Web.Config
Application("DSN") = "Server=moon; Driver=Sql Server; Database=Store;
UID=user; PWD=bingo;"
Above declaration in the global.asa file might be
familiar to almost all ASP programmers.
While going through the MSDN, I was overwhelmed, by
looking into the web.config file which handles all configuration for an
application. The replacement for the above declaration in ASP .NET is as
follows:
<configuration>
<appSettings>
<add key="DSN" value="Server=moon;database=Store;Trusted_Connection=yes"
/>
</appSettings>
</configuration>
Then, in your ASPX page, you should have the
following statement to retrieve the value for DSN.
Dim dsn As String =
ConfigurationSettings.AppSettings("DSN")
So, I started to ask the following questions to
myself.
What exactly is web.config?
Does this handles only the above example?
What are the benefits of web.config?
And, following were the results for my questions, and
I would like to share with you all. This is based on Beta2
Introduction
Well, web.config is a XML-based configuration file.
If you see the above example, you can make sure that all the elements
are based on XML standards. Obviously, we can develop a tool for
modifying and editing this configuration file.
A web.config can appear in any directory on an
ASP.NET Web application server. Said this, if you have a web.config file
in the directory "c:\inetpub\wwwroot", then the settings specified in
the web.config is applicable to all the subdirectories under wwwroot.
Each sub-directory can have its own web.config file and it will
overwrite the settings of the web.config file in the parent directory.
There is another file called machine.config, which
provides configuration settings for the entire server. If you change the
contents of any web.config file then the change will be immediately
reflected in the processing of any incoming requests to the web' server.
These settings are calculated only once and then cached across
subsequent requests. ASP.NET automatically watches for file changes and
will invalidate the cache if any of the configuration files change. (For
more information on caching
Click here)
The root element of a web.config file is always a
<configuration> tag. The <configuration> tag contains three different
types of elements: 1) configuration section handler declarations, 2)
configuration section groups, and 3) configuration section settings.
Following are the list of commonly used Configuation
tags, that, we be used in our web applications and will go thru them
1) Appsettings
2) Authentication
3) Authorization
4) Compilation
5) CustomErrors
6) Globalization
7) Identity
8) MachineKey
9) Pages
10) ProcessModel
11) SessionState
12) Trace
<appSettings>
This can be declared at the machine, site, application and subdirectory
level Include all the custom settings for your application in this
section. Appsettings tag contains two attributes viz; key and value.
<add key="key" value="value"/>
Eg: <add key="DSN" value="Server=moon;database=Store;Trusted_Connection=yes"
/>
<authentication>
All the authentication/security related stuff are declared in this
section. Authentication section contains a single attribute called
"mode". Possible values for "mode" are (a) Forms (b) None (c) Passport
and (d) Windows
Form based authentication can be used, if you want to
use ASP .NET forms-based authentication.
If you want to allow anyonmyous users to access your
website, select none.
Passpost authentication can be used, if you want the
authentication to be based on Microsoft Passport authentication mode.
Use windows mode authentication, if you want to use
Basic, Digest, Integrated Windows authentication (NTLM/Kerberos), or
certificates
Note: If you are using Form based authentication,
then you have several other options such as how the password should be
encrypted, while submitting the form, if login fails, which page should
be shown to the user etc.
As the AuthenTication is included in,
System.Web.Configuration.AuthenticationConfigHandler while setting the
authentication mode, you should code as follows
Eg:
| <configuration> <system.web> <authentication mode="None" /> </system.web> </configuration> |
<authorization>
This is a very powerful tag, were you can restrict or allow users who
wish to visit your web site. Authorization tag contains two sub tags
such as allow and deny.
Allow tag provides us with three attributes, namely
users, roles and verbs. We can add the list of users seperated by comma
in the users attribute. Also we can specify the role in which each user
belongs too. Important aspect of the attribute verb is that, we can
control users depending upon the web request that the server is getting.
The verb attribute provides us with four options GET, HEAD, POST and
DEBUG.
Deny tag has the same attributes as the allow tag
has. Other aspect of both these tags are, we can use two special symbols
? and * to specify anonymous users and "all users" respectively.
Eg:
| <configuration> <system.web> <authorization> <allow roles="Admins" /> <deny users="*" /> </authorization> </system.web> </configuration> |
<compilation>
It is in this tag, you set all your compilcation options. This tag
contains three sub-tags and seven attributes, which are discussed below.
Attributes
debug specifies whether to compile retail binaries or debug binaries.
True specifies debug binaries and False specifies Retail binaries
defaultLanguage can be used to specify the language
names to use in dynamic compilation files.
use explicit attribute to turn on explicit option or
to turn off. This takes either true or false, were true means explicit
is enabled.
We can also do a batch compiliation by specifying the
attribute bath as true. If we have batch compiliation, then we might
face the timeout problem. Then we may also want to use the batchTimeout
attribute to set the time for batch timeout.
numRecompilesBeforeApprestart is the next attribute.
This attribute indicates the number of dynamic recompiles of resources
that can occur before the application restarts. This attribute is
supported at the global and application level but not at the directory
level.
Strict attribute indicates the settings of the visual
basic strict compile option. supports two values, TRUE and FALSE.
