We have an site made up of several hundred ASP.NET 4 web apps. Currently our production config is specified in config transforms and resides along with the source code for each application. We deploy to staging and production environments using WebDeploy packages.
What are the options for securing the configuration?
I can think of the following:
encrypt the config files and build tool/s that use certs to decrypt in prod
store and deploy the configuration transform files separately
extend the system.configuration to read config from env. vars (easy for appSettings, more involved for custom config sections).
Is there a standard approach for this and perhaps some tools I am unaware of?
Related
In ASP framework I can add
<connectionStrings configSource="ConnectStrings.secrets.config" />
to the Web.config file and have a local development database ConnectStrings.secrets.config file which is in the root folder of the project but not included in the solution, and a deployed ConnectStrings.secrets.config file with my live database details.
Its a great fail safe to only develop with the dev database and publish to staging and live environments without cross pollination.
I don't want to setup predicates etc, so wont use appsettings.development.json etc. Is there a way of working with ASP Core and its appsettings.json file to refer to a separate file as above.
I'm not aware of any binding redirects in the json config of ASP core.
Generally the way we handle something like this (which is not quite as great but helps solve the whoopsies) is to validate config on startup. Inside of each config file such as appSettings.development.json we have the following key
Environment: "Development"
If the environment variable ASPNETCORE_ENVIRONMENT is a mismatch, prevent app from starting.
I have configured my Azure website to deploy from a Bitbucket Mercurial repository. I only have one branch. From the logs (see below), it looks like the deployment process uses the Release configuration.
...
MyProject.Web ->
D:\home\site\repository\MyProject.Web\bin\MyProject.Web.dll
Transformed Web.config using
D:\home\site\repository\MyProject.Web\Web.Release.config
into obj\Release\TransformWebConfig\transformed\Web.config.
...
Let's say I have three environments, DEV, BETA, and PROD. I have web.config transformations for each since they may have different connection strings or various other different settings across each environment. How can I specify a different configuration?
You can create a .deployment file in the root of your repo and put this in it
[config]
SCM_BUILD_ARGS=-p:Configuration=Debug
Alternatively you can specify that in the site's App Settings from portal. like this:
SCM_BUILD_ARGS=-p:Configuration=Debug
For more about custom deployment settings you can refer to this
We have a cluster of identical IIS machines. I'd like to keep IIS Configuration settings in TFS, and integrate into the deployment process.
This would allow us to edit in one place, ease server scaling, rollback bad changes etc.
I'm thinking of using a web.config transform but apply to to the applicationHost.config to allow deploying to dev, uat production environments.
So my question is
Has anyone versioned the configuration files in %windir%\system32\inetsrv\config
Is there better way to keep these server settings in version control?
If there aren't any manual tweaks to the config, an alternative would be to put the configuration in a Powershell Desired State Configuration (DSC).
This would allow you to scale more parts of the configuration (windows features etc) and deploy them for you. With the latest version of release management (http://blogs.msdn.com/b/visualstudioalm/archive/2014/05/22/release-management-for-microsoft-visual-studio-2013-with-update-3-ctp1-is-live.aspx), you can integrate this in your build and deployment pipeline.
What is the best practice of configuration management for web applications that are published to Amazon Beanstalk?
Now configuration of our web application is separated among several files. One of them is web.config, where we have basic connection strings.
Others are custom xml files with configuration of different application modules. These files are mapped to config classes via default xml serialization.
The simplest way is to add these configs into Visual Studio's project. But this solution produces several questions:
We do not want our production settings be visible to newcome team members.
We want to be able to switch between different configurations of application - we have our local server with SQL Server, which is used for development as it is faster and more responsive than Amazon's instances we use.
We can consider moving all application and its modules settings into System.Configuration format and use config file transformations, having two solution build configurations - one for Amazon and one for dev environment. But this means we would have not to forget to switch to Amazon solution configuration before publishing project. Is it possible to set solution configuration that will be used to publish to Amazon by default?
I have an application that is installed at several different client's servers. They each have different web.config files and different virtual folders. At the moment I am compiling, manually copying over, setting up IIS, changing web.config and adding virtual folders for each install and also again when updating.
I simply don't know how to deploy using something like Web Deploy or Deployment Package that will let me create different config files or how to manage virtual folders (I would assume I would simply deploy empty folders and would still have to do this part manually). I can handle setting up IIS and virtual folders from the start but I want each client to be able to download new versions and install them without my input (as some Clients are funny about remote access).
You can setup build configurations for each environment. Typically, you get Debug and Release out of the box. I like to replace those with Development, Staging, and Production configurations, which allows a different web.config per environment.
Of course, when publishing, you still have to make sure you select the correct configuration.
I'm not a fan of Web Deploy and other schemes because web-servers, unlike desktops, all tend to have a unique configuration.
In my case, all of our web applications are deployed with custom-written VBScripts (much more pleasant than Batch files and without needing to relearn PowerShell). VBScript (with its default COM object library) provides a compelling platform for writing deployment scripts. And if you can't stand the syntax you can use JScript using the same tools. Bonus: Visual Studio still provides Windows scripting IntelliSense despite it not being an advertised feature).
My most recent deployment script is simple: it's a VBScript (invoked by VS's Post-build command-line) that uses 7-Zip to pack up the web application's files, then generates an ftp.exe batch file (then runs ftp.exe itself) that uploads the files to the server, it also generates an uploads a file called "Unpack.cmd" which calls 7-Zip to extract the files into the right place. The only manual step is executing Unpack.cmd on the server, but that can be done with Remote PowerShell, for example.
Why do you need to customise your IIS configuration separately from the application? Can't you put everything in your web.config file under <system.webServer>?