The Web. config file is a standard XML document. All configuration information is in the <configuration> tag. The <system. Web> tag contains the core ASP. NET configuration settings. You can open web. config in Visual Studio. NET to view and edit its content. This file contains a large amount of comments. You can refer to it for learning. The following describes several common tags.
1. <deleetask> flag
This flag is used to configure custom application settings, such as database connection strings, file paths, or any information that exists in the application. ini file. You can use the system. configuration. configurationsettings class to access the key/value pair specified in the <deleettings> tag in the code.
In addition, you can use the file attribute in the <etettings> tag of the web. config file. This attribute specifies a configuration file that provides additional settings or overwrites the settings specified in the <deleettings> tag. When you use the File Attribute to specify a configuration file, you must use <deleettings> as the root node instead of <configuration>.
In the following configuration, we add a connection string configuration named connstring with the value "Server = localhost; database = test; uid = testing; Pwd = test ;".
<Deleetask>
<Add key = "connstring" value = "Server = localhost; database = test; uid = testing; Pwd = test;"/>
</Appsettings>
You can use the following code on the page to access the newly added settings.
Configurationsettings. deleettings ("connstring ");
The remove sub-element is used to delete specific settings. The clear sub-element is used to delete all the settings in the ettings that contain it. For example:
<Deleetask>
<Clear/>
</Appsettings>
2. <authentication> and <authorization> MARK
These two tags are closely related and used to set application security.
<Authentication> flag is used to define the authentication methods and parameters used by the application. It contains a mode attribute and two sub-tags (<forms> and <passport> ). The mode attribute is used to control the Default Authentication Mode of an application. There are four modes.
Windows: Specify Windows authentication as the default authentication mode. This mode is used for any of the following forms of Microsoft Internet Information Service (IIS) authentication: basic, brief, integrated Windows authentication (mtlm/Kerberos) or certificate.
Forms: Specifies the form-based Authentication Mode for ASP. NET.
Passport: Specifies Microsoft Passport authentication as the default authentication mode.
None: no authentication is specified. Only anonymous users are expected or applications can handle events to provide their own authentication. <Forms> A subtag is used to configure an ASP. NET application for form-based custom authentication. For example, whether the password is in plain text or encrypted using a hash algorithm is used to maintain the authenticated cookie name between browser requests, the logon URL for unauthorized requests, and the protection level.
<Authorization> flag is used to set the application's authorization policy, which controls access to the client of the URL resource. There are two sub-tags: <allow> and <deny>. <Allow> is used to allow access to resources, and <deny> is used to deny access to resources.
At runtime, ASP. NET searches for the <allow> and <deny> tags in the <authorization> tag until it finds the first access rule suitable for a specific user. Then, it allows or denies access to URL resources based on whether the first access rule is <allow> or <deny>. The default authentication rule in the machine. config file is <allow users = "*"/>. Therefore, access is allowed by default unless otherwise configured.
In the following example, the mode attribute is used to specify the form-based authentication, and the cookie name for transmitting login information from the client is specified in the <form> subtag, and the name of the logon page used when the initial authentication fails. All users must be included in the <authorization> Section to perform Forms authentication. In this example, <deny users = "? "/> All anonymous users on the site are denied access.
<Configuration>
<System. Web>
<Authentication mode = "forms">
<Forms name-"401 Kapp" loginurl = "/login. aspx"/>
</Authentication>
<Authorization>
<Deny users = "? "/>
</Authorization>
</System. Web>
</Configuration>
3. <customerrors> flag
This flag is used to configure custom error messages. For example:
<Customerrors defaultredirect = "url" mode = "on | off | remoteonly">
<Error statuscode = "statuscode redirect =" url "/>
</Customerrors>
This tag contains a mode attribute and an optional defaultredirect attribute. The mode attribute is used to specify how to handle custom errors. It has three optional values.
On: Specifies to enable custom errors. If defaultredirect is not specified, you will see a general error.
Off: indicates to disable custom errors. The detailed error information page of ASP. NET is displayed.
Remoteonly: Specify to display custom errors only to remote clients and ASP. NET errors to local hosts. This is the default option.
The defaultredirect attribute specifies the URL displayed by the producer when an error occurs. If defaultrecirect is not specified, a general error is displayed. The URL can be an absolute or path. The relative URL is relative to the Web. config file that specifies the defaultredirect URL, rather than the webpage that has an error. To ~ URL (for example ~ /Errorpage.htm) indicates that the specified URL is the root path relative to the application.
