Introduction:This article will discuss the Advanced Configuration Methods of ASP. NET applications. Some configurations discussed in this article are as follows: Set independent ID tags for ASP. NET processes; configure ASP. NET websites or
The access permission of the Site Directory, processing custom configuration events, and so on. In addition to the problems mentioned above, this article will also discuss how to inherit and override some ASP. NET configuration information from the machine. config file. The <location> mark will also be discussed in this article.
ASP. NET Configuration
We all know that ASP is not required or can be configured anywhere (except for IIS configuration). Therefore, we cannot target certain website applications or specific website directories, some special configurations can be set. In this case, ASP applications are "silly". website designers can onlyProgramInstead, you cannot use system configuration to effectively manage your website. Unlike ASP, ASP. NET configures the website and website directory through the XML file machine. config and web. config. For a website, the configuration information of the entire server is stored on the machine. in the config file, the specific location of the file is % system32 % \ Microsoft. net \ framework \ [version number] \ config Directory, which contains an ASP.. NET Server. When you create a new web project,. net automatically creates a web. config File, Web. config contains various special configurations for a specific application, such as session management and error capture. A Web. config can inherit and override some slave information from machine. config. Therefore, for ASP. net, for a specific ASP.. NET application or a specific website directory, which can be configured in two parts. One is for the machine of the entire server. config configuration. The other is for the website or the web directory. config configuration, general, Web. config exists in the root directory of an independent website. It takes effect for the Directory and sub-directories under the directory.
The specific configurations described in this article are as follows:
<Authorization>: configure the access authorization information;
<Identity>: changes the working process of ASP. NET applications, and inherits, overwrites, and rejects rewriting of the same configuration;
<Sessionstate>: inherits, overwrites, and rejects rewriting of the same configuration;
<Deleetask>: the same configuration is rewritten and denied to be rewritten;
Example Program
To illustrate the above problems, we have established an ASP. NET example program configapplication. The following is the detailed information of this program:
Solution |
Configapplication. sln |
Project name |
Configapplication |
Language |
C # |
Build |
Release |
The file structure of the configapplication is as follows:
The following is information about customconfig of another website:
Solution |
Customconfig. sln |
Project name |
Customconfig |
File Name |
Confighandler. CS |
Language |
C # |
Build |
Release |
<Authorization>
The <authorization> flag in Web. config uses the <allow> and <deny> sub-tags to configure access control permissions. Note that the access control only applies to ASP. net resources, such as aspx, asmx, and ascx file resources.. net resources, such as ASP, txt, and image files, cannot provide access control. The following are the tags for this Configuration:
<Authorization>
<Allow users = "comma-separated list of users"
Roles = "comma-separated list of roles"
Verbs = "comma-separated list of verbs"/>
<Deny users = "comma-separated list of users"
Roles = "comma-separated list of roles"
Verbs = "comma-separated list of verbs"/>
</Authorization>
In the above tag, <allow> mark the users who can access the resource, and <deny> mark the users who are not allowed to access the resource. For example, the following mark defines that the user "wcb02h26 \ niranjan" can access the Web. the resources in the folder where the config file is located and Its subfolders. Other users cannot access the resources in this folder (note that the <deny users = "*"> mark is used ).
<Authorization>
<Allow users = "wcb02h26 \ niranjan"/>
<Deny users = "*"/>
</Authorization>
The preceding settings can be found in the web. config file under the root directory of the configapplication. There is a rootfolderform. aspx file under the root directory of the application. If you access this file, ASP. NET will call the Windows logon dialog box (figure 2)
After the user passes the verification, the following page is displayed (Figure 3). the logon user information is displayed on this page:
The preceding settings can be inherited or overwritten in the sub-directory of the application. In the example program, the root directory contains a sub-directory "subfolder1". Now, let's take a look at how the user "wcb02h26 \ niranjan" cannot access "subfolder1", but another user "wcb02h26 \ test" can access it. To rewrite the configuration, we need to add a web. config configuration file in the root directory of "subfolder1:
<? Xmlversion = "1.0" encoding = "UTF-8"?>
<Configuration>
<System. Web>
<! -- For authorization code -->
<Authorization>
<Allow users = "wcb02h26 \ test"/>
<Deny users = "*"/>
</Authorization>
</System. Web>
</Configuration>
When we access the "subfolder1form. aspx" file under the "subfolder1" directory, ASP. NET calls the Windows logon dialog box and only allows the user to access "wcb02h26 \ test. However, it is important to note that the above configuration does not work for non-Asp. net resources such as image files. That is to say, we cannot expect non-ASP. NET Resources to be subject to access control.
