Wednesday, April 11, 2007

ASP.Net Quick Tips Web.config

February 28

ASP.Net Quick Tips
- Web.config




Sursa




The first round of ASP.Net
Quick Tips was very successful. I have about 30 or so tips jotted down, but
I am always looking for more. I am leaning towards doing them by theme/topic
with state management/cache, data access, web controls, accessibility/standards,
and tips from around the web are in the queue. But as the title suggests,
today is all about the web.config.


Tip: Set debug = "false" before you go to production.


This really is not a tip, it is a must. NEVER go to production with debug
purposely set to true.


<compilation defaultLanguage="c#" debug="false" />


As
ScottGu points out (click through for a lot information on the topic)



  1. The compilation of ASP.NET pages takes longer
    (since some batch optimizations are disabled) 
  2. Code can execute slower (since some additional debug paths are
    enabled) 
  3. Much more memory is used within the application at runtime 
  4. Scripts and images downloaded from the WebResources.axd handler are not
    cached

Tip: If you do not control your production environment, set your
trust level to medium.


<trust level = "Medium" />


More and more ISP's and server administrators are setting the ASP.Net trust
level to medium. There are quite a few things you cannot do in ASP.Net while
using Medium Trust. In most cases, you can work around this, but it is
better to know while you are writing the code than when a customer sends you an
error message that simply states their was a security exception. (In addition,
the term security exception generally freaks them out).One of the hardest tasks we ever had to complete on Community Server was to get it to
function properly under Medium trust after we had written a substantial amount
of code. Our checked in web.config now has the trust level set to medium which
makes these issues very apparent as soon as they are created.


Note: By far, the most frequent case of medium trust issues is external
HttpRequests. Under medium trust it is not possible to make an
external HttpRequest without changes to your local policy or via a
proxy. For Community Server, we recommend you use a proxy which is supported
out of the box. Because of these extra configurations steps, out of
the box, the Community Server web.config does not force medium trust.


Tip: Disable session state when not in use.


<sessionState mode="Off" />


I will not get into the virtues/issues with session, but needless to say,
most applications can be written to not use it (we make no use of session in Community Server). If you are not using
it, turn it off. The overhead is minor, but it is something that happens on
every request.


Tip: Disable ViewState


<pages enableViewState="false" />




Read more: http://meshaje.spaces.live.com/Blog/cns!439D09C4A8EA3868!118.entry
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)