I have this friend of mine who is responsible of a team of asp.net developers that develop applications for people from all walks of life.
One of his main concerns were that he had to check the deployment stage of every application very carefully and constantly had to correct common mistakes in the web.config file.
Some common mistakes in the web.config are detailed in this post
One of the most common corrections is to set
<compilation debug ="true"> to <compilation debug ="false">
If we leave debug = "true" , we have an application that is less secure and not performing well.
It takes more time to compile. Memory usage is higher. Scripts and images cannot be cached.
His question was how to set <compilation debug ="false"> to all web applications that are hosted under a particular server running IIS - deployment machine.
We do know that lots of the settings in the web.config are inherited from the machine.config. The web.config settings can overwrite the settings in the machine.config.
Works like the cascading stylesheets ( the internal stylesheet overwrites the external, for the same property:value pair )
In order to have all our sites deployed in retail fashion we must open and edit the machine.config file. you can find this file in this path in your PC.
You can add these lines of code
<deployment retail="true" />
This setting overrides application level security settings.
This means that even if we do have in our application web.config file this setting
<compilation debug ="true">
it will just ignore it and force this web application of ours to behave like this
- debug set to false
- disable page output tracing
- custom error pages to be shown to the remote users instead of detailed error messages or the stack trace
We should not edit machine.config too often, unless we have to.
Hope it helps !!!