In addition to the "user" mark mentioned above, if we need to implement access control for a group of users, we can use the "Roles" Mark and use the "verbs" mark, we can also control the access type. In the following example, all administrators of the wcb02h26 computer can access ASP. NET Resources in the root directory freely, but no one can submit (post) information from the page to the server.
<? Xmlversion = "1.0" encoding = "UTF-8"?>
<Configuration>
<System. Web>
<! -- For authorization code -->
<Authorization>
<Allow roles = "wcb02h26 \ Administrators" verbs = "get"/>
<Deny users = "*" verbs = "Post"/>
</Authorization>
</System. Web>
</Configuration>
Run subfolder2form. aspx on the page (figure 4 ):
If you click "Submit" to submit information, the following error page appears (figure 5 ):
If the <deny> mark is removed from the preceding configuration information, you can submit the information without error.
We have introduced some configuration of Website Resource Access control. In particular, the Resource Access Control here is the same as implementing Database Access Control in ASP, only for specialized ASP. NET Resources, non-Asp.. net resources, which can be accessed by viewers at will.
<Identity>
This tag is used to control the "Identity" of ASP. NET applications. The specific usage of this tag is as follows:
<Identity impersonate = "True | false"
Username = "username"
Password = "password"
/>
<Identity> the flag determines which user account the ASP. NET application uses to run. In machine. config, impersonate is set to "false" by default. When the rootfolderform. aspx file under the root directory is called, the user used by the program is displayed (figure 6 ):
The preceding settings can be implemented by modifying the machine. config file. open the file and modify the relevant content as follows:
<Identity impersonate = "true"
Username = "wcb02h26 \ niranjan"
Password = "venezia143"/>
When running rootfolderform. aspx, an error message is displayed, indicating that "Identity" cannot be modified. This is because, by default, ASP. NET cannot delegate processes to other users. To solve this problem, we must modify the Local Security Policy. Choose "Administrative Tools"> "Local Security Policy", click "User Rights Assignment" in the "Local Policies" folder, double-click "Log on as a service", and add an "ASPnet" account, for more information, see Figure 7. Restart the server. When rootfolderform. aspx is run again, "wcb02h26 \ niranjan" is displayed ".
Here, identity can set different values for different specific applications. Next we will set different values for "configapplication" and modify machine. config as follows:
Change the identity value to true: <identityimpersonate = "true"/>
Add the following content to the <system. Web> MARK end of the machine. config file, and <configuration> mark the front.
<Locationpath = "Default web site/configapplication" AllowOverride = "false">
<System. Web>
<Identity impersonate = "true" username = "wcb02h26 \ niranjan" Password = "venezia143"/>
</System. Web>
</Location>
In the "location" section above, you can use "path" to set the identity of a specific web application, and "AllowOverride" to set whether the application's web. config settings can be overwritten. In our example, we use the user "wcb02h26 \ niranjan" to run ASP. net, because "AllowOverride" is set to "false", this setting cannot be set by the web. in this way, when rootfolderform is run. when aspx is used, we cannot see any difference with the above mentioned. We can modify the web. config file:
<Identity username = "wcb02h26 \ test" Password = "test123"/>
Then run the page and you will see the following error message (Figure 8). In this case, the setting "AllowOverride =" false "takes effect:
<Sessionstate>
Sessionstate is used to save ASP. NET application session information. Here, we will not discuss specific session applications, but focus on machine. how to allow or disallow a specific application's web. config rewriting.
