The Code Online

Configuration Overview

ASP.NET Configuration system is used to describe the properties and behaviors of various aspects of ASP.NET applications. Unlike Classic ASP where configuration information was stored in a binary repository called the IIS metabase, ASP.NET uses XML-based configuration system that is more accessible and easier to use. You can configure features, such as Connection Strings, Authentication Modes, Caching, Debug and Tracing, Custom Errors and many more.

• ASP.NET Configuration system is extensible and application specific information can be stored and retrieved easily. It is human readable.
• You need not restart the web server when the settings are changed in configuration file. ASP.NET automatically detects the changes and applies them to the running ASP.NET application.
• You can edit Configuration file using simple text editor. It can be easily exchanged between servers in a typical web farm scenario.

ASP.NET configuration data is stored in two primary XML-based files. These files allow you to easily edit configuration data at any moment even after the application is deployed on server.

Machine.config: Server or machine-wide configuration file

Web.config: Application configuration files which deal with a single application

Every time we install the .NET framework, there is a machine.config file that is created in "C:\WINDOWS\Microsoft.NET\Framework\[Version]\CONFIG", which mainly defines:

• Supported configuration file sections,
• the ASP.NET worker process configuration, and
• registers different providers that are used for advanced features such as profiles, membership, and role based security.

ASP.NET 2.0 provides another two files machine.config.default and machine.config.comments. The machine.config.default acts as a backup for the machine.config file. The machine.config.comments file contains a description for each configuration section and explicit settings for the most commonly used values.

Each and Every ASP.NET application has its own copy of configuration settings stored in a file called Web.config. If the web application spans multiple folders, each sub folder has its own Web.config file that inherits or overrides the parent's file settings.Both Machine.config and Web.config share the same XML schema. Configuration files are divided into multiple sections, with each section being a top-level XML element. The root level element in a configuration file is always <configuration>. Configuration file is organized as hierarchy of section handlers, with each section provides a unique functionality.

For ex: <SessionState> section handler handles session state for the application.

Connection Strings

In ASP.NET 1.0/1.1, all connection string information was stored in the section. However, ASP.NET 2.0 introduces a new section called <connectionStrings> that stores all kinds of connection-string information.

  
  <configuration>
    <connectionStrings>
      <add name ="CookieDemo"
           connectionString ="server=GIGY02;database=GIGY02_Db;
           uid=mypwd;pwd=mypwd"/>
    </connectionStrings>
 </configuration/>
  

Session State

You can configure session information using the element. ASP.NET 2.0 introduces new Session state mode called custom mode which allows developer to persist state in any permanent store like XML or databases like Oracle, DB2 using a custom written provider class.

    
<sessionState
         mode ="StateServer"
         cookieless ="false"
         timeout ="20"
         stateConnectionString="tcpip=GIGY02:42424"
         stateNetworkTimeout="60"
         sqlConnectionString =""
         />

Custom Errors

When the ASP.NET application fails, the ASP.NET page can show the default error page with the source code and line number. We can prevent this kind of error messages by configuring element which allows for defining custom error messages in an ASP.NET application. This tags includes the error settings for the application, and is used to give custom error pages (user-friendly error pages) to end users. In the case that an error occurs, the website is redirected to the default URL. For enabling and disabling custom errors, we need to specify the mode attribute.

  <customErrors defaultRedirect="url" mode="Off">
  <error statusCode="403" redirect="/accesdenied.html" />
  <error statusCode="404" redirect="/pagenotfound.html" />
 </customErrors>

• "On" means this settings is on, and if there is any error, the website is redirected to the default URL.
• "Off" means the custom errors are disabled.
• "RemoteOnly" shows that custom errors will be shown to remote clients only.

Authentication

You can configure security model for your application using element. ASP.NET supports three forms of authentication. They are:

• Windows authentication
• Passport authentication
• Forms Authentication

You can disable authentication by setting mode attribute = "none"

ASP.NET provides hierarchical model for specifying configuration data. Each lower level in hierarchy can override the settings defined in upper level in the hierarchy. It also inherits the settings from parent level in hierarchy.

