简体繁体中英

ASP.NET Web.Config referencing config file outside web root

原文 2018-03-22 15:44:57 7 1 asp.net/ security/ web-config

I'm having a dispute over a web config layout from a security point of view.

Our app.config is including a key which references two files containing the security settings (db name, password, AD root, a valid user and password to authenticate against, etc). Those two files are outside the web root, and plain text. Somehow i feel that's plainly wrong. That's what web.config is for, to hold configs, and since it can be encrypted, and IIS would never serve a .config file, it should be safe enough.

Is it really a bad practice? Can anyone point me in the right direction? thanks in advance.

1 answers

Best practice is to keep any security settings in web.config file and access them in your code behind. Besides you can encrypt and transform your config security settings in web.config as well.

Web.Config file in asp.net

ASP.NET WEb.config Referencing an assembly

Asp.net Web.config - Moving the sitemap provider outside the web.config

web.config in asp.net

ASP.NET web.config configuration

Asp.Net Web.Config Sharing

ASP.NET, two Web.Config

web.config in asp.net

ASP.NET SMTP + web.config

asp.NET Web.config

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Web.Config file in asp.net ASP.NET WEb.config Referencing an assembly Asp.net Web.config - Moving the sitemap provider outside the web.config web.config in asp.net ASP.NET web.config configuration Asp.Net Web.Config Sharing ASP.NET, two Web.Config web.config in asp.net ASP.NET SMTP + web.config asp.NET Web.config

Related Tags

ASP.NET Web.Config referencing config file outside web root

Question

1 answers

solution1 0 ACCPTED 2018-03-22 16:54:09

solution1
0 ACCPTED 2018-03-22 16:54:09