Config values in DB or File? - asp.net

I have some configuration values for an asp.net web app. They will be maintained by a system admin once the system goes live. Should I store these values in the database or in a config file? Is there a best practice for this sort of thing?

It's easy and convenient to create a robust interface to edit the values in the database.
It's less easy to create a good one for the config file.
So I would usually you want to store everything which you would like your users/administrators to be able to edit later in the database. Everything which only needs to be touched during serious changes like re-installation etc is better off in the config file.

I would always recommend database simply because you can build an Admin UI relatively easy and audit all changes with similar ease. Although you can accomplish the same with changes to a file, the database route with some sort of a Admin control area is always preferable. Especially when you want to know who changed what when.
Also in our environment, changing a config file if there was an error, involves the entire change management process approvals/etc., which is pretty painful. So if you take the time to incorporate configuration settings in a database I think it will work out better in the long run. Just my $0.02.

I prefer a text config file, .ini style or XML style for these two reasons:
1 - You can put comments in the text file.
2 - Text editors have an "undo" command.

Depending on the context of the config information, you could choose to leave it in the web.config or you could create maintenance tables for it in the database. I would typcially keep things more backend specific, like connection strings, ftp locations, usernames/passwords(for the application, not user permissions) in the web.config though.
I normally keep more relative information that relates to the information in the database rather than the application itself, in the database.
This is all loosely based though and not always the case.

I prefer to avoid databases if I can and I don't need the performance. If you need/have a database then I would say put as much as you can in one place. One thing to manage.

I think databases are a great place for configuration values for distributed applications where you want a users settings to be available to them no matter which computer they use.
Configuration values stored in files are very useful for computer specific configurations (such as if you use a mapped drive to identify a location and every user may have a different mapping, like a CD/DVD drive for instance).
If you don't already have a database for the application you're developing though, it might be overkill to have a database exclusively for application configuration.

I prefer a text .ini file. They are easy to edit, and easy to move around when your application moves around. Here's an example Setting class that you may find useful.

Related

Where is the best and easiest place to store global website settings

I'm just putting together an internal data system for a client, which is ASP.NET VB, backed by an SQL database, on an in-house IIS7.5 dedicated server.
I want to store certain global settings, such as the age limit for news articles, admin contacts etc, in a file NOT within the database (i.e. to avoid unnecessary database query's)
Where would the best place to store this be? global.asax? app.config? or a custom XML file? how would i import these at runtime? (probably to session variables)
ETA:
Also - the settings must be editable from within the site, i.e. an admin section i'm yet to build
If you need these settings to be editable, then the simplest place to store them would be in a database table. You're already building a layer to get in and out with CRUD operations, so adding this little extra won't hamper you. This will also help you keep your web.config clean and your supporting libraries will not need an extra app.config built into them.
Resource files and embedded app.config files are not editable so those preferred methods don't meet your requirements. You don't want people accessing the web.config directly (even through an interface) because changes to the web.config cause the application pool to recycle. A custom XML file would work, but you would have to build a separate parsing engine to get in and out of it. While this is simple, it would be unnecessary since you're already building an access interface for the rest of your database.
If you're really hating yourself though, you could combine the two into a custom xml file stored in the database as an XElement.
Thanks for your suggestions.
I decided the easiest method, given that the details may only need altering a couple of times a year, was to set session variables in global.asax

What options are available for storing application settings in asp.net mvc2?

I need to store the application settings somewhere, but can't find a satisfying solution. Read only settings are pretty easy to store in web.config, but what about settings for application administration that would should be accessible through web-page? Writing to web.config doesn't seem to be a good idea. I have considered storing the settings in custom xml file, but then if there is sensitive information involved in the settings, that seems to be problem, also if there are multiple users modifying the settings at the same time some kind of file locking has to be involved. Now I am inclined to store the app settings the MS-SQL database, it seems like a secure and well scale-able solution, however it feels wrong to have a table to store just one row - the setting. What's your opinion? How would you design that?
Are there any ready to go .NET solutions for storing dynamic web app settings?
Your question is so subjective that I don't even know why I am answering it instead of voting to close. But anyway, a database is a good place. And if you are bored and tired of relational data there are great NoSQL databases out there such as MongoDB and RavenDB that will make this very easy. And if you want a very fast database Redis could be worth checking out.
Storing things in files in a web application is far more difficult than it might look at the first place. If it is for readonly then web.config could indeed be a good place. But once you start writing you will have to take into account that a web application is a multithreaded environment where you will have to synchronize the access to this file. And what looked in the first place as an easy solution, could quickly turn into a nightmare if you want to design it properly. That's why I think that a database is a good solution as it gives you concurrency, security, atomicity, data integrity, ...
I absolutely think that storing settings of dynamic nature in database is the right way. Don't feel bad about having one simple table. This table can save you a lot of headaches. If you'll code it smart you can really benefit from it (but that depends on the type of values you want to store). The only problem with db is that someone might actually modify values directly in database. But it can be easily solved. For example I have a "configuration-values" class that I feed from database upon start and put it to cache with some timeout. Then after a while I can lazily feed it again, catching situations like I mentioned above. I hope it makes some sense.