Machine.config->Web.config (root folder) ->Web.config (sub directory)

• Specify at the machine level(machine.config) which apply for all applications hosted on machine
• Specify at the application level(web.config) which apply for single application(root directory level)
• Specify at the sub directory level(web.config) which apply for application sub directory

In ASP.NET 1.0/1.1, Frame work provided API's that enabled you only to read information from the configuration file. You had no way to write information into the configuration file. You have to manually change settings in configuration files which is error prone due to XML tags, case-sensitivity. However ASP.NET 2.0 is shipped with API's which are capable to manipulate the configuration information settings in local machine or remote machine.

Different ways to create and Edit the Configuration files:

• ASP.NET MMC Snap-in
• Web site Administration tool
• ASP.NET Configuration API (Programmatic configuration)
• Text Editors (Visual Studio IDE)

Standard ASP.NET Configuration Sections

Section Name	Description
<anonymousIdentification>	Responsible for controlling how anonymous users are tracked in the system.
<authentication>	Responsible for controlling the authentication settings on the applications. Applications can be configured to use Windows or Forms authentication.
<authorization>	Responsible for controlling access to individual URLs based on the authenticated user's privileges. Typically, this setting is set at the individual file level using <location> tags.
<browserCaps>	Responsible for controlling the settings of the browser capabilities component.
<caching>	Section group responsible for controlling how the ASP.NET cache operates.
<compilation>	Responsible for all compilation settings used by ASP.NET.
<customErrors>	Responsible for customizing error pages returned by the application to the browser.
<globalization>	Responsible for configuring the globalization settings of an application.
<healthMonitoring>	Responsible for controlling how the server monitors the application for exceptional events, and how it handles them.
<hostingEnvironment>	Responsible for configuring the server environment that hosts ASP.NET applications.
<httpCookies>	Responsible for controlling how ASP.NET writes cookies for built-in features such as forms authentication and session state.
<httpModules>	Responsible for configuring HTTP modules within an application. HTTP modules participate in the processing of every request into an application. Common uses include security and logging.
<httpHandlers>	Responsible for mapping incoming URLs to IHttpHandler classes. Also responsible for mapping incoming URLs to IHttpHandlerFactory classes. Data represented in <httpHandlers> sections are hierarchically inherited by subdirectories.
<httpRuntime>	Responsible for configuring the ASP.NET HTTP runtime.
<identity>	Responsible for configuring the Windows user identity used to run an application, and for controlling user impersonation.
<machineKey>	Responsible for configuring the encryption key used to encrypt secrets such as forms authentication tickets.
<membership>	Responsible for configuring settings and providers for the ASP.NET membership system.
<mobileControls>	Responsible for configuring mobile controls settings, such as adapter mappings for different mobile devices.
<pages>	Responsible for configuring settings for ASP.NET pages, including defaults for settings that can be set from the <%@ Page > directive of a page, such as compilation language, session state usage, and theme.
<processModel>	Responsible for configuring the ASP.NET process model settings on IIS Web server systems.
<profile>	Responsible for configuring settings and providers for the ASP.NET user profile system.
<roles>	Responsible for configuring settings and providers for the ASP.NET role manager.
<sessionPageState>	Responsible for configuring how session state can be used to save page viewstate, for small devices that have limited page size or bandwidth requirements.
<sessionState>	Responsible for configuring the session state HTTP module.
<siteMap>	Responsible for configuring settings and providers for the ASP.NET site navigation system.
<trace>	Responsible for configuring the ASP.NET trace service.
<trust>	Responsible for configuring the trust level used to run an ASP.NET application. Applications running under limited-trust environments such as hosted servers can be configured to run under a reduced trust level, with fewer capabilities than a fully trusted application.
<urlMappings>	Responsible for configuring URL mappings used by the ASP.NET site navigation system.
<webParts>	Responsible for controlling settings used by ASP.NET web parts.
<webServices>	Responsible for configuring ASP.NET web services.
<xhtml11Conformance>	Responsible for controlling XHTML conformance settings of ASP.NET controls. You can use these settings to control whether an ASP.NET application renders XHTML conformant output, or remains backward compatible with markup generated by earlier versions of ASP.NET.