1

In my web site which is basically a monitor application I have to keep a configuration file which contains some web servers name, names of web sites hosted on each web server, url and port numbers etc.

Can anyone please explain me what are the benefits of treating this configuration file as custom configuration file of my web application and reading it using "ConfigurationSection" or "IConfigurationSectionHandler" rather than treating it as a normal xml file and reading it using 'XMLDocument' or 'XMLTextReader' or 'XLINQ' etc? This will save me from creating an entry in in the web.config file as well this custom configuration file.

I have spent good amount of time on the internet looking for this answer but could not find any satisfactory answer.

Please help..

bluish
  • 26,356
  • 27
  • 122
  • 180
binu
  • 337
  • 2
  • 5
  • 16

2 Answers2

4

There are at least two reasons:

  1. The web.config is designed to hold the configuration for your website; therefore, anyone maintaining the site in the future will know to look there for settings that pertain to the site.
  2. Using the *.config for any application allows you to use the ConfigurationManager class (in the System.Configuration assembly) to read from / write to the file, which is simpler than writing your own xml (as it is designed specifically for the purpose of persisting configuration information).
Mark Avenius
  • 13,679
  • 6
  • 42
  • 50
  • A note that accordlingy to this question answer's, http://stackoverflow.com/questions/719928/how-do-you-modify-the-web-config-appsettings-at-runtime messing with web.config files will cause a application restart, so writing to it is not advised. – Malavos Aug 20 '15 at 17:58
  • 1
    @Malavos True, but generally, when changing settings, I expect to entertain the possibility that I will have to restart the application to have them take effect. Still, a good point to consider when deciding where to put them. – Mark Avenius Aug 21 '15 at 12:46
  • 1
    @MarkAvenius sure, I'm just commenting for people that ended here in google like me. The more information about the solutions, the better. – Malavos Aug 21 '15 at 12:47
3

From a security perspective, if you put your XML file on your site and I can guess/discover the filename, I can get the file and I now know all your sites, what servers they are on, and a set of ports on the server that are open that I might be able to use to attack and take control of the servers.
By contrast, ASP.NET will not (by default) serve up a .config file to a browser request, making it harder for me to discover all that information.

PhilPursglove
  • 12,511
  • 5
  • 46
  • 68