web| reference web.config written On:nov, 16th 2001.
Application ("DSN") = "server=moon;" Driver=sql Server; Database=store; Uid=user; Pwd=bingo; "
Above declaration in the global.asa file might is familiar to almost all ASP programmers.
While going through the MSDN, I am overwhelmed, by looking to the Web.config file which all handles for a N Application. The replacement for the above declaration in ASP. NET is as follows:
<configuration>
<appSettings>
<add key= "DSN" value= "Server=moon;database=store; Trusted_connection=yes "/>
</appSettings>
</configuration>
Then, in your ASPX page, your should have the following statement to retrieve the value for DSN.
Dim DSN as String = configurationsettings.appsettings ("DSN")
So, I started to ask the following questions to myself.
What exactly is web.config?
Does this is handles only the above example?
What are the benefits of web.config?
And, following were the results for me questions, and I would like to share with your all. This is based on BETA2
Introduction
So, web.config is a xml-based configuration file. If you are in the above example, you can make sure this all elements are on XML based. Obviously, we can develop a tool for modifying and editing this configuration file.
A web.config can appear in no directory on A asp.net Web application server. Said This, if you are have a Web.config file in the directory "C:\inetpub\wwwroot", then the settings specified in the Web.con The fig is applicable to all the subdirectories under Wwwroot. Each sub-directory can have its own Web.config file and it would overwrite the settings of the Web.config file in the Paren T directory.
There is another file called Machine.config, which provides to configuration settings for the entire server. If you change the contents of a Web.config file then the change would be immediately reflected in the processing of any I Ncoming requests to the Web ' server. These settings are calculated only once and then cached across subsequent. asp.net automatically watches for file changes and would invalidate the cache if any of the configuration files change. (For more information on caching Click here)
The root element of a Web.config file is always a <configuration> tag. The <configuration> tag contains three different types of elements:1) configuration section handler declarations, 2 Configuration section groups, and 3) configuration the section settings.
Following are the list of commonly used configuation tags, that, we are used in our web applications and'll go thru them
1) Appsettings
2) authentication
3) Authorization
4) Compilation
5) CustomErrors
6) globalization
7) Identity
8) MachineKey
9) Pages
ProcessModel)
One) sessionstate
) Trace
<appSettings>
This can is declared at the machine, site, application and subdirectory level Include all custom settings for your app Lication in this section. Appsettings tag contains two attributes Viz; Key and value.
<add key= "key" value= "value"/>
Eg: <add key= "DSN" value= "Server=moon;database=store; Trusted_connection=yes "/>
<authentication>
All of the authentication/security related stuff are declared in this section. Authentication section contains a single attribute called "mode". Possible values for "mode" are (a) Forms (b) None (c) Passport and (d) Windows
Form based authentication can is used, if you are want to use ASP. NET forms-based authentication.
If you are want to allow anyonmyous the users to access your website, select None.
Passpost authentication can be used, if your want the authentication to is based on Microsoft Passport authentication mode.
Use Windows Mode authentication, if you are want to use Basic, Digest, Integrated Windows Authentication (Ntlm/kerberos), or C Ertificates
Note:if you are using Form based authentication, then you have several other options such as "How the password should is E Ncrypted, while submitting the form, if login fails, which page should is shown to the user etc.
As the authentication is included in, System.Web.Configuration.AuthenticationConfigHandler while setting the Authentication mode, you should code as follows
Eg:
<configuration>
<system.web>
<authentication mode= "None"/>
</system.web>
</configuration>
<authorization>
This is a very powerful tag, were can restrict or allow users who wish to visit Web site. Authorization tag contains two sub tags such as allow and deny.
Allow tag provides us with three attributes, namely users, roles and verbs. We can add the list of users seperated by comma in the users attribute. Also we can specify the which each user belongs too. Important aspect of the "verb is", we can control users depending upon the Web request this is the server are get Ting. The verb attribute provides us with four options get, head, POST and DEBUG.
