【markcxz摘錄】這是發布ASP.NET應用程式時值得注意的十點內容(個人歸納,排名不分先後),但願能給你的開發帶來些許助益。歡迎補充新的觀點和項目。
In no particular order, here are the top ten things I've learned to pay attention to when dealing with production ASP.NET applications. Hopefully they will help you save you some time and headaches. As always, your thoughts and additions are welcome.
- 建立新的密鑰
Generate new encryption keys When moving an application to production for the first time it is a good idea to generate new encryption keys. This includes the machine validation key and decryption key as well as any other custom keys your application may be using. There is an article on CodeProject(http://www.codeproject.com/KB/aspnet/machineKey.aspx) that talks about generating machineKeys specifically that should be helpful with this.
- 加密web.config中的敏感配置節點
Encrypt sensitive sections of your web.configThis includes both the connection string and machine key sections. See Scott Guthrie's
post(http://weblogs.asp.net/scottgu/archive/2006/01/09/434893.aspx) for some good references. Note that if your application runs in a clustered environment you will need to share a custom key using the RSA provider as described in an MSDN article(http://msdn2.microsoft.com/en-us/library/68ze1hb2(VS.80).aspx).
- 使用可信任的SQL串連
Use trusted SQL connectionsBBoth Barry Dorrans(http://idunno.org/articles/276.aspx) and Alex Chang(http://weblogs.asp.net/achang/archive/2004/04/15/113866.aspx) have articles which discuss this in detail.
- 在machine.config中設定retail為true
Set retail="true" in your machine.config<configuration>
<system.web>
<deployment retail="true"/>
</system.web>
</configuration>
TThis will kill three birds with one stone. It will force the 'debug' flag in the b.config to be false, it will disable page output tracing, and it will force the custom error page to be shown to remote users rather than the actual exception or error message. For more information you can read Scott Guthrie's post(http://weblogs.asp.net/scottgu/archive/2006/04/11/442448.aspx) or the MSDN reference(http://msdn2.microsoft.com/en-us/library/ms228298(VS.80).aspx).
- 為網站建立獨立的應用程式集區
Create a new application pool for your siteWhen setting up your new site for the first time do not share an existing application pool. Create a new application pool which will be used by only by the new web application.
- 為應用程式集區設定最大可用記憶體
Set the memory limit for your application pool When creating the application pool, specifically set the memory limit rather than the time limit which is set by default.
http://www.asp.net has a good whitepaper(http://www.asp.net/learn/whitepapers/aspnet-and-iis6/) which explains the value of this:
By default IIS 6.0 does not set a limit on
the amount of memory that IIS is allowed to use. ASP.NET’s Cache
feature relies on a limitation of memory so the Cache can
proactively remove unused items from memory.
It is recommended that you configure the memory recycling
feature of IIS 6.0.
- 建立並適時使用app_Offline.htm檔案件
Create and appropriately use an app_Offline.htm fileTThere are many benefits to using this file. It provides an easy way to take your application offline in a somewhat user friendly way (you can at least have a pretty explanation) while fixing critical issues or pushing a major update. It also forces an application restart in case you forget to do this for a deployment. Once again, ScottGu is the best source(http://weblogs.asp.net/scottgu/archive/2006/04/09/442332.aspx) for more information on this.
- 實現可重複、易操作的部署功能
Develop a repeatable deployment process and automate itIt is way too easy to make mistakes when deploying any type of software. This is especially the case with software that uses configuration files that may be different between the development, staging, or production environments. I would argue that the process you come up with is not nearly as important as it being easily repeatable and automated. You can fine tune the process as needed, but you don't want a simple typo to bring a site down.
- 確保產生和引用的相關程式集均為release版本
Build and reference release versions of all assembliesIn addition to making sure ASP.NET is not configured in debug mode, also make sure that your assemblies are not debug assemblies. There are of course exceptions if you are trying to solve a unique issue in your production environment ... but in most cases you should always deploy with release builds for all assemblies.
- 載入測試 負載測試
Load testThis goes without saying. Inevitably, good load testing will uncover threading and memory issues not otherwise considered.
原文地址:http://daptivate.com/archive/2008/02/12/top-10-best-practices-for-production-asp-net-applications.aspx
