https://stackoverflow.com/questions/21074323
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYour question was not clear from the beginning. Dave answered correctly. The web.config is indeed unencrypted by default, regardless of the project type you use. You could encrypt it using the instructions given in this post or this post which explains how to encrypt and decrypt configuration sections.
Answering to "what is the difference between a web application project over a website project", this MSDN post describes thoroughly the differences between the two project types, including a summary.
I would suggest using a web application project. The most important benefits (in my opinion) when using a web application project are:
Building produces a dll. This means that when you publish your application, there is no source code on the server. Be careful: This does not mean that your published code is encrypted. Anybody who has access on the server could see your code using a disassembler (like MSIL Disassembler). If you want to make reverse engineering harder, you could use an obfurscator like confuser.
You make debugging easier as the project file contains references to other projects etc. You can also edit and continue while debugging.
You have more visual studio options available, regarding build/publish process. You could for example add prebuild/postbuild steps, using MSBuild or Team Build.
Hope I helped.