Where do I store small data items on a web site?

I am writing a web site using asp.net mvc3 and in my website I want to have a page for setting capacity of a queue. this page is shared between some users. so I need to save this data somewhere which is reachable by all users. I do not like to store this value in Database because it is just a number and I prefer to save in another place.I also tried storing in file but it is not a good idea too because it need permission setting.
is there any other place than files on server which let me do this?
You are going to have to persist it somewhere if you want it to stay around, either a flat file or database or something similar.
Other than that, you can cache the value in memory (session, static, or another caching scheme) so you aren't constantly reading it from a heavyweight store. For example you could read it in on application start and then just use the in memory variable (writing it back to the disk when it changes).
Just create a table Settings with two columns Key and Value and reuse it for other settings you may need in the future.
Your database is a good place for storing your data - ie. database backups will backup your settings as well.
The alternative is using Configuration Manager.
NoSQL is a great option in this case, I think for this particular case Redis is a better fit, checkout Booksleeve from NuGet

Single ASP.net site with Multiple Instances & web.configs

We have a legacy ASP.net powered site running on a IIS server, the site was developed by a central team and is used by multiple customers. Each customer however has their own copy of the site's aspx files plus a web.config file. This is causing problems as changes made by well meaning support engineers to the copies of the source aspx files are not being folded back into the central source, so our code base is diverging. Our current folder structure looks something like:
OurApp/Source aspx & default web.config
Customer1/Source aspx & web.config
Customer2/Source aspx & web.config
Customer3/Source aspx & web.config
Customer4/Source aspx & web.config
...
This is something I'd like to change to each customer having just a customised web.config file and all the customers sharing a common set of source files. So something like:
OurApp/Source aspx & default web.config
Customer1/web.config
Customer2/web.config
Customer3/web.config
Customer4/web.config
...
So my question is, how do I set this up? I'm new to ASP.net and IIS as I usually use php and apache at home but we use ASP.net and ISS here at work.
Source control is used and I intend to retrain the support engineers but is there any way to avoid having multiple copies of the source aspx files? I hate that sort of duplication!
If you're dead-set on the single app instance, you can accomplish what you're after using a custom ConfigurationSection in your single web.config. For the basics, see:
http://haacked.com/archive/2007/03/12/custom-configuration-sections-in-3-easy-steps.aspx
http://msdn.microsoft.com/en-us/library/2tw134k3.aspx
Example XML might be:
<YourCustomConfigSection>
<Customers>
<Customer Name="Customer1" SomeSetting="A" Another="1" />
<Customer Name="Customer2" SomeSetting="B" Another="2" />
<Customer Name="Customer3" SomeSetting="C" Another="3" />
</Customers>
</YourCustomConfigSection>
Now in your ConfigSection Properties, expose Name, SomeSetting, and Another. When the Property is accessed or set, use a condition (request domain or something else that uniquely identifies the Customer) to decide which to use.
With the proper implementation, the app developers don't need to be aware of what's going on behind the scenes. They just use CustomSettings.Settings.SomeSetting and don't worry about which Customer is accessing the app.
I know it might seem annoying, but the duplication is actually a good thing. The problem here is with your process, not with the way the systems are setup.
Keeping the sites separate is actually a good thing. Whilst it looks like "duplication" it's actually not. It's separation. Making changes in the production code by your support engineers should be actively discouraged.
You should be looking at changing your process to change once deploy everywhere. This will make everything a lot easier for you in the long run.
To actually answer your question, the answer is no, you can't do it. The reason is that web.config isn't designed to store user level settings, it's designed to store per application instance settings. In your case, you need an application instance per user which means separate config files.
For your system to work, you need to be able to preemptively tell the application which config file to use, which isn't possible without some sort of input from the user.
Use an external source control application and keep rolling out updates as required.
It isn't really a good idea to let your live site be updated by support engineers in real time anyway.
Depending on what is actually in the web config, and what settings differ between customers, you could opt to use a single web config, and store other customer specific configuration options in a database or some other custom xml/text file. As long as the specific customer settings in the web.config don't have to do anything with how IIS operates, and you are just using it to store values, then this solution might work out well for you.
Thank you all again for your answers. After reading through them and having a think what I think I will do is leave the multiple instances alone for now and I will try to improve our update process first. then I will develop a new version of the application that has the user configuration information in the database layer and then pick the user based on the request domain or URL as someone suggested. That way I can have a single application instance supporting multiple different client configurations cleanly.
As most of the client configuration data is really presentation or data source related, nothing complicated. I think we ended up with multiple application instances mostly because the original programmer hadn't been expecting multiple customers and didn't design for that so when someone came along later and added a second customer they just duplicated the application which is wasteful as each instance is about 99.99% identical to the original.
I am implementing this as we speak.
In the main web.config, I have 1 item per installation. It points me toward the custom config file I built for each client (and toward the custom masterpage, css, images, etc).
Using WebConfigurationManager.OpenWebConfiguration, I open the new webconfigs in their subdirectories. I determine which one to use by using System.Web.HttpContext.Current.Request.Url.OriginalString, and determining the uRL that called me. Based on that URL, I know which web.config to use.
From that point forward the clients all use the same codebase. They have their own databases too.
The idea of having to update 30-40 installations when we make an update scares the death out of me. We do not want to support 30-40 codebases, so there won't be customization beyond the master page, css, and images.
I wrote a custom class lib that knows how to switch to the proper webconfig, and read the custom section I built with all our settings.
The only issue I have now is the FormsAuthentication Cookie. I need to be able to switch that as well. Unfortunately, the property for the name is read only
If I understand correctly, it sounds like you have multiple deployments (one for each client) where the only difference is the web.config, right?
First off, although I don't know your unique situation, I would generally urge you to stay with separate installs. It usually allows much more flexibility. Off the top of my head: are you ever going to have customizations, or different clients running different versions? Are you sure? The easiest way to stay flexible here is to keep going with separate installs.
In my opinion, it isn't ugly at all if your practices are aligned properly. Based on some things you mentioned, you have trouble in that area - obviously, possible source control buy-in/training issues. But you are aware of that. I would also take a hard look at your deployment procedures and so on. I have a feeling you might have further issues in that area, and I mean absolutely no offense.
That said, let's say you want to move forward with this.
You didn't say whether all the clients share a single common database, but I'm thinking no, since designing that type of system is often not worth the extra complexity (which can be severe in systems of any size) so people often opt to keep them separate.
What that means is that you have store your connection string somewhere. Usually that would be web.config... So that seems to break our plan.
Really, the apparent elegance of this situation is almost always wildly offset by the challenges it introduces. If I thought about it hard enough, I could maybe find a way around this by introducing another database that intelligently manages connection strings or maybe delving into keeping all your login info directly in web.config (which is possible but... not ideal), however my gut says the work will be wasted because some day you will end up going back to how you're doing it now.
Also: changing code directly in production is obviously not the best practice here. But you if you are on a monolithic shared platform with any amount of traffic, that can never ever ever happen. Food for thought.
Let me know if I'm missing something!

