ASP.NET configuration
May 13, 2021 ASP.NET
Table of contents
Configuration
The behavior of ASP.NET application is determined by different settings in the following two profiles:
- machine.config
- web.config
The machine.config file contains the default for all supported settings and the specific values for the setting machine. The machine's settings are set up by the system administrator, and the application typically cannot access this file.
However, an application can override the default value by creating a web.config file in its root folder. T he web.config file is a subset of the machine.config file.
If your application contains subdirectts, it can define a web.config file for each folder. The scope of each profile is determined in a layered top-down manner.
Any web.config file can be extended locally, restricted, or override any definition set at the upper level.
Visual Studio generates the default web.config file for each project. A pplications can be executed without a web.config file, however, we cannot debug an application without a web.config file.
The following illustration shows an example of a sample solution explorer used in the web service tutorial:
In this application, there are two web.config files that correspond to the web service and the web site that invoke the web service.
The configuration elements in the web.config file are the root node. T he information in this element is divided into two main areas: the configuration section handler declaration area, and the configuration section settings area.
The following snippet shows the basic syntax of a profile:
<configuration>
<!-- Configuration section-handler declaration area. -->
<configSections>
<section name="section1" type="section1Handler" />
<section name="section2" type="section2Handler" />
</configSections>
<!-- Configuration section settings area. -->
<section1>
<s1Setting1 attribute1="attr1" />
</section1>
<section2>
<s2Setting1 attribute1="attr1" />
</section2>
<system.web>
<authentication mode="Windows" />
</system.web>
</configuration>Configuration Section Handler claims
The configuration section handler declaration is included in the label for , and each configuration handler specifies the name of the configuration section and is included in a file that provides some configuration data. It has the following basic syntax:
<configSections>
<section />
<sectionGroup />
<remove />
<clear/>
</configSections>It has the following elements:
- Clear - All references to inherited sections and section groups.
- Remove - Removes a portion and part of a group that inherits a reference.
- Section - Defines the association between the configuration section handler and the configuration element.
- Section group - It defines the association between a configuration section handler and a configuration section.
Application settings
Application settings allow the storage of read-only access to the name-value pair of the application. F or example, you can define a custom application setting as follows:
<configuration>
<appSettings>
<add key="Application Name" value="MyApplication" />
</appSettings>
</configuration>For example, you can also store a book's ISBN number and name data pairs:
<configuration>
<appSettings>
<add key="appISBN" value="0-273-68726-3" />
<add key="appBook" value="Corporate Finance" />
</appSettings>
</configuration>The connection string
The connection string shows the database connection string that is available for the Web site. For example:
<connectionStrings>
<add name="ASPDotNetStepByStepConnectionString"
connectionString="Provider=Microsoft.Jet.OLEDB.4.0;
Data Source=E:\\projects\datacaching\ /
datacaching\App_Data\ASPDotNetStepByStep.mdb"
providerName="System.Data.OleDb" />
<add name="booksConnectionString"
connectionString="Provider=Microsoft.Jet.OLEDB.4.0;
Data Source=C:\ \databinding\App_Data\books.mdb"
providerName="System.Data.OleDb" />
</connectionStrings>The network element of the system
The system.web element specifies the root element for the ASP.NET configuration section and contains configuration elements that configure the ASP.NET web application and control the operation of the application.
It controls most of the more common configuration elements that need to be adjusted. The basic syntax of the element is as follows:
<system.web>
<anonymousIdentification>
<authentication>
<authorization>
<browserCaps>
<caching>
<clientTarget>
<compilation>
<customErrors>
<deployment>
<deviceFilters>
<globalization>
<healthMonitoring>
<hostingEnvironment>
<httpCookies>
<httpHandlers>
<httpModules>
<httpRuntime>
<identity>
<machineKey>
<membership>
<mobileControls>
<pages>
<processModel>
<profile>
<roleManager>
<securityPolicy>
<sessionPageState>
<sessionState>
<siteMap>
<trace>
<trust>
<urlMappings>
<webControls>
<webParts>
<webServices>
<xhtmlConformance>
</system.web>The following table provides a brief description of some of the child elements of common system.web elements:
AnonymousIdentification
This identifies uncertifyed users when user identification is required.