SubTags
Compilers tag contains many or one compiler tag, were we define new
compiler options. Assemblies and Namespaces specifies ASP .NET
processing directives
Eg:
| <configuration> <system.web> <compilation defaultLanguage="VB" debug="true"> <compilers> <compiler language="VB;VBScript" extension=".cls" type="Microsoft.VB. VBCodeProvider,System" /> <compiler language="C#;Csharp" extension=".cs" type="Microsoft.CSharp. CSharpCodeProvider,System" /> </compilers> <assemblies> <add assembly="ADODB" /> <add assembly="*" /> </assemblies> <namespaces> <add namespace="System.Web" /> <add namespace="System.Web.UI" /> <add namespace="System.Web.UI.WebControls" /> <add namespace="System.Web.UI.HtmlControls" /> </namespaces> </compilation> </system.web> </configuration> |
<customErrors>
As the name says all about, customErros provides information about
custom error messages for an ASP.NET application. CustomErrors tag
provides us with three attributes.
defaultRedirect can be used to specify the URL to
direct a browser, if any unexpected error occurs. The mode attribute
takes three values On, Off or RemoteOnly. Remeteonly specifies that
custom errors are shown only to remote clients.
The subtag <error> might be very useful in a variety
of way. We can specify the error status code and ask the browser to
redirect to a specific page. We should use the attribute, statusCode to
specify the error status code and the redirect attribute to specify the
redirect URL.
Eg:
| <configuration> <system.web> <customErrors defaultRedirect="error.aspx" mode="RemoteOnly"> <error statusCode="500" redirect="InternalError.htm"/> </customErrors> </system.web> </configuration> |
<globalization>
Configures the globalization settings of an application. Two important
attributes of this tag are requestEncoding and responseEncoding. Default
values for both encoding are "iso-8859-1", which is English. Eg:
| <configuration> <system.web> <globalization requestEncoding="iso-8859-1" responseEncoding="iso-8859-1"> <globalization/> </system.web> </configuration> |
<identity>
Controls the application identity of the Web application. Supports three
attributes. Impersonate is the first attribute, which specifies whether
client impersonation is used on each request to the web server. Takes
either TRUE or FALSE. If the impersonation is FALSE, then we should
specify the values for the attributes, username and password. Eg:
| <configuration> <system.web> <identity impersonate="true" /> </system.web> </configuration> |
<machineKey>
Configures keys to use for encryption and decryption of Forms
authentication cookie data. This section can be declared at the machine,
site, and application levels but not at the subdirectory level. This tag
supports three attributes; validationKey, decryptionKey and validation.
ValidationKey and DecryptionKey takes the default
value, which is AutoGenerate. We can also specify a key and it should be
length of 128 hexadecimal characters. The validation attribute can be
used to specify the alogrithm to be used while encryption. Possible
values are SHA1, MD5 and 3DES.
<pages>
As the name indicates, we should use this tag to specify the page-specific
configuration settings. It supports six attributes. We will dicsuss each one of
them.
Buffer attribute specifies, whether resources are buffered or
not. This takes three values On, Off and Readonly.
We can enable the session state or disable the session by
using the attribute, enableSessionState. This takes two values, either TRUE or
FALSE.
pageBaseType can be used to specify code-behind class that an
.aspx page inherits. userControlBaseType specifies a code behind class that
UserControls inherit.
If you want to disable any event firing in the page, you can
use the attribute autoEventWireup. This too takes either TRUE or FALSE.
Eg:
| <configuration> <system.web> <pages buffer="true" enableSessionState="true" autoEventWireup="true"> </pages> </system.web> </configuration> |
<processModel>
This section is mainly for the Web Administrators. We should use this tag
responsibly. We can use use tag to specify the timeout for when a new worker
process should start in place of current one, the idleTimeout which specifies
the minutes that ASP .NET automatically shuts down the worker process. One of
the important attribute of this tag is requestQueueLimit, were you can specify
the number of requests allowed in the queue before ASP .NET begins returning
"503" (Server too busy error). Default is 5000. Eg:
| <configuration> <system.web> <processModel enable="true" timeout="10" idleTimeout="20" requestQueueLimit="100"> </processModel> </system.web> </configuration> |
<sessionState>
This tag can be used to specify, were we are storing the session. This can be
specified in the mode attribute. Supported values mode are Off, InProc,
StateServer and SqlServer. InProc indicates that, session states is stored
locally. StateServer indicates that session state is stored on a remote server
and sqlserver can be used to indicate that the session state is stored on a sql
server.
We also have the choice to use cookies to store the sessions.
This can be set using the attribute cookieless. Session timeout can be specified
using the attribute called timeout. By default, the session timeout is 20
minutes (same as classic ASP).
Eg:
| <configuration> <system.web> <sessionState mode="Inproc" cookieless="true" timeout="20"> </sessionState> </system.web> </configuration> |
<trace>
This is a very useful tag to debug our programs. We can use the trace tag to
show all the information for the page processed by the server. By default, all
the traces are stored on the server. We can specify the number of traces stored
in the memory by using the attribute called requestLimit. Default is 10. We can
either append the trace to the page or can be viewed using the trace utility.
This is specified by the attribute called pageOutput. Eg:
| <configuration> <system.web> <trace enabled="false" requestLimit="15" pageOutput="true"> </trace> <system.web> </configuration> |
There are some more tags available which can be used in the
web.config file. Those are <httpHandlers>, <httpModules>, <httpRuntime>, <securityPolicy>,
<webServices>, <trust> and <browserCaps>. You may want to look into these.
