. NET Learning Notes----webconfig.config Common Configuration node Introduction

First, get started with the configuration file

. NET provides a way to save project configuration information by using a configuration file, which is typically a. config file suffix. The configuration file in the WinForm program is typically app. config. Web. config is generally the default in ASP.

A. config configuration file is an XML-based text file and can be saved to any directory in the Web application. The Web. config file is not compiled into the DLL file when you publish it. In the future, if the client changes, you just need to use Notepad to open the Web. config text editing related settings to re-use without recompiling the program.

　　1. configuration file Lookup
We'll start by looking at the configuration file to see how the configuration file looks.
. NET provides a configuration file for the current machine, which is Machine.config, which is located under the%windir%microsoft.netframeworkv2.0.50727config file.
(%windir% is the system directory under the system partition, enter%windir% in command-line mode and then return to view the system directory of the current machine, in Windows 2003 and Windows XP%windir% is the directory under the system partition, In Windows 2000%windir% is the Winnt directory under the system partition). This file defines the configuration for the current and its WinForm program and the ASP.

Machine.config in My computer's path is: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config because of the contents of the more, and can not understand, So it's no use sticking it out.

There is also a Web. config file under the same folder, which contains the common configuration of the ASP. When the ASP. NET site IIS starts, the configuration information in the configuration file is loaded, and the information is cached, so that you do not have to read the configuration information every time. During the run, the ASP. NET application monitors the configuration file changes, and once these configuration information is edited, the configuration information is re-read and cached.

When we want to read a node or node group information, we search for it in the following ways:
(1) If there is a Web. config file in the same directory as the current page, see if there is a node name to find, if there is a return result and stop looking.
(2), if the Web. config file does not exist in the directory where the current page exists or the node name does not exist in the Web. config file, find its parent directory until the root of the Web site.
(3) If the Web. config file does not exist in the root directory of the website or the node name does not exist in the Web. config file C:\Windows\Microsoft.NET\Framework\v2.0.50 Find in the 727\config\webconfig.config file.
(4) If the node in the C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\webconfig.config file that does not exist in the response is C:\Windows\ Find in Microsoft.net\framework\v2.0.50727\config\machine.config.
(5) returns null if it is still not found.

The parent directory of the directory where the current page is located, up to the root directory, Web. config, C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\ Webconfig.config-C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config

So if we have a specific configuration for a Web site or a folder, you can create a Web. config file under the appropriate folder, overwriting the configuration of the same name in the Web. config file in the parent folder. These configuration information is looked up only once, so it is cached for later invocation. When an ASP. NET application is running, the user session information stored in server memory is lost (such as a session stored in memory) if the Web. config file changes and the corresponding application restarts. Some software (anti-virus software) modifies the access time property of Web. config every time the access to Web. config is completed, which also results in the restart of the ASP.

2. Common Configuration node and read

The Web. config file is an XML file whose root node is <configuration>, and the common child nodes under the <configuration> node have:<configsections>, < Appsettings>, <connectionStrings> and <system.web>. The <appSettings> node is mainly used to configure the application configuration information of some websites, and the <connectionStrings> node is mainly used to configure the database connection string information of the website.

The <system.web> node is primarily a configuration of the site runtime, and its common nodes are the following:
<appSettings> node
The <appSettings> node is primarily used to store some configuration information for an ASP, such as a save path for uploading files.

<appSettings><!--allow uploading of picture format types--><add key= "ImageType" value= ". jpg;. BMP;. GIF;. PNG;. JPEG ><!--The file types allowed to upload--><add key= "FileType" value= ". jpg;. BMP;. GIF;. PNG;. JPEG;. PDF;. Zip;. rar;. XLS;. Doc "/></appsettings>

<connectionStrings> node
<connectionStrings> node is mainly used to configure the database connection, we can add any node in the <connectionStrings> node to save the database connection string, The database connection object is subsequently instantiated by the code in the code to dynamically obtain the value of the node, so that changing the database simply requires changing the configuration file.

<connectionStrings>    <!--SQL Server database configuration-    <add name= "DBConnection" connectionstring= "Data source= (local); Initial Catalog=aspnetstudy; User Id=sa; Password=123 "/></connectionstrings>

<compilation> node
The <compilation> node configures all the compilation settings that ASP. NET uses, the default Debug property is "True", which is to allow debugging, which in this case affects the performance of the Web site, so the value of the node should be set to false after deployment.

