connectionstring & web farm

Looks like the online MSDN2 is not available or very slow at this moment.

In .20 the ConnectionString configuration section was added to store
connection strings. Check the documentation for the ASP.NET configuration
schema. You should find for each section that the documentation tells in
which config file the section is allowed.
--
Patrice

"Jeff" <it************@hotmail.com.NOSPAMa écrit dans le message de news:
uX**************@TK2MSFTNGP06.phx.gbl...

Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I
yesterday took a skill assessment test at microsoft.com. Today I'm
reviewing some of the questions I had problems with:

One of the questions was about where the connections string should be
placed in a web farm configuration. In this scenario there were several
web applications which all are using the same connection string. The
connection string should in this scenario be placed in the most central
location possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff

3 is, by far the easiest. If you want to encrypt the string, which is wise,
you will have to use one machine to export the encryption keys. There are
pages on MSDN for encrypting connection strings on a web farm using the
built-in encryption.

You can encrypt separately on each machine, but you will have to encrypt
separately on each every time there is a change.

NOTE: In 2.0, you can put the connection strings in a separate file

Other alternatives
Global.asax - What? Are you high? - Global.asax is not secure if someone
compromises the code, so it really offers no security benefits. It is also
"hard coded" unless you put source on the web server. I would call
global.asax bad form.

Machine config is an decent option. It is a more attractive option if
multiple apps on the machine use the same connection string.

Registry is an option that is more secure than config, etc.

You can set up a web service to deliver configuration settings - unless you
are reusing the bits, this is overkill
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside the box!
*************************************************
"Jeff" <it************@hotmail.com.NOSPAMwrote in message
news:uX**************@TK2MSFTNGP06.phx.gbl...

Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I
yesterday took a skill assessment test at microsoft.com. Today I'm
reviewing some of the questions I had problems with:

One of the questions was about where the connections string should be
placed in a web farm configuration. In this scenario there were several
web applications which all are using the same connection string. The
connection string should in this scenario be placed in the most central
location possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff

Thanks, the scenario used in this question was a web farm configuration (3
web servers) running multiple web applications and all these web
applications are using the same connection string. The question didn't
mention anything about encryption.

I think it's alternative #2 or #4. In my opinion it's #4 (but I've been
wrong before, and can easly be wrong on this also... lol) because as far as
I know all the machines in the web farm need to have the connection string.
Placing the connection string in Machine.config on every web server can from
what I understanding solve it.. If placed in a web.config file, then the
connection string need to added to every web.config file for every web
application on every web server.

any comments?
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:e3**************@TK2MSFTNGP04.phx.gbl...

>3 is, by far the easiest. If you want to encrypt the string, which is wise,
you will have to use one machine to export the encryption keys. There are
pages on MSDN for encrypting connection strings on a web farm using the
built-in encryption.

You can encrypt separately on each machine, but you will have to encrypt
separately on each every time there is a change.

NOTE: In 2.0, you can put the connection strings in a separate file

Other alternatives
Global.asax - What? Are you high? - Global.asax is not secure if someone
compromises the code, so it really offers no security benefits. It is also
"hard coded" unless you put source on the web server. I would call
global.asax bad form.

Machine config is an decent option. It is a more attractive option if
multiple apps on the machine use the same connection string.

Registry is an option that is more secure than config, etc.

You can set up a web service to deliver configuration settings - unless
you are reusing the bits, this is overkill
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside the box!
*************************************************
"Jeff" <it************@hotmail.com.NOSPAMwrote in message
news:uX**************@TK2MSFTNGP06.phx.gbl...

>Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I
yesterday took a skill assessment test at microsoft.com. Today I'm
reviewing some of the questions I had problems with:

One of the questions was about where the connections string should be
placed in a web farm configuration. In this scenario there were several
web applications which all are using the same connection string. The
connection string should in this scenario be placed in the most central
location possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff

The page I was thinking about is
http://msdn2.microsoft.com/en-us/library/bf7sd233.aspx (note the
Configurable locations that states where this section is allowed).

As for the other quesrion I would say it depends. I would put it at the most
global location where it is needed (that is web.config if this is
application specific, perhaps machine.config if used in multiple
applications from the same machine).

--
Patrice

"Jeff" <it************@hotmail.com.NOSPAMa écrit dans le message de news:
Or*************@TK2MSFTNGP02.phx.gbl...

Thanks, the scenario used in this question was a web farm configuration (3
web servers) running multiple web applications and all these web
applications are using the same connection string. The question didn't
mention anything about encryption.

I think it's alternative #2 or #4. In my opinion it's #4 (but I've been
wrong before, and can easly be wrong on this also... lol) because as far
as I know all the machines in the web farm need to have the connection
string. Placing the connection string in Machine.config on every web
server can from what I understanding solve it.. If placed in a web.config
file, then the connection string need to added to every web.config file
for every web application on every web server.

any comments?
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamMwrote in
message news:e3**************@TK2MSFTNGP04.phx.gbl...

>>3 is, by far the easiest. If you want to encrypt the string, which is
wise, you will have to use one machine to export the encryption keys.
There are pages on MSDN for encrypting connection strings on a web farm
using the built-in encryption.

You can encrypt separately on each machine, but you will have to encrypt
separately on each every time there is a change.

NOTE: In 2.0, you can put the connection strings in a separate file

Other alternatives
Global.asax - What? Are you high? - Global.asax is not secure if someone
compromises the code, so it really offers no security benefits. It is
also "hard coded" unless you put source on the web server. I would call
global.asax bad form.

Machine config is an decent option. It is a more attractive option if
multiple apps on the machine use the same connection string.

Registry is an option that is more secure than config, etc.

You can set up a web service to deliver configuration settings - unless
you are reusing the bits, this is overkill
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*********************************************** **
Think outside the box!
*********************************************** **
"Jeff" <it************@hotmail.com.NOSPAMwrote in message
news:uX**************@TK2MSFTNGP06.phx.gbl...

>>Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I
yesterday took a skill assessment test at microsoft.com. Today I'm
reviewing some of the questions I had problems with:

One of the questions was about where the connections string should be
placed in a web farm configuration. In this scenario there were several
web applications which all are using the same connection string. The
connection string should in this scenario be placed in the most central
location possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff