Webconfig and webconfig

Webconfig and webconfig

This article is excerpted from the online experts and is to be supplemented.

--------------------------------------------------------------------

. Net provides configurations for the current machine. --- Name: machine. config

Running Mechanism: When the iis of the asp.net website is started, the configuration information in the configuration file is loaded and cached, so that the configuration information does not need to be read every time. During the running process, the asp.net application monitors the changes in the configuration file. Once the configuration information is edited, the configuration information will be re-read and cached.

Configuration File node:
You must understand that the web. config file is an XML file.
Name of the root node:
<Configuration>
Subnode: <configSections> </configSections>
<AppSettings> </appSettings>
<ConnectionStrings> </connectionStrings>
<System. web> </system. web>
Special: <system. webServer> </system. webServer> ----- this parameter is used to specify the IIS 7.0 settings applicable to Web applications. It is only applicable to IIS 7.0 integration mode and not to Classic mode. If an application is running in Classic mode, the Web is ignored. config File
<Configuration>

 Node analysis:
1. <connectionStrings> node

It is mainly used to configure database connections. You can add any node in the <connectionStrings> node to save the database connection string and dynamically obtain the node value through code to instantiate the database connection object.
For example:
<ConnectionStrings>
<! -- SQL Server database configuration --> <add name = "Your name (any)" connectionString = "Date Source = database login name; Initial Catalog = database name; user ID = Login Password = login Password "/> is a connection that can be configured for multiple databases
<Add name = "AspNetStudyConnectionString1" connectionString = "Data Source = (local); Initial Catalog = AspNetStudy; User ID = sa; Password = sa"/>
<Add name = "ConnectionString" connectionString = "Data Source = 10.0.0.52; Initial Catalog = NEW_HOSPITAL_DEV; User ID = hospalog; pwd = hospital;"/>
</ConnectionStrings>

How to read database connection objects in the Code:

// Read the web. config node configuration
String connectionString = ConfigurationManager. ConnectionStrings ["AspNetStudyConnectionString1"]. ConnectionString;
// Instantiate the SqlConnection object
SqlConnection connection = new SqlConnection (connectionString );

It can be seen that once the database used during development is different from the database used during deployment, you only need to use a text editing tool such as NotePad to edit the connectionString attribute value.


　　　　　　　　　　　　　　　　　2. <deleetask> Node
Purpose: store some configuration information of the asp.net application, such as the storage path of the uploaded file.
For example, you can configure the image type:
<Deleetask>
<Add key = "ImageType" value = ".jpg?.bmp =.gif=.png#.jpeg"/> ---- <! -- Formats of images that can be uploaded -->
<Add key = "FileType" value = ".jpg?.bmp =.gif=.png#.?#.##.zip#.rar=.xls#.doc"/> <! -- File type that can be uploaded -->
</AppSettings>
Read the value from the </deletebench> node:

String FileType = ConfigurationManage. deleetask[ "FileType"]; ---- it is actually a key-value pair.


3. <system. web> node:

Subnode:

3.1. <compilation> node
Purpose: configure all the compilation settings used by ASP. NET on the node. The default debug attribute is "true", that is, debugging is allowed. In this case, the website performance will be affected. Therefore, set it to "false" after the program compilation is completed and delivered"
For example:
<Compilation targetFramework = "4.0" debug = "true">
<BuildProviders>
<Add extension = ". html" type = "System. Web. Compilation. PageBuildProvider"/>
</BuildProviders>
</Compilation>
3.2. <authentication> node
Purpose: control users' access to websites, directories, or individual pages.

Set the asp.net Authentication mode. There are four authentication modes. Their values are as follows:
Mode description
Windows uses Windows authentication, applicable to domain users or LAN users.
Forms authentication relies on website developers for identity authentication.
Passport uses the authentication service provided by Microsoft for authentication.
None does not perform any authentication.
Example: <! -- Request mode -->
<Authentication mode = "Forms"/>


3.2. <customErrors> node
<CustomErrors> A node is used to define information about custom error messages. This node has two attributes: Mode and defaultRedirect. The defaultRedirect attribute is an optional attribute, indicating the default URL to be redirected when an error occurs in the application. If this attribute is not specified, a general error is displayed. The Mode attribute is a required attribute and has three possible values. They represent the following meanings:
Mode description
On indicates that both local and remote users will see custom error messages.
Off to disable custom error messages. both local and remote users will see detailed error messages.
RemoteOnly indicates that the local user will see the detailed error information, and the remote user will see the custom error information.
It is necessary to describe the concept of local and remote users. The machines we use when accessing the asp.net application and when the machines used for publishing the asp.net application are the same machine, they become local users. Otherwise, they are called remote users. In the development and debugging phase, we recommend that you set the Mode attribute to Off for ease of searching for the error Mode attribute. in the deployment phase, you should set the Mode attribute to On or RemoteOnly, this prevents detailed error information from exposing program code details, which can lead to hacker intrusion.