<authentication> node
To set the ASP. NET authentication mode, there are four authentication modes, with the following values:
Mode description
Windows uses Windows authentication for domain users or LAN users.
Forms uses form validation, which relies on site developers for authentication.
Passport authenticates using the authentication service provided by Microsoft.
Node does not perform any authentication

<customErrors> node
The <customErrors> node is used to define information about some error messages. This node has mode and defaultredirect two properties, where the Defaultredirect property is an optional property that indicates the default URL that is redirected to when a program error occurs, and a generic error is displayed if the property is not specified. The Mode property is a required property, and it has three possible values, and they represent the following meanings:
Mode description
On indicates that the custom error message is visible to both local and remote users.
Off to disable custom error messages, both local and remote users will see detailed error messages.
RemoteOnly indicates that the local user will see the detailed error message, and the remote user will see the custom error message.
It is necessary to explain the concepts of local Users and remote users. The machine used when we access the ASP and the machine used by the publishing ASP is the same machine as the local user, otherwise it is a remote user. In the development debugging phase in order to find errors. The Mode property is recommended to OFF, while the Mode property should be set to on or remoteonly during the deployment phase to avoid these detailed error messages exposing the details of the program code and causing the hacker to invade.

2013-04-16

Today, colleagues in the deployment of the program, the program in the local test is normal, the server is wrong, but do not know where to believe that the error message is blocked, then is set up this place on the server, the corresponding detailed error information is displayed.

<customerrors mode= "Off" ></customErrors>

<error> child nodes
There are also <error> subnodes under the <customRrrors> node, which is redirected to our custom error page based on the HTTP error status code of the server, and note that the configuration under the <error> sub-node will take effect , the Mode property of the <custonErrors> node must be set to "on".

<customerrorsmode= "on" defaultredirect= "genericerrorpage.htm" > <errorstatuscode= "403" redirect= "403.htm" /> <errorstatuscode= "404" redirect= "404.htm"/></customerrors>

In the above configuration if the user access to the page does not exist will jump to the 404.htm page, if the user does not have permission to access the requested page will jump to the 403.htm page, 403.htm and 404.htm are our own added pages, we can again give a friendly error message page.

The The following is the

As can be seen from the above configuration, get or post requests for *.mdf, *.LDF files will be handed to System.Web.HttpForbiddenHandler for processing, the result is that the user can not view or download the relevant files. If a file in one of our folders or a file of a certain type does not allow the user to download, you can add the appropriate child nodes to the 
The For example, the following configuration controls the maximum number of files a user can upload is 40M (40*1024k), the maximum timeout time is 60 seconds, and the maximum concurrent request is 100.
<pages> node
The <pages> node is used to represent settings for a particular page, with three properties, as follows:
Property name Description
Whether HTTP response buffering is enabled in buffer.
enableViewStateMac Whether the computer authentication check (MAC) should be run on the view state of the page
ValidateRequest whether to verify that there are cross-site scripting attacks and SQL injection vulnerability attacks in user input, the default is true, and a httprequestvalidationexception exception occurs if a match occurs. Treat this property as false for half of the online text editor page to validate user input yourself.
<pagesbuffer= "true" enableviewstatemac= "true" validaterequest= "false"/>
<sessionState> node
The <sessionState> node configures the session state configuration for the current ASP. Here is a common configuration:
<sessionstatecookieless= "false" mode= "InProc" timeout= "/>"
The above node configuration is set to enable cookies in the ASP. NET application, and the session state mode is specified to save the session state in the process and also specifies a session timeout of 30 minutes.
The Mode property of the <sessionState> node can be one of the following values:
Property Value Description
Custom uses customized data to store session state data.
InProc the default value. Session state data is stored by an ASP. NET worker process.
Off disables session state.
SQL Server saves session state data using an out-of-process SQL Servers database.
StateServer uses the out-of-process ASP. NET State Service to store state information.
In general, the InProc mode is used to store session state data by default, which has the advantage of fast access, the disadvantage is that it is more memory-intensive, so it is not appropriate to store large user session data in this mode.
<globalization> node
The globalization settings used to configure the application. There are several more important properties for this node, respectively, as follows:
Property name Description
FileEncoding Optional Properties. Sets the storage encoding for. aspx,. asmx, and. asax files.
RequestEncoding Optional Properties. Sets the encoding for the client request, which defaults to UTF-8.
ResponseEncoding Optional Properties. Sets the encoding of the server-side response, which defaults to UTF-8.
The following is the default configuration in an ASP. NET application:
<globalizationfileencoding= "Utf-8" requestencoding= "Utf-8" responseencoding= "Utf-8"/>
. NET Learning Notes----webconfig.config Common Configuration node Introduction