Closed sergy79 closed 8 years ago
Yes, it's difficult because you have to specify them in so many places. I'd be interested to hear what security setting in particular that was missed.
With NWebSec, you can actually configure it in Web.config but I feel that this is not the best way for a number of reasons:
With the other settings I'd have to write something myself. With MVC 6 I think some of this problem has gone away.
Interesting points, and valid if its dropped in ASP 6 :+1:
I was not talking about you, but on my side we missed some settings during our upgrades and noticed it was hard to keep track.
For simplicity, I think the option to keep everything in a central location ( IMHO messy is better that missing it totally)
Would you be open to having your own XML or JSON file for configuration? or any ideas
It would be nice to do but unfortunately security is really really hard and I think if I did something like that it might not be very configurable (Sometimes you just need to write some code instead of using config).
Re-open if you have any ideas.
I notice nuget and source code for ASP MVC 5 is out of date, any updates
Can you add throttling too
Can you be more specific? What exactly is out of date? No plans to add new features the MVC 5 template at the moment except maybe upgrading to jQuery 3.0.
Hello, I recently noticed the current template ASP MVC 4.6 version has a lot of scattered security settings across the template. Which makes it very easy to miss, and it happened to us for the longest time over nuget updates, where it slipped into the production site.
So, in keeping with configuration over convention keeping the settings, I want to recommend consolidating the security settings into the web.config. At the same time I would be interested in hearing out your thoughts on why it be better to put some of those in the code itself.
Thanks Sergy