Reputation: 7543
How should web.config be deployed?
I am designing a web app that will be licensed to organisations to install on their Intranets. I am using the 'Publish' feature in VS 2010. This creates all the necessary aspx pages but compiles code into a DLL so it is not exposed to the client.
However, the published web.config remains editable so presumably the client could turn <compilation debug="true"> to look at my code, or change the assembly references to effectively 'mod' the app. Is it necessary/possible to get around this?
Upvotes: 1
Views: 287
Answers (3)
Reputation: 76258
Unless you're shipping source code, turning <compilation debug="true"> will have no effect on the released/published DLLs.
You can obfuscate your DLLs so that even if they look it up in Reflector, it doesn't make much sense.
Upvotes: 2
Reputation: 499382
If you are simply compiling your web app, anyone can decompile the code using a tool like Reflector.
web.config settings have no effect on this.
You may want to look at obfuscating your assemblies - DotFuscator is one obfuscation tool that is widely used, though there are many others.
Upvotes: 1
Reputation: 19618
You can encrypt the web.config file.
More details : Walkthrough: Encrypting Configuration Information Using Protected Configuration
Upvotes: 1
Related Questions
- Applying Web.Config transformations outside of Web Deployment
- how to deploy web.config modifications in a Sharepoint web application?
- Web config setting for deployment
- managing configurations in web.config
- Deploy asp.net app for several instances on a server and adapt config file
- ASP.net Deployment
- Modify Web.config during/after Web Setup project
- Deploy multiple configs or put everything in a single web config?
- When does web.config get brought into the application
- are all parts of the web.config required once compiled