Learn about Web. config

Source: Internet
Author: User
Tags configuration settings

Understand the Web. config file

Web. config is an XML text file used to store ASP. net web application configuration information (for example, the most common settings ASP. net web application authentication method), which can appear in every directory of the application. After you create a web application using VB. NET, a default web application is automatically created in the root directory by default.

The Web. config file, including the default configuration settings, inherits the configuration settings of all subdirectories. If you want to modify the configuration settings of a subdirectory, you can create a web. config file under the subdirectory. It can provide configuration information other than the configuration information inherited from the parent directory, or rewrite or modify the settings defined in the parent directory.

Modifications to the Web. config file at runtime can take effect without restarting the Service (note: the exception in <processmodel> section ). Of course, the Web. config file can be expanded. You can customize new configuration parameters and write the configuration section handler to process them.

Web. config configuration file

(Default configuration settings) All the following code should be located in


<System. Web>


</System. Web>


For the purpose of learning, the following examples omit this XML tag.

1. <authentication> section

Purpose: Configure ASP. NET authentication support (Windows, forms, passport, none ). This element can only be declared at the computer, site, or application level. The <authentication> element must be used with the <authorization> section.


In the following example, the website is configured for form-based authentication. When a user who does not log on to the website that requires authentication, the webpage automatically jumps to the logon webpage.

<Authentication mode = "forms">

<Forms loginurl = "Logon. aspx" name = ". formsauthcookie"/>


The element loginurl indicates the name of the login webpage, and name indicates the cookie name.

2. <authorization> section

Purpose: control access to URL resources from clients (for example, Anonymous Users are allowed ). This element can be declared at any level (computer, site, application, subdirectory or page. Must be used with the <authentication> section.

Example: The following example disables access by anonymous users:


<Deny users = "? "/>


Note: You can use user. Identity. Name to obtain the user name that has been verified. You can use

The Web. Security. formsauthentication. redirectfromloginpage method redirects authenticated users to the page the user just requested. For specific examples, see:

Forms verification: http://www.cnblogs.com/yongqiudeng/articles/1071442.html

3. <compilation> section

Purpose: configure all compilation settings used by ASP. NET. The default debug attribute is "true". After the program is compiled and delivered, set it to true (the web. config file is described in detail, and the example is omitted here)

4. <customerrors>

Purpose: Provide information about custom Errors for ASP. NET applications. It is not applicable to errors in XML Web Services.

Example: When an error occurs, redirect the webpage to the custom error page.

<Customerrors defaultredirect = "errorpage. aspx" mode = "remoteonly">


The defaultredirect element indicates the name of the custom error webpage. Mode element: displays custom (friendly) information for users not running on the Local Web server.


Purpose: Configure ASP. net http Runtime Library settings. This section can be declared at the computer, site, application, and subdirectory level.

For example, the maximum size of a file to be uploaded is 4 MB, the maximum time is 60 seconds, and the maximum number of requests is 100.

<Httpruntime maxrequestlength = "4096" executiontimeout = "60" apprequestqueuelimit = "100"/>

6. <pages>

Purpose: Identify page-specific configuration settings (such as whether to enable session Status, view status, and whether to detect user input ). <Pages> statements can be made at the computer, site, application, and subdirectory level.

Example: do not check whether there is potential dangerous data in the content entered by the browser (Note: This item is checked by default. If you do not check, 1. encode or verify user input). When you send a page from the client, the encrypted view status is checked to verify that the view status has been tampered with on the client. (Note: This item is not verified by default)

<Pages buffer = "true" enableviewstatemac = "true" validaterequest = "false"/>

7. <sessionstate>

Purpose: Configure session Status settings for the current application (for example, whether to enable session Status and the location where session status is saved ).


<Sessionstate mode = "inproc" cookieless = "true" timeout = "20"/>



Mode = "inproc" indicates that the session status is stored locally (you can also choose to store the session status on a remote server or Sal server or not enable the session status)

Cookieless = "true" indicates that session status is enabled if the user's browser does not support cookies (the default value is false)

Timeout = "20" indicates the number of minutes in which the session can be idle.

8. <trace>

Purpose: configure the ASP. NET tracking service, which is mainly used for program testing to identify errors.

Example: The default configuration in Web. config is as follows:

<Trace enabled = "false" requestlimit = "10" pageoutput = "false" tracemode = "sortbytime" localonly = "true"/>


Enabled = "false" indicates that tracing is not enabled; requestlimit = "10" indicates the number of Trace Requests stored on the server.

Pageoutput = "false" indicates that the trace output can only be accessed through the tracking utility;

Tracemode = "sortbytime" indicates that trace information is displayed in the order of processing traces.

Localonly = "true" indicates that the trace Viewer (trace. axd) is used only for the host web server.

Custom web. config file configuration section

The configuration section of the custom web. config file consists of two steps.

First, declare the name of the configuration section and the name of the. NET Framework class that processes the configuration data in the section between the <configsections> and </configsections> labels at the top of the configuration file.

Second, make actual configuration settings for the declared section after the <configsections> area.

Example: Create a storage database connection string



<Section name = "etetction" type =" system. configuration. namevaluefilesectionhandler, system, version = 1.0.3300.0, culture = neutral, publickeytoken = b77a5c561934e089 "/>



<Add key = "scon" value = "Server = A; database = northwind; uid = sa; Pwd = 123"/>


<System. Web>


</System. Web>


Access the Web. config file

You can use the configurationsettings. deleettings static string set to access the Web. config file example: Obtain the connection string created in the preceding example.


Dim sconstr as string = configurationsettings. etettings ("connectionstring ")

C #

String connectionstring = system. configuration. configurationsettings. etettings ["connectionstring"];

Create a web. config file

1. In Solution Explorer, click the refresh icon to confirm that the application does not have the Web. config file.

If you have used the website management tool or some other methods to configure the application, the Web. config file may have been created automatically. Click "refresh" to update the file list.

2. In Solution Explorer, right-click the website name and click Add new project ".

3. In the "template" window, click "Web configuration file ".

The file name in the "name" text box should be web. config. You can provide other names for this file, but this is the default name .. The Config File Extension prevents ASP. NET from downloading files.

4. Click "add" to create the file and edit it.

This file contains the code displayed in the "example" section after this topic and has some initial default values. Application from % SystemRoot %/Microsoft. net/framework/<version>/config directory. config and web. the Config File inherits all configuration settings, but these default settings are not displayed here. If you want to override the inherited default settings or add a set of elements such as the httphandlers element (ASP. NET setting architecture), you only need to create a web. config file at the application level and directory level.

To view all the configuration settings of the current application, you can run the topic: programmatically view the Code contained in the inherited configuration settings and local configuration settings. You can also view % SystemRoot %/Microsoft. net/framework/<version>/config directory. config. comments or web. config. comments file (these two files also contain useful comments), but these two files will not contain all runtime settings, see how: programmatically view the inherited configuration settings and local configuration settings.

5. If the Web. config file is changed, save the file.

Saving the Web. config file restarts the application. You can also use the configsource attribute of a single section element to point to a secondary configuration file. Changing the secondary configuration file will not cause the application to restart. For more information, see configsource in the general attributes inherited by the section element.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.