Web. config file configuration

1. Configure Access database connections

The provider property is used to specify the database engine used, and the data source property is used to specify the physical location of the Access database file located on the computer. The ASP. NET application will | datadirectory| resolves to the "< application root >/app_data" folder.

<configuration>
<appSettings>
<add key= "Accesscon" value= "provider=microsoft.jet.oledb.4.0;
Data source=| Datadirectory|db_access.mdb "/>
</appSettings>
<connectionStrings/>

2. Configuring SQL database Connection

<configuration>
<appSettings>
<add key= "Sqlcon" value= "Data source= (local);D atabase=northwind; Uid=sa; Pwd=sa "/>
</appSettings>
<connectionStrings/>

3. Configure the life cycle of Session variables

After each client connects to the server, the server side has to establish a separate session and need to allocate additional resources to manage the session, but if the client is for some reason. For example, to be busy with other things and stop any work but not close the browser, then in this case, the server will still consume a certain amount of resources to manage the session, which resulted in a waste of the server, reduce server efficiency, So you can reduce this waste to the server by setting the lifetime of the Seeion object.

The lifecycle of configuring session variables is done in the <sessionState><sessionState/> section, and several parameters need to be set when configuring the session's life cycle.

Set value	Describe
Mode	This parameter is used to set the storage session state. Status includes off, Inproc, StateServer, and SQL Server. Off means that the session is disabled State; InProc indicates that the worker process itself stores session state; StateServer indicates that the session information will be stored in a separate Asp. NET State Service, SQL Server indicates that the session information will be stored in the SQL Server database
stateConnectionString	This parameter is used to set the ASP. The server name of the session state, the default name is local
Cookieless	When the parameter value is set to True, the cookie session is not used The client is identified, and the inverse is set to false. Indicates the start cookie session state
sqlConnectionString	This parameter is used to set the SQL Server database connection
Timeout	This parameter is used to set the session time beyond that period, The session is automatically interrupted and is set to 20 seconds by default

Example :<sessionstate mode= "InProc" timeout= "1"></sessionState>

Session state is the most important part of state management. It allows users to save information on one page and use it on another page, and it supports any object type, including custom data types.

4, limit the size and time of uploading files

Configuring the Limit upload file size and time string in the Web. config file is done in the

maxRequestLength property: Used to prevent service attacks, such as denial of access caused by a user sending large files to the server. The default value is 4096KB (4MB).

Executiontimeout Property: Specifies the maximum number of seconds that a request is allowed to execute before an ASP. NET application shuts down automatically. This time-out property is only applicable if the Debug property in the compilation element is false. The default value is 110s.

Add the following code to the <system.web></system.web> section in the Web. config file to limit the maximum upload file to 4MB and the Web page timeout to 100s.
maxrequestlength= "4096" executiontimeout= "/> "

5. Connection default error page

In some Web sites, when an error occurs on a network address, it is usually automatically redirected to a page and an error message is displayed on that page, which can also be implemented by configuring the Web. config file. For example, when a visitor visits a Web site, an error occurs, and the program jumps to the default page error.aspx.

Configuring the Connection default error page string in the Web. config file is done in the <customErrors><customErrors/> section, which requires the following two properties to be set.

Mode property: Lets you specify whether to enable or disable custom errors, or to display custom errors only to remote clients. This property can be on, off, and RemoteOnly one of the 3 values. On means that custom errors are enabled; Off means custom errors are disabled; RemoteOnly indicates that custom errors are displayed only to remote clients, and an ASP. NET error is displayed to the local host, and the default value is RemoteOnly.

Defaultredirect Property: Specifies the default URL address that the browser directs to when a webpage error occurs. If this property is not specified, a generic error is displayed.

Add the following code to the <system.web></system.web> section in the Web. config file so that the program automatically jumps to the Error.aspx page when an error occurs. <customerrors defaultredirect= "error.aspx" mode= "on">

Connecting the default error page effectively handles the exception information that occurs in the program and prevents the program from being compromised because of the presence of the exception information.
6. Configuring Authentication Levels

Configuring the user authentication level in the Web. config file is done in the <authentication><authentication/> section, and when configured, you need to specify the Mode property, which has the following 4 parameters

Set value	describe
Windows	To specify Windows authentication as the default authentication mode
Forms	The ASP. NET forms-based authentication is specified as the default authentication mode
PassPort	To designate Microsoft's centralized authentication as the default authentication mode
None	Do not specify any authentication

In addition, configuring the user authentication level also requires the <deny/> element to be specified in the <authorization></authorization> section to restrict users who are not logged on to access pages that require authentication.

<authentication mode= "Forms">

<forms name= "MyCookie" loginurl= "Login.aspx">

</forms>

</authentication>

<authorization>

<deny users= "?" />

</authorization>