Menu
When building ASP.Net projects in Visual Studio (version 2015 Community), website configuration files (e.g., Web.Config) are copied by the build process into the bin folder alongside the compiled .dll file, and renamed {assembly}.dll.config.
This occurs despite the Properties Window for the Web.config file being set with the following parameters:
For our solution, this second copy of the file is not necessary, nor used in the {assembly}.dll.config form found in the output bin folder.
I would like to know what is necessary to prevent Visual Studio from making a copy of the configuration file and placing it in the bin output directory.
Having sensitive configuration settings in two places (Web.config in the root directory, and {assembly}.dll.config in the output directory) is problematic from a security standpoint.
242
To deploy your app, Publish your application. This way, only the necessary assemblies/files are deployed. Your published /bin folder will reflect this (will not have the "duplicates" you mention).
Security: depending on what you're after, you can
separate "sensitive" information from web.confg into their own files. This usually is only for keeping such from online repositories (TFS, Git, etc.) - by excluding the file from being in source control
e.g.
<appSettings file="AllMySecrets.config">
....
Use encryption
Hth.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
