Best practice

[7777]

Sorry am under time constraint. What is the best practice in placing
asp.net published app files on the webserver, like in it's wwwroot or above
it and should the web.config or all pertaining files be encrypted as in will
these be secure from any web user from getting to it? Thanks in advance.

 

[Guest]

Sorry am under time constraint.  What is the best practice in placing
asp.net published app files on the webserver, like in it's wwwroot or above
it and should the web.config or all pertaining files be encrypted as in will
these be secure from any web user from getting to it?  Thanks in advance.

The web.config is not accessible via a browser. The dotnet framework
protected this file, if you will try to open it, you will get "This
type of page is not served". If you want to protect sensitive
information, like connection strings, from other users who has access
to the server you can encrypt by using aspnet_regiis tool. An
application can stay in wwwroot, I don't see any problem with this
directory.

 

[7777]

Thanks a bunch Alexey, much appreciated. Will look into it. Cheers

Sorry am under time constraint. What is the best practice in placing
asp.net published app files on the webserver, like in it's wwwroot or
above
it and should the web.config or all pertaining files be encrypted as in
will
these be secure from any web user from getting to it? Thanks in advance.

The web.config is not accessible via a browser. The dotnet framework
protected this file, if you will try to open it, you will get "This
type of page is not served". If you want to protect sensitive
information, like connection strings, from other users who has access
to the server you can encrypt by using aspnet_regiis tool. An
application can stay in wwwroot, I don't see any problem with this
directory.