2
votes

Rather than requiring Web.config, ASP .NET 5 provides a number of options to provide configuration data. Info on this can be found at:

There's an interesting question in the comments section of ScottGu's article:

The config.json file in the example, how is that protected by the webserver/http server? web.config is protected by IIS, but if any file can be used (which is great), it also comes with the burden that the webserver shouldn't serve the file out if one requests it in a URL. Or are there prefab names to choose from?

Can anyone answer this?

1

1 Answers

3
votes

In previous versions of ASP.NET root of the project was also a root for the website. Some mechanisms were created to prevent access to files which should not be accessible to the outside world (like a whitelist of mime types, RequestFilteringModule).

This changed in ASP.NET 5 as a website root is no longer a project root. Website root folder is a subfolder in your project directory (named wwwroot by default, but can be changed in project.json). This means that everything outside a website root folder is not accessible to the outside world.

config.json file is outside of wwwroot so it won't be ever handled by any requests.