The Deny tag has the same attributes as the Allow tag has. Other aspect of both and tags are, we can use two special symbols? and * To specify anonymous users and the all users respectively.
Eg:
<configuration>
<system.web>
<authorization>
<allow roles= "Admins"/>
<deny users= "*"/>
</authorization>
</system.web>
</configuration>
<compilation>
It is in this tag, with the set all your compilcation options. This tag contains three sub-tags and seven attributes, which are and discussed.
Attributes
DEBUG specifies whether to compile retail binaries or debug binaries. TRUE Specifies debug binaries and False specifies Retail binaries
DefaultLanguage can be used to specify the language names to use in dynamic compilation files.
Use explicit attribute to turn on explicit option or to turn off. This takes either true or false and were true means explicit is enabled.
We can also do a batch compiliation by specifying the attribute bath as true. If We have batch compiliation, then we might face the timeout problem. Then we may also want to use the BatchTimeout attribute to set the time for batch timeout.
Numrecompilesbeforeapprestart is the next attribute. This attribute indicates the number of dynamic recompiles of the can occur before the application restarts. This attribute is supported at the global and application level but not in the directory level.
Strict attribute indicates the settings of the Visual Basic Strict compile option. Supports two values, TRUE and FALSE.
Subtags
Compilers tag contains many or one compiler tag, were we define new compiler options. Assemblies and namespaces specifies ASP. NET processing directives
Eg:
<configuration>
<system.web>
<compilation defaultlanguage= "VB" debug= "true" >
<compilers>
<compiler language= "VB; VBScript "extension=". CLs "Type=" Microsoft.vb. Vbcodeprovider,system "/>
<compiler language= "C #; Csharp "extension=". Cs "Type=" microsoft.csharp. Csharpcodeprovider,system "/>
</compilers>
<assemblies>
<add assembly= "ADODB"/>
<add assembly= "*"/>
</assemblies>
<namespaces>
<add namespace= "system.web"/>
<add namespace= "System.Web.UI"/>
<add namespace= "System.Web.UI.WebControls"/>
<add namespace= "System.Web.UI.HtmlControls"/>
</namespaces>
</compilation>
</system.web>
</configuration>
<customErrors>
As the name says all about, Customerros provides information about custom error messages for a asp.net application. CustomErrors tag provides us with three attributes.
Defaultredirect can be used to specify the URL to direct a browser and if any unexpected error occurs. The mode attribute takes three values on, off or RemoteOnly. REMETEONLY Specifies that custom errors are shown only to remote clients.
The Subtag <error> might is very useful in a variety of way. We can specify the error status code and ask the browser to redirect to a specific page. We should use the attribute, StatusCode to specify the error status code and the redirect attributes to specify the Redirec The T URL.
Eg:
<configuration>
<system.web>
<customerrors defaultredirect= "error.aspx" mode= "RemoteOnly" >
<error statuscode= "redirect=" internalerror.htm "/>"
</customErrors>
</system.web>
</configuration>
<globalization>
Configures the globalization settings of an application. Two important attributes of this tag are requestencoding and responseencoding. Default values for both encoding are "iso-8859-1" and which is 中文版.
Eg:
<configuration>
<system.web>
<globalization requestencoding= "iso-8859-1" responseencoding= "iso-8859-1" >
<globalization/>
</system.web>
</configuration>
<identity>
Controls the application identity of the WEB application. Supports three attributes. Impersonate is the "the", which specifies whether client impersonation is used on each request to the Web server . takes either TRUE or FALSE. If The impersonation is FALSE, then we should specify the values for the attributes, username and password.
Eg:
<configuration>
<system.web>
<identity impersonate= "true"/>
</system.web>
</configuration>
<machineKey>
Configures keys to use for encryption and decryption of Forms authentication cookie data. This section can is declared at the machine, site, and application levels but. This tag supports three attributes; ValidationKey, decryptionkey and validation.
