live asp.net web.config settings
-
09-06-2019 - |
Question
I've only recently started working with asp.net and c#. Is there a standard practice set of web.config settings for a live final website? There seem to be a ton of options available and I'm looking to streamline performance, close possible security holes and other unnecessary options.
OTHER TIPS
An empty web.config (or at least an absent <
system.web> element) would mean that all of the framework's recommended defaults would take effect. You would then just need to be concerned with the host (e.g., IIS) set-up.
Start with a clean web.config and only add the sections you need.
For security, all you really can do is make sure you flag <compelation debug="false"> for your production box and set custom errors to true.
Secure all folders containing any sensitive info with the location tag. Encrypt any connection strings with DPAPI.