Authentication
It is supported by configuration authorization, and the basic syntax is:
<authorization>
<allow .../>
<deny .../>
</authorization>Caching
It configures the cache settings, and the basic syntax is:
<caching>
<cache>...</cache>
<outputCache>...</outputCache>
<outputCacheSettings>...</outputCacheSettings>
<sqlCacheDependency>...</sqlCacheDependency>
</caching>CustomErrors
It defines a custom error message, and the basic syntax is:
<customErrors defaultRedirect="url" mode="On|Off|RemoteOnly">
<error. . ./>
</customErrors>Deployment
It defines the configuration settings for deployment. The basic syntax is as follows:
<deployment retail="true|false" />HostingEnvironment
It defines configuration settings for the managed environment. The basic syntax is as follows:
<hostingEnvironment idleTimeout="HH:MM:SS" shadowCopyBinAssemblies="true|false"
shutdownTimeout="number" urlMetadataSlidingExpiration="HH:MM:SS" />Identity
It is used to configure the authentication mechanism for the application, with the following basic syntax:
<identity impersonate="true|false" userName="domain\username"
password="<secure password>"/>MachineKey
It is used to configure the key for form authentication cookies used to encrypt and decrypt data.
It also allows the configuration verification key to perform message authentication checks on view state data and Forms authentication tickets. T he basic syntax is:
<machineKey validationKey="AutoGenerate,IsolateApps" [String]
decryptionKey="AutoGenerate,IsolateApps" [String]
validation="HMACSHA256" [SHA1 | MD5 | 3DES | AES | HMACSHA256 |
HMACSHA384 | HMACSHA512 | alg:algorithm_name]
decryption="Auto" [Auto | DES | 3DES | AES | alg:algorithm_name]
/>Membership
It is used to configure management and authenticate user parameters. The basic syntax is:
<membership defaultProvider="provider name"
userIsOnlineTimeWindow="number of minutes" hashAlgorithmType="SHA1">
<providers>...</providers>
</membership>Pages
It provides the specific configuration of the web page. T he basic syntax is:
<pages asyncTimeout="number" autoEventWireup="[True|False]"
buffer="[True|False]" clientIDMode="[AutoID|Predictable|Static]"
compilationMode="[Always|Auto|Never]"
controlRenderingCompatibilityVersion="[3.5|4.0]"
enableEventValidation="[True|False]"
enableSessionState="[True|False|ReadOnly]"
enableViewState="[True|False]"
enableViewStateMac="[True|False]"
maintainScrollPositionOnPostBack="[True|False]"
masterPageFile="file path"
maxPageStateFieldLength="number"
pageBaseType="typename, assembly"
pageParserFilterType="string"
smartNavigation="[True|False]"
styleSheetTheme="string"
theme="string"
userControlBaseType="typename"
validateRequest="[True|False]"
viewStateEncryptionMode="[Always|Auto|Never]" >
<controls>...</controls>
<namespaces>...</namespaces>
<tagMapping>...</tagMapping>
<ignoreDeviceFilters>...</ignoreDeviceFilters>
</pages>Profile
It is used to configure user profile parameters. The basic syntax is:
<profile enabled="true|false" inherits="fully qualified type reference"
automaticSaveEnabled="true|false" defaultProvider="provider name">
<properties>...</properties>
<providers>...</providers>
</profile>RoleManager
Configure settings information for user roles. The basic syntax is:
<roleManager cacheRolesInCookie="true|false" cookieName="name"
cookiePath="/" cookieProtection="All|Encryption|Validation|None"
cookieRequireSSL="true|false " cookieSlidingExpiration="true|false "
cookieTimeout="number of minutes" createPersistentCookie="true|false"
defaultProvider="provider name" domain="cookie domain">
enabled="true|false"
maxCachedResults="maximum number of role names cached"
<providers>...</providers>
</roleManager>SecurityPolicy
Used to configure security policies. The basic syntax is:
<securityPolicy>
<trustLevel />
</securityPolicy>UrlMappings
It defines a map to hide the original URL and provides a more user-friendly URL. The basic syntax is:
<urlMappings enabled="true|false">
<add.../>
<clear />
<remove.../>
</urlMappings>WebControls
It provides the name of the location that is shared with the client script. The basic syntax is:
<webControls clientScriptsLocation="String" />WebServices
Used to configure web services.