This article describes the use of the ASP. NET configuration file Web. config and share it for everyone's reference. The specific analysis is as follows:
I. Understanding the Web. config file
The Web. config file is an XML text file that is used to store configuration information for an ASP. NET Web application, such as the most commonly used settings for the authentication of an ASP. NET Web application, which can appear in every directory of the application. When you create a new Web application through vb.net, by default, a default Web. config file is automatically created in the root directory, including the default configuration settings, and all subdirectories inherit its configuration settings. If you want to modify the configuration settings for subdirectories, you can create a new Web. config file under that subdirectory. It can provide configuration information other than the configuration information inherited from the parent directory, or you can override or modify the settings defined in the parent directory.
Modifications to the Web. config file at run time do not need to restart the service to take effect (note:<processmodel> section exception). Of course, the Web. config file can be extended. You can customize the new configuration parameters and write configuration section handlers to process them.
Ii. Web. config profile (default configuration settings) All of the following code should be located in <configuration><system.web> and </system.web></ Between configuration>, for the purposes of learning the following example omits this XML tag
1. <authentication> Festival
Role: Configure ASP. NET authentication support (for Windows, Forms, PassPort, none of the four). This element can only be declared at the machine, site, or application level. <authentication> elements must be used in conjunction with the <authorization> section.
Example:
The following example configures a site for forms-based authentication, and when no logged-on user accesses a webpage that requires authentication, the page automatically jumps to the landing page.
<authentication mode = "Forms">
<forms loginUrl = "logon.aspx" name = ". FormsAuthCookie" />
</ authentication>
The element loginUrl represents the name of the landing page, and name represents the name of the cookie
2. <authorization> section
Role: Control client access to URL resources (such as allowing anonymous users to access). This element can be declared at any level (computer, site, application, subdirectory, or page). Must be used in conjunction with the <authentication> section.
Example: The following example prohibits access by anonymous users
<authorization>
<Deny users = "?" />
</ authorization>
Note: You can use user.identity.name to obtain the current user name that has been authenticated; you can use the web.Security.FormsAuthentication.RedirectFromLoginPage method to redirect the authenticated user to the page that the user just requested. For specific examples, please refer to :
Forms verification http: //XXXXX/websample/dataauth.aspx
3. <compilation> section
Function: Configure all compilation settings used by ASP.NET. The default debug attribute is "True". After the program is compiled and delivered, it should be set to True (detailed instructions in the Web.config file, examples are omitted here)
4. <customErrors>
What it does: Provides information about custom error messages for ASP.NET applications. It does not apply to errors that occur in XML Web services.
Example: When an error occurs, jump to the custom error page.
<customErrors defaultRedirect = "ErrorPage.aspx" mode = "RemoteOnly">
</ customErrors>
The element defaultRedirect represents the name of the custom error page. The mode element means: display custom (friendly) information to users who are not running on the local Web server
5. <httpRuntime> section
Role: Configure ASP.NET HTTP runtime settings. This section can be declared at the computer, site, application, and subdirectory levels.
Example: Control the user to upload files up to 4M, the maximum time is 60 seconds, and the maximum number of requests is 100
<httpRuntime maxRequestLength = "4096" executi appRequestQueueLimit = "100" />
6. <pages>
Purpose: Identify page-specific configuration settings (such as whether to enable session state, view state, whether to detect user input, etc.). <pages> can be declared at the computer, site, application, and subdirectory levels.
Example: Do not detect whether there is potentially dangerous data in the content entered by the user in the browser (Note: This item is detected by default. If you use non-detection, you must encode or verify the user's input). When the page is posted back, the encrypted view state is checked to verify whether the view state has been tampered with on the client. (Note: This item is not verified by default)
<pages buffer = "true" enableViewStateMac = "true" validateRequest = "false" />
7. <sessionState>
Role: Configure session state settings for the current application (such as setting whether to enable session state and where to save session state).
<sessionState mode = "InProc" cookieless = "true" timeout = "20" />
</ sessionState>
Note:
mode = "InProc" means: store session state locally (you can also choose to store in remote server or SAL server or not enable session state)
cookieless = "true" means: if the user's browser does not support cookies, session state is enabled (default is False)
timeout = "20" means: the number of minutes the session can be idle
8. <trace>
Role: Configure the ASP.NET tracking service, which is mainly used for program testing to determine what went wrong.
Example: The following is the default configuration in Web.config: <trace enabled = "false" requestLimit = "10" pageOutput = "false" traceMode = "SortByTime" localOnly = "true" />
Note:
enabled = "false" means not to enable tracking; requestLimit = "10" means to specify the number of tracking requests stored on the server
pageOutput = "false" means that the trace output can only be accessed through the trace utility;
traceMode = "SortByTime" indicates that trace information is displayed in the order in which traces are processed
localOnly = "true" means that the trace viewer (trace.axd) is only used to host the web server
Three, custom Web.config file configuration section
The custom Web.config file configuration section process is divided into two steps.
One is to declare the name of the configuration section and the name of the .NET Framework class that handles the configuration data in the section between the <configSections> and </ configSections> tags at the top of the configuration file.
The second is to make the actual configuration settings for the declared section after the <configSections> area.
Example: Create a section to store the database connection string
<configuration>
<ConfigSections>
<Section name = "appSettings" type = "System.Configuration.NameValueFileSectionHandler, System, Version = 1.0.3300.0, Culture = neutral, PublicKeyToken = b77a5c561934e089" />
</ configSections>
<AppSettings>
<Add key = "scon" value = "server = a; database = northwind; uid = sa; pwd = 123" />
</ AppSettings>
<System.web>
......
</System.web>
</ configuration>
Fourth, access the Web.config file
You can access the Web.config file example by using the ConfigurationSettings.AppSettings static string collection: get the connection string established in the example above.
Hope this article is helpful to everyone's asp.net programming.