. NET configuration file Web. config detailed

. NET provides the configuration for the current machine. ---name: machine.config

Operating mechanism: When the ASP. NET site IIS starts, the configuration information in the configuration file is loaded, and the information is cached, so that you do not have to read the configuration information every time. During the run, the ASP. NET application monitors the configuration file changes, and once these configuration information is edited, the configuration information is re-read and cached.

Configuration file node:
It must be understood that the Web. config file is an XML file
Name of the subordinate root node:

Copy CodeThe code is as follows:
<configuration>
Child node:<configsections></configsections>
<appSettings> </appSettings>
<connectionStrings></connectionStrings>
<system.web></system.web>
Special: <system.webServer></system.webServer>-----Used to specify IIS 7.0 settings for WEB applications, only for IIS 7 Integrated mode is not available for Classic mode, If the application is running in Classic mode, the Web. config file is ignored
<configuration>

Node Analysis:
1.<connectionstrings> node

Mainly used to configure database connections, you can add any node in the <connectionStrings> node to hold the database connection string and then dynamically get the value of the node through code to instantiate the database connection object.
For example:

Copy CodeThe code is as follows:
<connectionStrings>
<!--SQL Server database configuration-<add name= "The name you want to take (any)" connectionstring= "Date source= database login; Initial catalog= database name; User id= Login password= login Password "/> is a connection that can be configured for multiple databases
<add name= "AspNetStudyConnectionString1" connectionstring= "Data source= (local); Initial Catalog=aspnetstudy; User Id=sa; Password=sa "/>
<add name= "ConnectionString" connectionstring= "Data source=10.0.0.52;initial Catalog=new_hospital_dev; User id=hospital;pwd=hospital; " />
</connectionStrings>

The practice of reading a database connection object in code Chinese Medicine:

Copy CodeThe code is as follows:
Read the Web. config node configuration
String connectionString = configurationmanager.connectionstrings["AspNetStudyConnectionString1"]. ConnectionString;
Instantiating a SqlConnection object
SqlConnection connection = new SqlConnection (connectionString);

You can see the benefits: Once the database used for development is inconsistent with the database at the time of deployment, simply edit the value of the ConnectionString property with a text editing tool such as Notepad.

2.<appsettings> node

Purpose: Stores some configuration information for an ASP, such as a save path for an uploaded file, etc.
For example, you can configure the picture type:

Copy CodeThe code is as follows:
<appSettings>
<add key= "ImageType" value= ". jpg;. BMP;. GIF;. PNG;. JPEG "/>----<!--allow upload of image format types--
<add key= "FileType" value= ". jpg;. BMP;. GIF;. PNG;. JPEG;. PDF;. Zip;. rar;. XLS;. Doc "/><!--allow uploading of file types--
</appSettings>

Read the values in the </appSettings> node:

String filetype= configurationmanage.appsettings["FileType"]; ----is actually the value of the key-value pair.

3.<system.web> node:

The child node to which it belongs:

3.1.<compilation> node
Role: The node configures all compilation settings used by ASP. The default Debug property is "True", which is to allow debugging, which in this case affects the performance of the Web site, so it should be set to "false" after the program has been compiled and finished with delivery
For example:

Copy CodeThe code is as follows:
<compilation targetframework= "4.0" debug= "true" >
<buildProviders>
<add extension= ". html" type= "System.Web.Compilation.PageBuildProvider"/>
</buildProviders>
</compilation>

3.2.<authentication> node
Role: Control user access to a site, directory, or individual page

To set the ASP. NET authentication mode, there are four authentication modes, and their values are as follows:
Mode description
Windows uses Windows authentication for domain users or LAN users.
Forms uses form validation, which relies on site developers for authentication.
Passport authenticates using the authentication service provided by Microsoft.
None does not perform any authentication.
Example: <!--request Mode--
<authentication mode= "Forms"/>

3.2.<customerrors> node

The <customErrors> node is used to define some custom error message information. This node has mode and defaultredirect two properties, where the Defaultredirect property is an optional property that indicates the default URL that is redirected to when an application error occurs, and a generic error is displayed if the property is not specified. The Mode property is a required property, and it has three possible values, which represent the following meanings:
Mode description
On indicates that the custom error message is visible to both local and remote users.
Off to disable custom error messages, both local and remote users will see detailed error messages.
RemoteOnly indicates that the local user will see the detailed error message, and the remote user will see the custom error message.
There is a need to explain the concepts of local and remote users. When we access an ASP. NET application, the machine used to publish the ASP and the machine used by the publishing NET application is the same machine as the local user, and vice versa is called a remote user. In the development debugging phase in order to facilitate the lookup error The Mode property is recommended to OFF, while the Mode property should be set to on or RemoteOnly during the deployment phase to avoid these detailed error messages exposing the details of the program code to attract hackers.

