Home/ Questions/Q 3355628
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T02:25:05+00:00

I come from a PHP/Rails background where deploying a website often means FTP/Checkout of

  • 0

I come from a PHP/Rails background where deploying a website often means FTP/Checkout of the source code in the correct directory on the web server.

However, I’ve been asked to develop an ASP.NET website and some people have advised me to “Publish” the site instead of copying over the source code directly. Apparently, this converts the codebehind (.cs) files into compiled DLL’s etc.

My application does not contain any specific secretive business logic. It’s a common shopping cart app. My question is if this is a good idea? How does not making the C# code reside on the server make the app more secure?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    ASP.NET code will always be compiled – either:

    1. At run-time – you can copy .ASPX and
      .CS files to the server. When a page
      is requested the .ASPX and .CS files
      will be compiled on-the-fly. The
      ASP.NET run-time will create a DLL
      containing the compiled code (this
      lives in a folder called Temporary
      ASP.NET files and the location
      depends on the version of .NET
      you’re using).
    2. Pre-compiled – you can choose to compile your code before deploying it to your server. This is what the Publish command does in Visual Studio. It compiles your .ASPX and .CS files into (one or more) DLLs that are then uploaded to the web server.

    Personally, I don’t think there’s much of a security benefit from deploying pre-compiled code (unless you’re obfuscating your pre-compiled DLLs).

    That said I prefer it for these benefits:

    • It seems tidier, at least to me, than having a bunch of .CS files littered in a folder
    • There’s a small performance benefit of not having to do C# compilation. Note your code will still need to be JITed from IL to native code and this still incurs the initial request performance hit (unless you use new ASP.NET 4.0 and IIS 7.5 features or something else).
    • The Publish feature lets you package your application up for deployment to other environments (testing, pre-production, production, etc.)

    Note: coming from Rails/PHP you might like to keep on deploying both .ASPX and .CS files to your server. The benefit is that it’s easier to modify a running application in a way you may be used to doing. This isn’t a great practice if you’re following a rigorous deployment lifecycle but it can be useful in some cases.

    • 0