成DLL被认为是最佳实践。

If you'd like to see the code of the DLLs you've been left with, there's a handy (and free!) tool called Reflector (apologies if you've already got it) 如果你想看到你留下的DLL的代码，有一个方便的（和免费的！）工具叫做Reflector（如果你已经得到了它就道歉）

http://www.red-gate.com/products/reflector/ http://www.red-gate.com/products/reflector/

Just load up the DLL and then disassemble to view the source. 只需加载DLL然后反汇编以查看源代码。

Web Application Projects compile into .dlls and leave no source on the server. Web应用程序项目编译为.dll，并且不在服务器上保留任何源。

Web Site Projects deploy all the source to the server. 网站项目将所有源部署到服务器。

It's a religious war as to which is best. 这是一场最好的宗教战争。 Google will present you with many varied opinions, so I won't press my own opinions on you. Google会向您提供各种不同的意见，因此我不会对您发表自己的意见。