connectionstring & web farm

[Jeff]

Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I yesterday
took a skill assessment test at microsoft.com. Today I'm reviewing some of
the questions I had problems with:

One of the questions was about where the connections string should be placed
in a web farm configuration. In this scenario there were several web
applications which all are using the same connection string. The connection
string should in this scenario be placed in the most central location
possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff

 

[Patrice]

Looks like the online MSDN2 is not available or very slow at this moment.

In .20 the ConnectionString configuration section was added to store
connection strings. Check the documentation for the ASP.NET configuration
schema. You should find for each section that the documentation tells in
which config file the section is allowed.

 

[Cowboy \(Gregory A. Beamer\)]

3 is, by far the easiest. If you want to encrypt the string, which is wise,
you will have to use one machine to export the encryption keys. There are
pages on MSDN for encrypting connection strings on a web farm using the
built-in encryption.

You can encrypt separately on each machine, but you will have to encrypt
separately on each every time there is a change.

NOTE: In 2.0, you can put the connection strings in a separate file

Other alternatives
Global.asax - What? Are you high? - Global.asax is not secure if someone
compromises the code, so it really offers no security benefits. It is also
"hard coded" unless you put source on the web server. I would call
global.asax bad form.

Machine config is an decent option. It is a more attractive option if
multiple apps on the machine use the same connection string.

Registry is an option that is more secure than config, etc.

You can set up a web service to deliver configuration settings - unless you
are reusing the bits, this is overkill

 

[Jeff]

Thanks, the scenario used in this question was a web farm configuration (3
web servers) running multiple web applications and all these web
applications are using the same connection string. The question didn't
mention anything about encryption.

I think it's alternative #2 or #4. In my opinion it's #4 (but I've been
wrong before, and can easly be wrong on this also... lol) because as far as
I know all the machines in the web farm need to have the connection string.
Placing the connection string in Machine.config on every web server can from
what I understanding solve it.. If placed in a web.config file, then the
connection string need to added to every web.config file for every web
application on every web server.

any comments?

 

[Patrice]

The page I was thinking about is
http://msdn2.microsoft.com/en-us/library/bf7sd233.aspx (note the
Configurable locations that states where this section is allowed).

As for the other quesrion I would say it depends. I would put it at the most
global location where it is needed (that is web.config if this is
application specific, perhaps machine.config if used in multiple
applications from the same machine).