Example:

Copy CodeThe code is as follows:
<!--error jump mode= "RemoteOnly"-
<customerrors mode= "Off" defaultredirect= "/error.aspx" >
<error statuscode= "404" redirect= "/404.aspx"/>
<error statuscode= "$" redirect= "/500.aspx"/>
</customErrors>

3.3<error> child nodes

There are also <error> subnodes under the <customErrors> node, which is redirected to our custom error page based on the HTTP error status code of the server, and note that to make the configuration under the <error> sub-node In effect, the Mode property of the <customErrors> node node must be set to "on". Here is an example:

Copy CodeThe code is as follows:
<customerrors mode= "on" defaultredirect= "genericerrorpage.htm" >
<error statuscode= "403" redirect= "403.htm"/>--if the user does not have permission to access the requested page, it jumps to the 403.htm page
<error statuscode= "404" redirect= "404.htm"/>--jump to a 404.htm page if a user visits a page that does not exist
</customErrors>

403.htm and 404.htm pages are all pages we add ourselves.

3.4

Function: Used to send the user's request to the appropriate handler according to the URL and HTTP verb requested by the user, and the result is that the user cannot view or download the relevant file

If a file in one of our folders or a file of a certain type does not allow the user to download, you can add the appropriate child nodes to the

Example: Build a ipdata directory in our ASP. NET application, create a IPData.txt file in the Ipdata directory, add the following configuration in Web. config

Copy CodeThe code is as follows:
<add path= "Ipdata/*.txt" verb= "*" type= "System.Web.HttpForbiddenHandler"/>---code is forbidden to access any TXT file in the Ipdata directory
<add path= "*.mdf" verb= "*" type= "System.Web.HttpForbiddenHandler" validate= "true"/>
<add path= "*.ldf" verb= "*" type= "System.Web.HttpForbiddenHandler" validate= "true"/>---for *.mdf, *.ldf files, The Get or POST request will be given to System.Web.HttpForbiddenHandler for processing, and the user cannot view or download the relevant file.

3.5.

Used for the ASP. NET HTTP runtime settings. This section can be declared at the machine, site, application, and subdirectory levels.
For example, the following configuration controls the maximum number of files a user can upload is 40M (40*1024k), the maximum timeout time is 60 seconds, and the maximum concurrent request is 100.

3.6.<pages> node

Used to represent settings on a specific page, there are three main properties

Property name Description
Whether HTTP response buffering is enabled in buffer.
enableViewStateMac Whether the computer authentication check (MAC) should be run against the view state of the page to place user tampering, default to False, and if set to true will result in degraded performance.
ValidateRequest whether to verify that there is a cross-site scripting attack and a SQL injection vulnerability attack in user input, the default is true, and if a match occurs, a HttpRequestValidationException exception is sent. Set this property to False for self-validating user input that contains an online text editor page.
Here is an example of a configuration node:

<pages buffer= "true" enableviewstatemac= "true" validaterequest= "false"/>

3.7<sessionstate> node
The <sessionState> node configures the session state configuration for the current ASP. Here is a common configuration:

<sessionstate cookieless= "false" mode= "InProc" timeout= "+"/>

The above node configuration is set to enable cookies in the ASP. NET application, and the session state mode is specified to save the session state in the process and also specifies a session timeout of 30 minutes.
The Mode property of the <sessionState> node can be one of the following values:
Property Value Description
Custom uses customized data to store session state data.
InProc the default value. Session state data is stored by an ASP. NET worker process.
Off disables session state.
SQL Server saves session state data using an out-of-process SQL Servers database.
StateServer uses the out-of-process ASP. NET State Service to store state information.
In general, the InProc mode is used to store session state data by default, which has the advantage of fast access, the disadvantage is that it is more memory-intensive, so it is not appropriate to store large user session data in this mode.

4<system.webserver>

----------------------
<defaultDocument>
Role: When the request URL does not contain a specific file for the Web application, IIS 7.0 provides a default file.
Within the system.webserver element, create a defaultdocument element.

Within the defaultdocument element, create a files element.

Create an add element within the files element and specify the path and name of the default file within the Value property.

Copy CodeThe code is as follows:

<configuration>
<system.webServer>
<defaultDocument> <files> <add value= "products.aspx"/> </files> </defaultd Ocument>-----Configure default files to provide products.aspx files as default files
</system.webServer>
</configuration>

. NET configuration file Web. config detailed