Web.Config at IIS Root

[Chad]

We want to share common parameters across multiple web apps using a shared
web.config at the IIS root level.

Out Sys Admin objects to thhis for security reasons.

What is the best practice? Is there an increeased risk here? If so, why?

 

[Juan T. Llibre]

re:
!> Is there an increased risk here? If so, why?

None.
If there's risk in one app, there'd be risk for all apps...but there isn't one.

However, I would set machine-wide settings in machine.config
....not in a web.config in the IIS root.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================

We want to share common parameters across multiple web apps using a shared web.config at the IIS
root level.

 

[Samuel R. Neff]

It's unlikely you'd have security issues (but it's possible depending
on what you declare in the web.config). It is possible you can end up
with problelms where some apps don't really want to share the same
things. This is particularly true if you have apps on the same server
running different versions of asp.net.

hth,

Sam