Planet For Application Life Development Presents
MY IT World

Explore and uptodate your technology skills...

ASP.NET - Configuration

The behavior of an ASP.Net application is affected by different settings in the configuration files:

  • machine.config

  • web.config

The machine.config file contains default and the machine-specific value for all supported settings. The machine settings are controlled by the system administrator and applications are generally not given access to this file.

An application however, can override the default values by creating web.config files in its roots folder. The web.config file is a subset of the machine.config file.

If the application contains child directories, it can define a web.config file for each folder. Scope of each configuration file is determined in a hierarchical top-down manner.

Any web.config file can locally extend, restrict or override any settings defined on the upper level.

Visual Studio generates a default web.config file for each project. An application can run without a web.config file, however, you cannot debug an application without a web.config file.

In this application there are two web.config files for two projects i.e., the web service and the web site calling the web service.

The web.config file has the configuration element as the root node. Information inside this element is grouped into two main areas: the configuration section-handler declaration area, and the configuration section settings area.

The following code snippet shows the basic syntax of a configuration file:

<configuration>
  <!-- Configuration section-handler declaration area. -->
  <configSections>
    <section name="section1" type="section1Handler" />
    <section name="section2" type="section2Handler" />
  </configSections>
  <!-- Configuration section settings area. -->
  <section1>
    <s1Setting1 attribute1="attr1" />
  </section1>
  <section2>
    <s2Setting1 attribute1="attr1" />
  </section2>
  <system.web>
    <authentication mode="Windows" />
  </system.web>
</configuration>

The Configuration Section Handler declarations:

The configuration section handlers are contained within the <configSections> tags. Each configuration handler specifies name of a configuration section, contained within the file, which provides some configuration data. It has the following basic syntax:

<configSections>
   <section />
   <sectionGroup />
   <remove />
   <clear/>
</configSections>

It has the following elements:

  • Clear - it removes all references to inherited sections and section groups.

  • Remove - it removes a reference to an inherited section and section group.

  • Section - it defines an association between a configuration section handler and a configuration element.

  • Section group - it defines an association between a configuration section handler and a configuration section.

The Application Settings:

The application settings allow storing application-wide name-value pairs for read-only access. For example, you can define a custom application setting as:

<configuration>
   <appSettings>
      <add key="Application Name" value="MyApplication" />
   </appSettings>
</configuration>

For example, you can store the name of a book and its ISBN number:

<configuration>
   <appSettings>
      <add key="appISBN" value="0-273-68726-3" />
      <add key="appBook" value="Corporate Finance" />
   </appSettings>
</configuration>

The Connection Strings:

The connection strings shows which database connection strings are available to the website. For example:

<connectionStrings>
   <add name="ASPDotNetStepByStepConnectionString" 
        connectionString="Provider=Microsoft.Jet.OLEDB.4.0;
        Data Source=E:\\projects\datacaching\ /
        datacaching\App_Data\ASPDotNetStepByStep.mdb"
        providerName="System.Data.OleDb" />
   <add name="booksConnectionString" 
        connectionString="Provider=Microsoft.Jet.OLEDB.4.0;
        Data Source=C:\ \databinding\App_Data\books.mdb"
   providerName="System.Data.OleDb" />
</connectionStrings>

The System.Web Element:

The system.web element specifies the root element for the ASP.NET configuration section and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

It holds most of the configuration elements needed to be adjusted in common applications. The basic syntax for the element:

<system.web> 
   <anonymousIdentification> 
   <authentication> 
   <authorization> 
   <browserCaps> 
   <caching> 
   <clientTarget> 
   <compilation> 
   <customErrors> 
   <deployment> 
   <deviceFilters> 
   <globalization> 
   <healthMonitoring> 
   <hostingEnvironment> 
   <httpCookies> 
   <httpHandlers> 
   <httpModules> 
   <httpRuntime> 
   <identity> 
   <machineKey> 
   <membership> 
   <mobileControls> 
   <pages> 
   <processModel> 
   <profile> 
   <roleManager> 
   <securityPolicy> 
   <sessionPageState> 
   <sessionState> 
   <siteMap> 
   <trace> 
   <trust> 
   <urlMappings> 
   <webControls> 
   <webParts> 
   <webServices> 
   <xhtmlConformance> 
</system.web>

The following table provides brief description of some of common sub elements of the system.web element:

anonymousIdentification:

This is required to identify users who are not authenticated when authorization is required.

authentication:

It configures the authentication support. Basic syntax:

<authentication mode="[Windows|Forms|Passport|None]"> 
   <forms>...</forms>
   <passport/>
</authentication>

authorization

It configures the authorization support.Basic syntax:

<authorization> 
   <allow .../>
   <deny .../>
</authorization>

caching:

Configures the cache settings.Basic syntax:

<caching>
   <cache>...</cache>
   <outputCache>...</outputCache>
   <outputCacheSettings>...</outputCacheSettings>
   <sqlCacheDependency>...</sqlCacheDependency>
</caching>

customErrors:

Defines custom error messages. Basic syntax:

<customErrors defaultRedirect="url" mode="On|Off|RemoteOnly">
     <error. . ./>
</customErrors>

deployment:

Defines configuration settings used for deployment. Basic syntax:

<deployment retail="true|false" />

hostingEnvironment:

Defines configuration settings for hosting environment.Basic syntax:

<hostingEnvironment 
    idleTimeout="HH:MM:SS" 
    shadowCopyBinAssemblies="true|false" 
    shutdownTimeout="number"
    urlMetadataSlidingExpiration="HH:MM:SS"
/>

identity:

Configures the identity of the application. Basic syntax:

<identity impersonate="true|false" 
          userName="domain\username"
          password="<secure password>"/>

machineKey:

Configures keys to use for encryption and decryption of Forms authentication cookie data.

It also allows configuring a validation key that performs message authentication checks on view-state data and Forms authentication tickets. Basic syntax:

<machineKey 
  validationKey="AutoGenerate,IsolateApps" [String]
  decryptionKey="AutoGenerate,IsolateApps" [String]
  validation="HMACSHA256" [SHA1 | MD5 | 3DES | AES | HMACSHA256 | 
    HMACSHA384 | HMACSHA512 | alg:algorithm_name]
  decryption="Auto" [Auto | DES | 3DES | AES | alg:algorithm_name]
/>

membership:

This configures parameters of managing and authenticating user accounts.Basic syntax:

<membership
    defaultProvider="provider name"
    userIsOnlineTimeWindow="number of minutes"
    hashAlgorithmType="SHA1">
    <providers>...</providers>
</membership>

pages:

Provides page-specific configurations. Basic syntax:

<pages     
   asyncTimeout="number"
   autoEventWireup="[True|False]"
   buffer="[True|False]"
   clientIDMode="[AutoID|Predictable|Static]"
   compilationMode="[Always|Auto|Never]" 
   controlRenderingCompatibilityVersion="[3.5|4.0]"
   enableEventValidation="[True|False]"
   enableSessionState="[True|False|ReadOnly]"
   enableViewState="[True|False]"
   enableViewStateMac="[True|False]"
   maintainScrollPositionOnPostBack="[True|False]" 
   masterPageFile="file path" 
   maxPageStateFieldLength="number" 
   pageBaseType="typename, assembly"
   pageParserFilterType="string" 
   smartNavigation="[True|False]"
   styleSheetTheme="string"
   theme="string"
   userControlBaseType="typename"
   validateRequest="[True|False]"
   viewStateEncryptionMode="[Always|Auto|Never]" 
>
   <controls>...</controls>
   <namespaces>...</namespaces>
   <tagMapping>...</tagMapping>
   <ignoreDeviceFilters>...</ignoreDeviceFilters>
</pages>

profile:

Configures user profile parameters. Basic syntax:

<profile
    enabled="true|false"
    inherits="fully qualified type reference"
    automaticSaveEnabled="true|false"
    defaultProvider="provider name">
    <properties>...</properties>
    <providers>...</providers>
</profile>

roleManager:

Configures settings for user roles. Basic syntax:

<roleManager
    cacheRolesInCookie="true|false"
    cookieName="name"
    cookiePath="/"
    cookieProtection="All|Encryption|Validation|None"
    cookieRequireSSL="true|false "
    cookieSlidingExpiration="true|false "
    cookieTimeout="number of minutes"
    createPersistentCookie="true|false"
    defaultProvider="provider name"
    domain="cookie domain">
    enabled="true|false"
    maxCachedResults="maximum number of role names cached"
    <providers>...</providers>
</roleManager>

securityPolicy:

Configures the security policy. Basic syntax:

<securityPolicy>
   <trustLevel />
</securityPolicy>

urlMappings:

Defines the mappings for hiding the actual URL and providing a more user friendly URL. Basic syntax:

<urlMappings enabled="true|false">
    <add.../>
    <clear />
    <remove.../>
</urlMappings>

webControls:

It provides the name of shared location for client scipts. Basic syntax:

<webControls clientScriptsLocation="String" />

webServices:

This configures the web services.