In addition, the <customerror> flag contains a <error> submark, which is used to define custom error conditions. You can use it to specify multiple custom error conditions.
The following is an example.
<Configuration>
<System. Web>
<Customerrors defaultredirect = "genericerror.htm" mode = "remoteonly">
<Error statuscode = "500" Redirect = "internalerror.htm"/>
</Customerrors>
</System. Web>
</Configuration>
4. <identity> flag
The application identifier used to control web applications. It can be declared at any level (computer, site, application, subdirectory, or page.
This tag contains a required attribute impersonate, which is used to specify whether to simulate each request using a client.
<Identity> the tag also contains two optional attributes: username and password. They specify that if impersonate is set to true, the user name and password are used. Username and password are stored in the configuration file in plain text. For example, they are accessed by authenticated users who have the appropriate creden。 on the domain containing the server. To enhance security, the <identity> flag supports storing the encrypted username and password attributes in the registry. The Credential must be in REG_BINARY format encrypted by the Data Protection API (dpapi) of Windows 2000 and Windows XP. To Encrypt usernames and passwords and store them in the registry, set username and password as follows.
Username = "Registry: HKLM \ SOFTWARE \ aspnetprocess, name"
Password = "Registry: HKLM \ SOFTWARE \ aspnetprocess, PWD"
The string is located after the keyword registry and before the comma, indicating the name of the registry entry opened by ASP. NET. The part after the comma contains the name of a string value. ASP. NET obtains creden。 from this name. There must be commas and creden must be stored in the HKLM Configuration unit.
In the following example, set the simulated client identity to true.
<Configuration>
<System. Web>
<Identity impers/>
</System. Web>
</Configuration>
In the following example, the encrypted user name and password are stored under the User-Defined aspnetidentity in the registry.
<Configuration>
<System. Web>
<Identity>
Username = "Registry: HKLM \ SOFTWARE \ aspnetidentity, name"
Password = "Registry: HKLM \ SOFTWARE \ aspnetidentity, PWD"
</Identity>
<System. Web>
</Configuration>
5. <sessionstate> flag
This flag configures session Status settings for the current application. This tag contains the following attributes (mode is a required attribute, and others are optional attributes ).
Mode: specifies where the session state is stored. Optional values include off (not enabled session status), inproc (storing session Status locally), and StateServer (storing session status on a remote computer) and sqlserver (store session status on SQL Server ).
Cookieless: Specifies whether to use cookies. The default value is false, indicating that the cookie is used.
Timeout: This attribute specifies the number of minutes that a session can be idle before it is abandoned. The default value is 20.
Stateconnectionstring: Specifies the name and port of the server that stores the session status. For example, "TCPIP = 127.0.0.1: 42424 ". This attribute is required when mode is StateServer.
Sqlconnectionstring: Specifies the connection string for SQL Server. For example, "Data Source = localhost; Integrated Security = sspi; initial catalog = northwind ". This attribute is required when mode is set to SQL Server.
Statenetworktimeout: When this attribute is used to store the session Status in wgetstateserver mode, it specifies the idle time (in seconds) for the TCP/IP network connection between the Web server and the status server before the session is abandoned ). The default value is 10.
In the following example, the session status is stored locally. The cookie is not used and the Session Timeout time is 20 minutes.
<Configuration>
<System. Web>
<Sessionstate mode = "inproc" cookieless = "true" timeout = "20"/>
</Sessionstate>
</System. Web>
</Configuration>
6. <trace> MARK
This tag is used to configure the ASP. NET tracking service. It contains the following attributes.
Enabled: This attribute specifies whether to enable tracing for the application. The default value is false ).
Localonly: This attribute specifies whether the trace Viewer (trace. axd) is only used for the host web server. The default value is true (only used for hosting web servers ). When false, the trace viewer can be used on any computer.
Pageoutput: This attribute specifies whether trace output is displayed at the end of each page. The default value is false (not displayed, and tracing output can only be accessed through the tracking tool ).
Requestlimit: Number of Trace Requests stored on the server. The default value is 10. If this limit is reached, the trail is automatically canceled.
Tracemode: Specifies whether to display trace information in the order of processing traces. The default value is sortbytime (displayed in the processing order). If the attribute value is sortbycategory, the jump information is displayed alphabetically according to the user-defined category.
The following is an example.
<Configuration>
<System. Web>
<Trace enabled = "false" pageoutput = "true" requestlimit = "15"/>
</System. Web>
</Configuration> http://hi.baidu.com/xiaojiu/blog/item/e2502df5cbf6062dbc3109ee.html
