0

I have ASP.NET MVC 5.2.6 project, In short, when I want to publish the website, I do not want to publish the Views as loose *.cshtml files in the Views folder, I want to integrate the Views inside a dll.

I found this question, it is talking about compiling the ASP.NET MVC Razor Views, I applied it and it worked for me, and I was able to compile the ASP.NET MVC Razor Views, but I could NOT get rid of them, when I deleted the *.cshtml files, the website is no longer working, that is mean that the views do not go inside a dll.

Here is the Error when I delete the Views folder

enter image description here

which is obviously, say that he could not find the view. Should I write some code to manipulate the Razor search Engine to enforce it to look inside the dll?

Hakan Fıstık
  • 16,800
  • 14
  • 110
  • 131
  • The question you have found is related to compiling the views in development so that it checks whether their code is valid - i.e. type checking etc. You can turn this feature on to add robustness to your teams check-ins, but as far as I am aware, it will not compile them into a DLL, and there is no way I know of that that it can be done; so that the cshtml is no longer required – developer May 23 '18 at 14:07
  • 1
    Which MVC version? – Maess May 23 '18 at 14:07
  • Why not? Why is having the cshtml files a bad thing for this problem? – Twisted Mentat May 23 '18 at 14:10
  • @TwistedMentat it is related to the security policy which my company follow – Hakan Fıstık May 23 '18 at 14:11
  • 3
    Sounds like a security policy that isn't fit for purpose. Like @developer I don't know of anyway to totally remove the cshtml file. The answer you reference is about doing all the compilation checks and such on build instead of at runtime which is when they are usually done. – Twisted Mentat May 23 '18 at 14:14
  • what security do you think it gives, precisely? No-one without appropriate permission should ever have access to the server to see what's in the cshtml file, so what's the issue exactly? The website end-user can never access that code without a prior security breach. – ADyson May 23 '18 at 14:18
  • @TwistedMentat the idea that, if some-one get access to the server, he could not steal the views directly, the views will be hidden from him, I know maybe that does not make very sense, but ... what can I do, they said that they did that before, and they did not provide me with the way – Hakan Fıstık May 23 '18 at 14:18
  • @HakamFostok If someone has access to the binaries they have access to everything. Even if you somehow compile the razor views into the binaries. I don't think ASP.NET MVC is fit for purpose if that is a requirement. The bigger thing is that the security policy does not actually improve security in this case. – Twisted Mentat May 23 '18 at 14:22
  • 1
    There are specific files your server will not server - CSHTML files are included in that, unless you actively turn it off. The CSHTML are code files - used only in the generation of the data streamed back to client Your other option, is to return string from your controllers, and generate your HTML in side the DLL - like CGI use to do, very time consuming, and hard to debug. – developer May 23 '18 at 14:24

3 Answers3

3

The link of the answer you aadded to your post is sufficient during developement process so it helps you to detects all compile errors and not on at execution where views are compiled on the fly.

It's is rare to compile the views into DLL during developement. You need to compile them per view, per folder, per page and control, or into one single DLL only during publishing your application.

So into your publishing profile settings which look like this:

enter image description here

Click on Configure link and after that you will have this dialog window:

enter image description here

In the winfow above you can choose which compiling option you want.

Again you don't need to compile your views into a DLL during developement process. During that process just modify the csproj and it is enough.

CodeNotFound
  • 22,153
  • 10
  • 68
  • 69
  • Yes, I do not want that in the development I want that in the Publish. but which option will achieve to me that, I tried the last option `Merge all pages and control outputs to a single assembly` but it did not work – Hakan Fıstık May 23 '18 at 14:34
  • @HakamFostok In your cas because you're using views, I think you need to choose "Merge all outputs to a signle assembly". The one you have choosen is for aspx, ascx etc. – CodeNotFound May 23 '18 at 14:51
2

This is probably what you are looking for: https://github.com/RazorGenerator/RazorGenerator

This will generate your view files as a single dll for you.

Although I may not totally understand or agree with the reasoning's for this approach to your solution as this doesn't necessarily provide a better security mechanic as dll's can be decompiled and the source taken out. If you have good security within the server and follow best practices having the raw html files may be easier to manage.

David Shorthose
  • 4,489
  • 2
  • 13
  • 12
0

After some thinking the only way I can think of even trying what you ask is generating the cshtml files on the fly in code. But I've never even thought of trying that before.

I think the real answers are getting the security policy changed as it is no fit for purpose. Or using something other than ASP.NET MVC.

After all ASP.NET MVC in the end is simply sending files to a client that has requested them.

Twisted Mentat
  • 432
  • 4
  • 13