Do these values belong in a config file or database?

There are multiple values I have been storing in ASP.NET configSections sections for each "module". I have been wondering if they even belong in these files at all.
The background stands at: These are multiple instances of the web application deployed. All use the same database but have their own settings.
I'm sure that differences between development and production go in the config files. Some of the values I know should include: connection strings, providers to use, setting debug, etc.
I have factored out all the common pieces in to classes with their own rules and methods. The pieces left are miscellaneous settings for each module in each site. Some of the options I'm unsure of include:
For ModuleA, Show/Hide Option
For ModuleB, What is the terminology to be used for this field
For ModuleC, Allow end user to perform X action
Mmm these sounds like things that you might want be able to change at runtime for your application without having to modify the app.config. One rule of thumb I like to follow is that anything in the config should be for the deployment or server configuration. In this case your settings appear to be modifying the application behaviour and so I would probably move them into the DB if it is not alot of effort.
ModuleA and ModuleC sound like they may be user profile information. If they're not dynamic by user, but you could add later functionality, then maybe move them to a DB.
I've written apps where ModuleB would have been put in a DB also. Things like form labels, etc. can easily go in a DB. If, at a later date, someone decides to add or remove colons to all form labels, that's a pretty easy thing to do if all of the text is stored in a DB.
Consider the situation when you need to edit one of the values.
If the value is in web.config, saving the change to that file will cause the app to recycle, inconveniently throwing out current users. Not so much of a problem if your app is on an intranet only used during business hours (though you could get an angry call from the guy who stayed to work late). But potentially a problem on a public website with international users.
If the value is in a database, it will have no impact on the app's processing in that way.
Either way, consider whether the values are cached in the app's RAM (web.config is). Are the database values in an Application variable, or in Cache? If so, you may not know when the change will occur. Unless you want to restart the app.
And, what different access and permissions would the appropriate admins need to make the changes? Someone would have to have access to the web server(s) to change web.config, or to the database (and table) to change that.
A few questions: Why do you use the same DB for multiple instances of the application, and how will that effect maintanence?
In the future will it be an option to split the db in order to improve performance? Does the config model support that change better then the DB based one?
In other words, you will have to consider a lot variables in order to answer your question :-)

Resources