Web. config configuration details

I recently read some information about ASP. NET architecture settings. What I saw in the blog garden turned around when I thought it was good. 1. Understand the Web. config file
Web. config is an XML text file used to store ASP. NET Web application configuration information (for example, the most common settings ASP. NET Web application authentication method), which can appear in every directory of the application. When you pass. after creating a Web application, a default Web application is automatically created in the root directory by default. config file, including the default configuration settings. All subdirectories inherit its configuration settings. If you want to modify the configuration settings of a subdirectory, you can create a Web. config file under the subdirectory. It can provide configuration information other than the configuration information inherited from the parent directory, or rewrite or modify the settings defined in the parent directory.
(1). Web. Config is stored in XML format. configuration files are classified into the following formats:
1. Configuration section handler Declaration
Feature: it is located at the top of the configuration file and included in the <configSections> flag.
2. Specific Application configuration
Feature: It is located in <deleetting>. You can define global constant settings and other information of an application.
3. Configuration section settings
Features: In the <system. Web> section, you can control Asp.net runtime behaviors.
4. Configure the section group
Feature: You can use the <sectionGroup> label to customize the group, which can be placed inside <configSections> or other <sectionGroup> labels.
(2). Configuration section
1. <configuration> section
Root element, and other sections are inside it.
2. <deleetting> section
This section defines application settings. You can also set some uncertain settings based on your actual situation.
Usage:
I.
<Deleetask>
<Add key = "Conntction" value = "server = 192.168.85.66; userid = sa; password =; database = Info;"/>
<Deleetask>
A connection string constant is defined, and the connection string can be modified in actual application without modifying the program code.
II. <deleetask>
<Add key = "ErrPage" value = "Error. aspx"/>
<Deleetask>
Defines an error redirect page.
3. <compilation> section
Format:
<Compilation
DefaultLanguage = "c #"
Debug = "true"
/>
I. default language: defines the background code language. You can select C # And VB.net.
When IIdebug is set to true, aspx debugging is started; if it is set to false, aspx debugging is not started, so the application program can be improved.
Performance. Generally, programmers are set to true during development and false when handed over to customers.
4. <customErrors> section
Format:
<CustomErrors
Mode = "RemoteOnly"
DefaultRedirect = "error. aspx"
<Error statusCode = "440" redirect = "err0000page. aspx"/>
<Error statusCode = "500" redirect = "err500Page. aspx"/>
/>
I. mode: it has three states: On, Off, And RemoteOnly. On indicates that custom information is always displayed; Off indicates that detailed asp.net error information is always displayed; RemoteOnly indicates that custom information is only displayed for users not running On the Local Web server.
II. defaultRedirect: the URL used for redirection when an error occurs. Optional.
III. statusCode: indicates the error status code, indicating a specific error status.
IV. redirect: the URL of the error redirection.
5. <globalization> section
Format:
<Globalization
RequestEncoding = "UTF-8"
ResponseEncoding = "UTF-8"
FileEncoding = "UTF-8"
/>
I. requestEncoding: used to check the encoding of each request.
II. responseEncoding: used to check the encoding of the returned response content.
III. fileEncoding: used to check the default encoding for parsing files such as aspx and asax.
6. <sessionState> section
Format:
<SessionState
Mode = "InProc"
StateConnectionString = "tcpip = 127.0.0.1: 42424"
SqlConnectionString = "data source = 127.0.0.1; Trusted_Connection = yes"
Cookieless = "false"
Timeout = "20"
/>
I. mode: status options include off, Inproc, StateServer, and SqlServer.
This property is detailed here: http://blog.csdn.net/chengking/archive/2005/10/27/518079.aspx
II. stateConnectionString: Specifies the name of the server in which the Asp.net application stores the remote session status. The default value is local.
III. sqlConnectionString: When a database in session status is used, set the connection string here.
IV. Cookieless: if it is set to true, the cookie session status is not used to identify the customer. Otherwise, the opposite is true.
V. TimeOut: used to define the time for storing session status. If the duration is exceeded, the session is automatically terminated.
7. <authentication> section
Format:
<Authentication mode = "Forms">
<Forms name = ". ASPXUSERDEMO" loginUrl = "Login. aspx" protection = "All" timeout = "30"/>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>
I. Windows: using IIS Authentication
II. Forms: use form-based authentication
III. Passport: Passport cookie Authentication Mode
IV. None: no verification method is used.
Meaning of the attributes of embedded Forms nodes:
I. Name: Specifies the Name of the Http cookie that completes authentication.
II. LoginUrl
III. Protection: Specifies the cookie data Protection method.
It can be set to: All None Encryption Validation.
A. All indicates data encryption and verification of validity.
B. None indicates that the Cookie is not protected.
C. Encryption indicates Encryption of Cookie content
D. validation indicates that the Cookie content is validated.
IV. TimeOut: Specifies the Cookie expiration time. After TimeOut, you must log on again.

Modifications to the Web. config file at runtime can take effect without restarting the Service (note: the exception in <processModel> section ). Of course, the Web. config file can be expanded. You can customize new configuration parameters and write the configuration section handler to process them.

All the following codes in the web. config configuration file (default configuration settings) should be
<Configuration>
<System. web>
And
</System. web>
</Configuration>
For the purpose of learning, the following examples omit this XML tag.

1. <authentication> section
Purpose: Configure ASP. NET authentication support (Windows, Forms, PassPort, None ). This element can only be declared at the computer, site, or application level. The <authentication> element must be used with the <authorization> section.

Example:

In the following example, the website is configured for form-based authentication. When a user who does not log on to the website that requires authentication, the webpage automatically jumps to the logon webpage.
<Authentication mode = "Forms">
<Forms loginUrl = "logon. aspx" name = ". FormsAuthCookie"/>
</Authentication>
The element loginUrl indicates the name of the login webpage, and name indicates the Cookie name.

2. <authorization> section
Purpose: control access to URL resources from clients (for example, Anonymous Users are allowed ). This element can be declared at any level (computer, site, application, subdirectory or page. Must be used with the <authentication> section.

Example: The following example disables access by anonymous users:
<Authorization>
<Deny users = "? "/>
</Authorization>
Note: You can use user. identity. to obtain the authenticated user name. You can use the web. security. formsAuthentication. the RedirectFromLoginPage method redirects authenticated users to the page the user just requested. specific

3. <compilation> section
Purpose: configure all compilation settings used by ASP. NET. The default debug attribute is "True". After the program is compiled and delivered, set it to False (the Web. config file is described in detail, and the example is omitted here)

4. <customErrors>
Purpose: Provide information about custom Errors for ASP. NET applications. It is not applicable to errors in XML Web services.

Example: When an error occurs, redirect the webpage to the custom error page.
<CustomErrors defaultRedirect = "ErrorPage. aspx" mode = "RemoteOnly">
</CustomErrors>
The defaultRedirect element indicates the name of the custom error webpage. M