<Location> the flag allows us to set independent values for a specific program. The AllowOverride attribute is used to define all ASP.. net settings all work at the machine level, and cannot be used by the web of a specific program. config changed. In the machine. config setting file and the web. config setting file, the default setting of <sessionstate> is as follows:
<Sessionstate
Mode = "inproc"
Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"
Sqlconnectionstring = "Data Source = 127.0.0.1; userid = sa; Password ="
Cookieless = "false"
Timeout = "20"
/>
Now, we modify the above default settings to set some special values for the program "configapplication:
<Sessionstate
Mode = "StateServer"
Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"
Timeout = "60"
/>
The above settings keep the Session of the Program for 60 minutes. If the administrator wants the above settings not to be overwritten by a specific application, you must add an AllowOverride attribute in the preceding <location> section and set the value of this attribute to "false ". The following are some session-related settings in the program "configapplication:
<! -- For "Default web site/configapplication" Application -->
<Locationpath = "Default web site/configapplication" AllowOverride = "false">
<System. Web>
<Identity impersonate = "true"
Username = "wcb02h26 \ niranjan"
Password = "venezia143"
/>
<Sessionstate mode = "StateServer"
Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"
Timeout = "60"
/>
</System. Web>
</Location>
We have discussed in detail the above identity segment. In the sessionstate segment, set the session retention time to 60 minutes, which is exactly the same as the machine. config setting.
Now let's talk about deleting all the above <sessionstate> segments and running the rootfolderform. ASPX page, we can find that the page can be output correctly. Now, modify the value of <sessionstate> in Web. config and continue running the rootfolderform. ASPX page. The following error message is displayed (figure 9 ):
However, if the machine. the "AllowOverride" attribute of config is set to "true", even in the application's web. the preceding error message page is not displayed when the related settings are modified in config. the settings in config will take effect, while machine. the settings in config are no longer valid.
<Deleetask>
This section describes how to inherit and override the <ettings> Settings in machine. config. The following are some special settings for the program "configapplication" in machine. config. Note that the "AllowOverride" attribute in the settings is set to "false.
<! -- For "Default web site/configapplication" Application -->
<Locationpath = "Default web site/configapplication" AllowOverride = "false">
<System. Web>
<Identity impersonate = "true"
Username = "wcb02h26 \ niranjan"
Password = "venezia143"/>
<Sessionstate mode = "inproc"
Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"
Sqlconnectionstring = "Data Source = 127.0.0.1; user id = sa; Password ="
Cookieless = "false" timeout = "30"/>
</System. Web>
<Deleetask>
<Add key = "mykey" value = "value from machine. config"/>
</Appsettings>
</Location>
In the preceding settings, we found a new key "mykey" with the value "value from machine. config ". In the page rootfolderform. aspx, add the following in the page_load section:CodeSection:
// For <deleetask>
String strvalue = system. configuration. configurationsettings. receivettings ["mykey"];
Response. Write ("
Run the rootfolderform. ASPX page. We can see that "value from machine. config" is displayed on the page (Figure 10 ).
Here we can find that the code added to page_load is actually displaying the value of the key mykey.
Now, in the webconfig. config section of the program, we also add a mykey key and set its value to "value from web. config" to facilitate the difference.
<Deleetask>
<Add key = "mykey" value = "value from web. config"/>
</Appsettings>
When you run the page again, an error message is displayed (figure 11 ):
In machine. config, we have set "AllowOverride" to "false". In this way, when the same key is set in Web. config, an error occurs. We can. in config, "AllowOverride" is set to "true". When you run the page again, no error message is displayed. the values set in config are also displayed normally (Figure 12 ):
In addition, when "AllowOverride" in machine. config is set to "false", even if a new key is set in Web. config, the machine cannot run normally and an error message is displayed.