Detailed description of ASP. NET web. config configuration nodes, asp. netweb. config
Search rules for the web. config file:
(1) If the web. config file exists in the directory where the current page is located, check whether the node name to be searched exists. If yes, return the result and stop searching.
(2) If the directory of the current page does not contain the web. config file or the web. config file does not contain the name, search for its parent directory until the root directory of the website.
(3) If the root directory of the website does not exist. config file or web. if the node name does not exist in the config file, it is in % windir % "Microsoft. NET "Framework" v2.0.50727 "CONFIG" web. search in the config file.
(4) In % windir % "Microsoft. NET "Framework" v2.0.50727 "CONFIG" web. if the config file does not contain any node, the node is in % windir % "Microsoft. NET "Framework" v2.0.50727 "CONFIG" machine. search in the config file.
(5) If not found, null is returned.
When the asp.net application is running. if the config file is changed, the corresponding application will be restarted, and the user Session information stored in the server memory will be lost (such as the Session stored in the memory ).
(1) appSetings configuration Node
<Deleetask> nodes are mainly used to store configuration information of asp.net applications, such as the storage path of uploaded files.
<Deleetask> <add key = "ImageType" value = ".jpg?.bmp =.gif=.png#.jpeg"/> <! -- Formats of images that can be uploaded --> </deleettings>
string fileType=ConfigurationManager.AppSettings["FileType "];
(2) <connectionStrings> node
<ConnectionStrings> nodes are mainly used to configure database connections. You can add any node to the <connectionStrings> node to save the database connection string, in the future, you can dynamically obtain the node value in the code to instantiate the database connection object. In this way, once the database connection information changes during deployment, you only need to change the configuration here, you do not need to modify the program code and redeploy the database because of changes in the database connection information.
<connectionStrings> <add name="AspNetStudyConnectionString1" connectionString="Data Source=(local);Initial Catalog=AspNetStudy;User ID=sa;Password=sa"/></connectionString>
string connectionString = ConfigurationManager.ConnectionStrings["AspNetStudyConnectionString1"].ConnectionString;
(3) <compilation> node
<Compilation> Configure all the compilation settings used by ASP. NET on the node. The default debug attribute is "true", that is, debugging is allowed. In this case, the website performance is affected. Therefore, you should set it to "false" after the program compilation is completed and delivered ".
(4) <authentication> node
Set the asp.net Authentication mode. There are four authentication modes. Their values are as follows:
Windows uses Windows authentication, applicable to domain users or LAN users.
Forms authentication relies on website developers for identity authentication.
Passport uses the authentication service provided by Microsoft for authentication.
None does not perform any authentication.
(5) <mermerrors> node
<CustomErrors> A node is used to define information about custom error messages. This node has two attributes: Mode and defaultRedirect. The defaultRedirect attribute is an optional attribute, indicating the default URL to be redirected when an error occurs in the application. If this attribute is not specified, a general error is displayed. The Mode attribute is a required attribute and has three possible values. They represent the following meanings:
On indicates that both local and remote users will see custom error messages.
Off to disable custom error messages. both local and remote users will see detailed error messages.
RemoteOnly indicates that the local user will see the detailed error information, and the remote user will see the custom error information.
It is necessary to describe the concept of local and remote users. The machines we use when accessing the asp.net application and when the machines used for publishing the asp.net application are the same machine, they become local users. Otherwise, they are called remote users. In the development and debugging phase, we recommend that you set the Mode attribute to Off for ease of searching for the error Mode attribute. in the deployment phase, you should set the Mode attribute to On or RemoteOnly, this prevents detailed error information from exposing program code details, which can lead to hacker intrusion.
(6) <error> subnode
The <customErrors> node also contains a <error> subnode, which redirects to our custom error page based on the HTTP error status code of the server, to make the configuration under the <error> subnode take effect, you must set the Mode attribute of the <customErrors> node to "On ". The following is an example:
<customErrors mode="On" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="403.htm" /> <error statusCode="404" redirect="404.htm" /></customErrors>
(7)
<HttpHandlers> nodes are used to send user requests to the corresponding handler Based on the URL and HTTP predicate of the user request. You can configure this node at any configuration level, that is, you can perform special processing on the specified special files in a specific directory.
From the configuration above, we can see that *. mdf ,*. the Get or Post requests of the ldf file are all sent to the System. web. httpForbiddenHandler. The processing result is that the user cannot view or download the relevant files. If files in a folder or objects of a certain type cannot be downloaded, you can add corresponding subnodes to the The following uses an example to describe the usage of the
(9)
<HttpRuntime> the node is used to set the ASP. net http Runtime Library. This section can be declared at the computer, site, application, and subdirectory level.
For example, the following configuration controls the maximum size of files that can be uploaded by a user to be 40 MB (40*1024 K), the maximum timeout is 60 seconds, and the maximum number of concurrent requests is 100.
(10) <pages> nodes
<Pages> A node is used to set a specific page. It has three attributes:
Whether HTTP Response buffer is enabled for buffer.
Whether enableViewStateMac should run the computer authentication check (MAC) on The View status of the page to place user tampering. The default value is false. If it is set to true, the performance will decrease.
ValidateRequest checks whether there are cross-site scripting and SQL injection vulnerability attacks in user input. The default value is true. If a match occurs, an HttpRequestValidationException occurs. For pages that contain online text editors, set this attribute to false by verifying user input.
<pages buffer="true" enableViewStateMac="true" validateRequest="false"/>
(11) <sessionState> node
<SessionState> the node is used to configure the session Status of the current asp.net application. The following is a common Configuration:
<sessionState cookieless="false" mode="InProc" timeout="30" />
The above node configuration is to enable Cookie in the asp.net application, and specify the session state mode to save the session state in the process, and also specify the session timeout to 30 minutes.
The Mode attribute of the <sessionState> node can be one of the following values:
Custom uses Custom data to store session status data.
Default Value of InProc. The asp.net auxiliary process stores session status data.
Off to disable the session status.
SQLServer uses the SQL Server database outside the process to save session status data.
StateServer uses the out-of-process ASP. NET Status Service to store status information.
By default, the InProc mode is used to store session state data. The advantage of this mode is that the access speed is fast, but the disadvantage is that the memory usage is high. Therefore, it is not recommended to store large user session data in this mode.
(12) <globalization> node
Used to configure global settings for applications. This node has several important attributes:
Optional attributes of fileEncoding. Set the storage encoding of. aspx,. asmx, And. asax files.
Optional requestEncoding attributes. Sets the encoding of the client request, which defaults to the UTF-8.
Optional responseEncoding attributes. Sets the server-side response encoding, which defaults to a UTF-8.
The following is the default configuration in the asp.net application:
<globalization fileEncoding="utf-8" requestEncoding="utf-8" responseEncoding="utf-8"/>
(13) read and write the web. config file
Public void SetAppSetting (string key, string value) {paiettingssection paietting = (AppSettingsSection) config. getSection ("deleettings"); if (deleetting. settings [key] = null) // if this node does not exist, add {deleetting. settings. add (key, value);} else // if this node exists, modify {deleetting. settings [key]. value = value ;}}