From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Externalizing Web.config settings
- [Instructor] One approach to put sensitive information that usually resides in web.config, to another place, so that maybe it can be excluded from a repository check in, is to externalize certain configuration settings. Truth be told, that's not my favorite approach, but I still would like to cover it, and show you which options you have, and especially what differences there are, because that's pretty important when you use that yourself, in your applications. What you can do with "appSettings", is that you provide a file name with additional "appSettings". You use the "file" attribute of the "appSettings" node, and then reference a different config file. Note that I also use the ".config" file extension here, thanks to the .NET Framework preventing this from being downloaded via HTTP. And the idea is now that web.config will be checked into the repository, because there might be important settings for the application to actually run, however, all the secrets are in another file…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Storing secrets in Web.config4m 19s
-
(Locked)
Externalizing Web.config settings3m 35s
-
(Locked)
Encrypting Web.config4m 21s
-
(Locked)
Azure Key Vault2m 36s
-
(Locked)
Managing the Key Vault with Azure Shell4m 45s
-
(Locked)
Password hashing1m 20s
-
(Locked)
Adding password hashing to the app3m 18s
-
(Locked)
-
-
-