ValidationKey and DecryptionKey takes the default value, which is AutoGenerate. We can also specify a key and it should be length of 128 hexadecimal characters. The validation attribute can is used to specify the Alogrithm to is used while encryption. Possible values are SHA1, MD5 and 3DES.
<pages>
As the name indicates, we should use this tag to specify the page-specific configuration settings. IT supports six attributes. We'll dicsuss each one of the them.
Buffer attribute specifies, whether are buffered or not. This takes three values in, off and Readonly.
We can enable the session state or disable the sessions by using the attribute, EnableSessionState. This takes two values, either TRUE or FALSE.
PageBaseType can be used to specify Code-behind class this. aspx page inherits. USERCONTROLBASETYPE specifies a code behind class that usercontrols inherit.
If you are want to disable any event firing in the page, you can use the attribute AutoEventWireup. This too takes either TRUE or FALSE.
Eg:
<configuration>
<system.web>
<pages buffer= "true" enablesessionstate= "true" autoeventwireup= "true" >
</pages>
</system.web>
</configuration>
<processModel>
This are mainly for the Web Administrators. We should use this tag responsibly. We can use the ' tag to specify the ' timeout for ' when a ' new worker process should start in ' place ' of current one, the IdleTime Out which specifies the minutes this ASP. NET automatically shuts down the worker process. One of the important of this tag was requestqueuelimit, were you can specify the number of requests allowed in th E queue before ASP. NET begins returning "503" (Server too Busy error). Default is 5000.
Eg:
<configuration>
<system.web>
<processmodel enable= "true" timeout= "ten" idletimeout= "requestqueuelimit=" >
</processModel>
</system.web>
</configuration>
<sessionState>
This tag can is used to specify and were we are storing the session. This can is specified in the mode attribute. Supported values mode are off, InProc, StateServer and SQL Server. InProc indicates that, sessions states is stored locally. StateServer indicates that session state are stored on a remote server and SQL Server can be used to indicate that the Sessi On the ' stored ' on a SQL Server.
We also have the choice to use cookie to store the sessions. This can is set using the attribute cookieless. Session timeout can be specified using the attribute called timeout. By default, the sessions timeout is minutes (same as classic ASP).
Eg:
<configuration>
<system.web>
<sessionstate mode= "Inproc" cookieless= "true" timeout= ">"
</sessionState>
</system.web>
</configuration>
<trace>
This is a very useful tag to debug our programs. We can use the ' trace ' tag to show the ' information for the ' page processed by the server. By default, the "All" traces are stored on the server. We can specify the number of traces stored in the memory by using the attribute called Requestlimit. Default is 10. We can either append the trace to the page or can be viewed using the trace utility. This is specified by the attribute called Pageoutput.
Eg:
<configuration>
<system.web>
<trace enabled= "false" requestlimit= "pageoutput=" "true" >
</trace>
<system.web>
</configuration>
There are some more tags available which can is used in the Web.config file. Those are
Summary
That is a small introduction for Web.config file. Have two tips for you.
Suppose, if we are creating a new folder and if we want to override settings of the parent folder, configuration We have to be just create another Web.config file in the sub-directory. If we need to prevent the overriding of the new Web.config file in the subdirectory, then we can add the attribute Allowov Erride in the location tag. Also, we can specify the application name in the attribute path.
<configuration>
<location path= "App1" allowoverride= "false" >
<system.web>
<identity impersonate= "false" Username= "App1" password= "APP1PW"/>
</system.web>
</location>
</configuration>
What If some one types the web.config file in the URL?
asp.net configures IIS to prevent direct browser access to Web.config files to ensure this their values cannot become publ IC (attempts to access them'll cause asp.net to return 403:access forbidden).
External Links
http://www.123aspx.com/directory.aspx?dir=85
Http://msdn.microsoft.com/library/en-us/cpguidnf/html/cpconcreatingnewsectionhandlers.asp
