Detailed explanation of ASP. NET configuration file Web. config (incomplete)

1. Understand the Web. config file

Web. config is an XML text file used to store ASP. NET Web application configuration information (for example, the most common settings ASP. NET Web application authentication method), which can appear in every directory of the application. When you use VB. after creating a Web application, a default Web application is automatically created in the root directory by default. config file, including the default configuration settings. All subdirectories inherit its configuration settings. If you want to modify the configuration settings of a subdirectory, you can create a Web. config file under the subdirectory. It can provide configuration information other than the configuration information inherited from the parent directory, or rewrite or modify the settings defined in the parent directory. Modifications to the Web. config file at runtime can take effect without restarting the Service (note: the exception in <processModel> section ). Of course, the Web. config file can be expanded. You can customize new configuration parameters and write the configuration section handler to process them.

Ii. web. config configuration file (default configuration settings) All the following code should be located in <configuration> <system. web> and </system. for the purpose of learning, the following examples omit the XML mark

1. Role of the <authentication> section: Configure ASP. NET authentication support (Windows, Forms, PassPort, None) (see asp. net3.5 practical tutorial P359). This element can only be declared at the computer, site, or application level. The <authentication> element must be used with the <authorization> section.

Example: In the following example, the website is configured for form-based authentication. When a user who does not log on to the website that requires authentication, the webpage automatically jumps to the logon webpage.

[Html]
<Authentication mode = "Forms">
<Forms loginUrl = "logon. aspx" name = ". FormsAuthCookie"/>

</Authentication>

The element loginUrl indicates the name of the login webpage, and name indicates the Cookie name.

2. Role of the <authorization> section: controls access to URL resources from clients (for example, Anonymous Users are allowed to access ). This element can be declared at any level (computer, site, application, subdirectory or page. Must be used with the <authentication> section. Example: The following example disables access by anonymous users:

[Html]
<Authorization>
<Deny users = "? "/>
</Authorization>
Note: You can use user. identity. to obtain the authenticated user name. You can use the web. security. formsAuthentication. the RedirectFromLoginPage method redirects authenticated users to the page the user just requested. see Forms verification http://www.51aspx.com/websample/dataauth.aspx for specific examples

3. <compilation>: configure all compilation settings used by ASP. NET. The default debug attribute is "True". After the program is compiled and delivered, set it to True (the Web. config file is described in detail, and the example is omitted here)

4. <customErrors>: Provides information about custom Errors for ASP. NET applications. It is not applicable to errors in XML Web services. Example: When an error occurs, redirect the webpage to the custom error page.

[Html]
<CustomErrors defaultRedirect = "ErrorPage. aspx" mode = "RemoteOnly">
</CustomErrors>

The defaultRedirect element indicates the name of the custom error webpage. Mode element: displays custom (friendly) information for users not running on the Local Web server.

5.

6. <pages> function: identifies page-specific configuration settings (such as whether to enable session Status, view status, and whether to detect user input ). <Pages> statements can be made at the computer, site, application, and subdirectory level. Example: do not check whether there is potential dangerous data in the content entered by the browser (Note: This item is checked by default. If you do not check, 1. encode or verify user input). When you send a page from the client, the encrypted view status is checked to verify that the view status has been tampered with on the client. (Note: This item is not verified by default) <pages buffer = "true" enableViewStateMac = "true" validateRequest = "false"/>

7. <sessionState>: Configure session State settings for the current application (for example, set whether to enable session state and the location where session state is saved ). Example:

[Html]
<SessionState mode = "InProc" cookieless = "true" timeout = "20"/>
</SessionState>

Note: mode = "InProc" indicates that the session status is stored locally (you can also choose to store the session status on a remote server or SAL server or not enable the session Status) cookieless = "true" indicates: if the browser does not support Cookie, enable the session Status (False by default) timeout = "20" indicates that the session can be idle for 8 minutes. <trace> function: Configure ASP. NET tracking service, mainly used for program testing to determine where errors occur. Example. default Configuration in config: <trace enabled = "false" requestLimit = "10" pageOutput = "false" traceMode = "SortByTime" localOnly = "true"/> note: enabled = "false" indicates that tracing is not enabled; requestLimit = "10" indicates the number of Trace Requests stored on the server. pageOutput = "false" indicates that the trace output can only be accessed through the tracking utility; traceMode = "SortByTime" indicates that the trace information is displayed in the order of processing the trace. localOnly = "true" indicates the trace Viewer (trace. axd) is only used for hosting Web servers. 3. custom Web. config file configuration section custom Web. the configuration process of the config file is divided into two steps. First, declare the name of the configuration section and the name of the. NET Framework class that processes the configuration data in the section between the <configSections> and </configSections> labels at the top of the configuration file. Second, make actual configuration settings for the declared section after the <configSections> area. Example: Create a storage database connection string

[Html]
<Configuration>
<ConfigSections>
<Section name = "etetction" type =" System. Configuration. NameValueFileSectionHandler, System, Version = 1.0.3300.0, Culture = neutral, PublicKeyToken = b77a5c561934e089 "/>
</ConfigSections>

<Deleetask>
<Add key = "scon" value = "server = a; database = northwind; uid = sa; pwd = 123"/>
</AppSettings>

<System. web>
......
</System. web>
</Configuration>

4. access the Web. config file. You can use the ConfigurationSettings. deleettings static string set to access the Web. config file. Example: Obtain the connection string created in the preceding example.
Author: zhangfeng510