CODEWITHSUNDEEP
vb.netweb-configasp.net-3.5
Maen
Maen

Reputation: 1030

Store and Retrieve values from web.config

I built a small website and there will be only one admin, so in the admin panel I am asking for a password with a value that I do not retrieve from a database, I just hard coded it in the function in code behind, I know this is wrong though I don't know why.

So is hard coding it in web.config the right thing to do? and how?

Upvotes: 24

Views: 44311

Answers (2)

Eoin Campbell
Eoin Campbell

Reputation: 44268

As far as it being wrong... the problem is that if you ever need to change it, and it's hardcoded in your codebehind, you need to recompile,republish, re-deploy your website, whereas a change to the web.config can be done without doing this.

You could put it in an AppSetting in the web.config like so.

<appSettings>
   <add key="AdminPassword" value="ASDF1234" />
</appSettings>

and use this code to retrieve it

System.Configuration.ConfigurationManager.AppSettings["AdminPassword"].ToString()

Though I'd have a look at this.

https://web.archive.org/web/20211029043331/https://aspnet.4guysfromrolla.com/articles/021506-1.aspx

It covers encrypting sections of your web.config

Upvotes: 57

Chad Grant
Chad Grant

Reputation: 45382

Nothing wrong with Eoin's suggestion for tiny projects but if your project may someday need more than 1 admin and different types of users roles. I would take the hit and setup ASP membership.

http://msdn.microsoft.com/en-us/library/ms998347.aspx

You can use integrate it into windows or use a database and it's not too hard to setup. Especially if you use the built in config tool in IIS.

Upvotes: 3

Related Questions