Below is a list of some “critical” items that should be configured in your AspDotNetStorefront production environments.

> Rename and secure the “admin” folder:

1. Change AppConfig.AdminDir
2. Change the folder’s name
3. Assign a Windows-level login to that folder

> Change admin username from admin@aspdotnetstorefront.com to something within the site’s domain

> Change admin password to something cryptic and set AppConfig.AdminPwdChangeDays to something reasonable/safe

> Set strong passwords (optional)

AppConfig.UseStrongPwd = true

> Cycling your encryption key

The admin will auto-notify you based on AppConfig.NextKeyChange value. Use this page in the admin to reset your encryption key manually: changeencryptkey.aspx

> Set this AppConfig so the user is not always trapped in an SSL state after hitting My Account and/or Checkout pages.

AppConfig.GoNonSecureAgain = true

> Reset Cache

This is actually a call to a stored procedure and can be automated in the DB as a trigger whenever a catalog change occurs.

exec aspdnsf_CreateMissingVariants

You should always run it after any product catalog changes, as well as AppConfig and String Resource updates.

> Admin SSL

Configure IIS to force SSL on the admin folder.

> Caching

AppConfig.CacheMenus = true

> Monthly Maintenance

This should be run monthly on weekends late at night… Admin/Misc/Monthly Maintenance