Example: <! -- Error jump mode = "RemoteOnly" -->
<CustomErrors mode = "Off" defaultRedirect = "/Error. aspx">
<Error statusCode = "404" redirect = "/404. aspx"/>
<Error statusCode = "500" redirect = "/500. aspx"/>
</CustomErrors>


3.1 <error> subnode
The <customErrors> node also contains a <error> subnode, which redirects to our custom error page based on the HTTP error status code of the server, to make the configuration under the <error> subnode take effect, you must set the Mode attribute of the <customErrors> node to "On ". The following is an example:

<CustomErrors mode = "On" defaultRedirect = "GenericErrorPage.htm">
<Error statusCode = "403" redirect = "403.htm"/> --if the user does not have the permission to submit a request, the page is redirected to the 403.htm page.
<Error statusCode = "404" redirect = "404.htm"/> --if the user's webpage does not exist, it is redirected to the 404.htm page.
</CustomErrors>

403.htmand 404.htm pages are all pages we have added.
3.4 Purpose: Send the user's request to the corresponding handler Based on the URL and HTTP predicate of the user request. The result is that the user cannot view or download the relevant file.

If files in a folder or objects of a certain type cannot be downloaded, you can add corresponding subnodes to the
Example: In our asp.netapplication, create an ipdata.txt file, and add the following configuration in Web. config.
<HttpHandlers>
<Add path = "IPData /*. txt "verb =" * "type =" System. web. httpForbiddenHandler "/> --- the code is used to prohibit access to any txt files in the IPData directory.
<Add path = "*. mdf" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "true"/>
<Add path = "*. ldf "verb =" * "type =" System. web. httpForbiddenHandler "validate =" true "/> --- *. mdf ,*. ldf files, Get or Post requests will be handed over to System. web. httpForbiddenHandler. Users cannot view or download related files.
</HttpHandlers>

3.5. Set the ASP. net http Runtime Library. This section can be declared at the computer, site, application, and subdirectory level.
For example, the following configuration controls the maximum size of files that can be uploaded by a user to be 40 MB (40*1024 K), the maximum timeout time is 60 seconds, and the maximum number of concurrent requests is 100.

<HttpRuntime maxRequestLength = "40960" executionTimeout = "60" appRequestQueueLimit = "100"/>


3.6. <pages> node

Used to indicate settings for a specific page. It has three attributes.

Attribute Name Description
Whether HTTP Response buffer is enabled for buffer.
Whether enableViewStateMac should run the computer authentication check (MAC) on The View status of the page to place user tampering. The default value is false. If it is set to true, the performance will decrease.
ValidateRequest indicates whether to verify that user input has cross-site scripting and SQL injection vulnerability attacks. The default value is true. If a match occurs, an HttpRequestValidationException occurs. For pages that contain online text editors, set this attribute to false by verifying user input.
The following is an example of configuring nodes:

<Pages buffer = "true" enableViewStateMac = "true" validateRequest = "false"/>


3.7 <sessionState> node
<SessionState> the node is used to configure the session Status of the current asp.net application. The following is a common Configuration:

<SessionState cookieless = "false" mode = "InProc" timeout = "30"/>

The above node configuration is to enable Cookie in the asp.net application, and specify the session state mode to save the session state in the process, and also specify the session timeout to 30 minutes.
The Mode attribute of the <sessionState> node can be one of the following values:
Attribute value description
Custom uses Custom data to store session status data.
Default Value of InProc. The asp.net auxiliary process stores session status data.
Off to disable the session status.
SQLServer uses the SQL Server database outside the process to save session status data.
StateServer uses the out-of-process ASP. NET Status Service to store status information.
By default, the InProc mode is used to store session state data. The advantage of this mode is that the access speed is fast, and the disadvantage is that it occupies memory, therefore, it is not suitable to store large user session data in this mode.

　　　　　　　　　　　　　　4 <system. webServer>
----------------------
<Defadocument document>
Purpose: When the request URL does not contain a specific file of the Web application, IIS 7.0 provides a default file.
Create a defadocument document element in the system. webServer element.

Create a file element in the defadocument document element.

Create an add element in the files element and specify the path and name of the default file in the value attribute.
<Configuration>
<System. webServer>
<DefaultDocument> <files> <add value = "Products. aspx"/> </files> </defaultDocument> ----- configure the default file to provide the Products. aspx file as the default file
</System. webServer>
</Configuration>