Revisit asp.net configuration information (simple, common) __.net

Source: http://www.cnblogs.com/kevin-moon/archive/2009/01/22/1379789.html

Asp. NET configuration file is composed of Web.config and Machine.config.
Whenever we install the NET Framework, the Machine.config file is created to theC:/windows/microsoft.net/framework/[version]/config folder, and each Web application inherits these configuration information, We can also overwrite it with the Web.config file in the Web application.
In a Web application, we can still create web.config in each subfolder and use it to overwrite the top configuration. The following figure:

Common configuration information in Web.config <authentication>
is used, when the client sends a request to the server, the server needs to verify the identity of the client, we can set "None", "Forms", "Windows", "Passport" These four kinds of authentication methods.
1, if you do not need to verify identity, you can set: <anthentication mode= "None" >
2, in general, we use "Windows" Authentication, <anthentication mode= "Windows", this authentication is handled through IIS, IIS gives us the following kinds of authentication mode to choose,

3. Form validation, which is handled by the Web application.
<anthentication mode= "Forms" >
<forms name = "Form1" loginurl = "Login.aspx" >
</anthentication>
4, Passport verification, the client through the Microsoft Passport database to verify that the advantage is that you can have an existing authentication information, and do not need to do the registration user name these actions, but it is charged .... If you want to use this authentication method, you need to install the Passport Software Development Kit on your computer.
<anthentication mode= "Passport" >
<passport RedirectURL = "Interanlurl" >
</anthentication>

<authorization>
Controlling client access to server URLs
<anthorization>
<allow users = "roles=" "verbs =" ">
<deny users = "roles=" "verbs =" ">
</anthorization>
Users: List of user names, roles: role lists, verbs: How to request (Get,post)

<compilation>
Configure all compilation settings that the asp.net uses to compile the application. The most common is debug (whether debug binaries should be compiled) and DefaultLanguage (the default programming language used in dynamic compilation files).

<customerErrors>
Set the exception information for the Web application, and when the application is abnormal, you can set this to give the user a friendly exception message.
<customererrors defaultredirect= "..." mode = "on" >
<error statuscode= "403" redirecturl= "..."/>
<error statuscode= "404" redirecturl= "..."/>
</customerErrors>
' On ': Specifies to enable custom errors. If defaultredirect is not specified, the user will see a generic error.
OFF: Specifies that custom errors are disabled. This allows you to display standard verbose errors.
"RemoteOnly": Specifies that custom errors are displayed only to remote clients and that ASP.net errors are displayed to the local host. This is the default value.

<globalization>
Used to set the encoding format and locale for an application
<globalization requestencoding= "Utf-8" responseencoding= "Utf-8"/>

Used to set some information when the application is running
"appRequestQueueLimit": Maximum number of requested queues in the server, and if this maximum is exceeded, the server will return a 503 error (server is too busy)
"Executiontimeout": The timeout limit for processing a request.

<trace>
Tracking the execution of the application, we have two levels of tracking: page level and application level, the application level will track all pages, if pageoutput= "true", then the tracking information will be displayed at the bottom of each page, we can also go to the root of the application to find Trace.axd to see the trace log.
<trace enabled= "false" requestlimit= "ten" pageoutput= "true" tracemode= "sortbytime" localonly = "true"/>
If we just want to be at the page level, just set trace= "true" on each page.

<identity>
Configuring the identity of a WEB application
<identity impersonate= "false" Username= "..." password= "..."/>
"Impersonate": Whether client impersonation is used for each request.

<sessionState>
There are five ways to set up a server to save Session,session:
1. Inpro: The default way is to save the session on the application's process.
2, StateServer: The session is saved on the aspnet_state process, it is independent of the application process, can be on the same server can also use a dedicated server.
3. SQL Server: Save session in SQL Server database, but you need to install InstallSqlState.sql scripts before using it.

4, custom Save way, by rewriting sessionstatestoreproviderbase base class to achieve their own way of saving,

5. Do not enable session

<appSetting>
Set up some key/value information that needs to be used in an application
<appSetting>
<add key= "..." value= "..."/>
</appSetting>

Encrypt configuration file
When you have some sensitive information in your profile, you may want to encrypt the contents of the file.
Asp. NET has two types of encryption supported: RSA and DPAPI. At the same time, there are two ways to encrypt.
1. Procedure Mode
Configuration myconfig = webconfigurationmanager.openwebconfiguration (Request.applicationpath);
ConfigurationSection mysettings = myconfig.getsection ("MySection");
if (mySettings.SectionInformation.IsProtected)
{
MySettings.SectionInformation.UnprotectSection ();
}
Else
{
MySettings.SectionInformation.ProtectSection ("DataProtectionConfigurationProvider");;
}
Myconfig.save (); 2, the way the command line
We can use command-line tool aspnet_regiis.exe to encrypt config file, when you use this way to encrypt, you need to set some parameters:
"-pe": Configuration section in config file
"-app": The relative path of the application
"-prov": Encrypted provider
For example, we encrypt the configuration file under Http://localhost/MyApp

It's a holiday!