The XML based web.config file is used to specify the
application wide settings for your entire application. The system wide settings
are however stored in the machine.config file. There can be multiple config
files in your application (one per each folder in your application) but only
one machine.config file. Note that the settings specified in the Web.config
file actually override the settings that are specified in the Machine.config
file.
When you create a new blank solution and select ASP.NET web
application, the solution is created with a web.config file at the
application's root. The web.config file is present in the root of the
application's directory, although you can also have multiple web.config files,
one for each subdirectory. Typically, the layout of the web.config file is as
follows.
Listing 1
<configuration>
<system.web>
<!— Specify your Compilation, Custom Error, Authentication, Authorization, etc sections here -->
</system.web>
<appSettings>
<!— Specify the Database connection string, File path, Server Name and other Custom Settings here -->
</appSettings >
</configuration>
You can use the <pages> section of the
<system.web> section group to specify whether session and/or view state
would be enabled or disabled for the web pages of the application. Refer to the
code snippet below.
Listing 2
<configuration>
<system.web>
<pages enableSessionState="true" />
</system.web>
</configuration>
The default language attribute of the compilation section is
used to specify the language compiler that would be used. The authentication
and authorization sections in the web.config file allow you to specify the
authentication mode applicable for your application and the authorization
information for the authenticated users. You can have the following three types
of authentication modes in ASP.NET.
·
Forms Authentication
·
Windows authentication
·
Passport authentication
You can specify the authentication mode as shown below.
Listing 3
<authentication mode="Windows" />
You can specify the authorization information for users as
shown below.
Listing 4
<authorization>
<allow roles="Users" />
<deny users="*" />
</authorization>
You can also specify the trace and globalization information
using the respective sections in the web.config file. The following code
snippet illustrates how you can specify the trace information in the web.config
file.
Listing 5
<trace enabled="true" localOnly="true" pageOutput="false" />
You can specify the globalization information as shown in
the code snippet below.
Listing 6
<globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="en-GB" />
You can specify the application wide error information using
the <customErrors> section. The following is an example of how you can
use this section to specify the application wide error information.
Listing 7
<customErrors mode="On">
<error statusCode="404" redirect="FileUnavailable.aspx"/>
</customErrors>
You can impersonate a user using the <identity
impersonate> section of the web.config file as shown below.
Listing 8
<identity impersonate="true" userName="joydip" password="joydip"/>
Please refer to my article on Authentication and
Authorization in ASP.NET for more information on impersonation.
Further, you can use the <sessionState> section of the
web.config file to specify the session state storage mode (InProc, OutProc,
StateServer, SqlServer) that would be used. Refer to the code snippet below
that illustrates how you can specify the session state storage mode in the
<sessionState> section of the web.config file.
Listing 9
<sessionState mode="InProc" />
The <appSettings> section is the most widely used of
all the sections in the web.config file and it typically stores the following.
·
Database Connection Strings
·
Server Name
·
File Path
·
Custom Key - Value Settings
You can also specify an external configuration file in the
web.config file as shown below.
Listing 10
<appSettings file="externalSettings.config"/>
The database connection string is specified in the
<appSettings> section as shown below.
Listing 11
<add key="databaseConnectionString" value="server=(localhost);database=test;
uid=sa;pwd=sa"/>
However, with ASP.NET 2.0, you can use the new
<connectionStrings> section to store your connection strings. Refer to
the code snippet below.
Listing 12
<connectionStrings>
<add name ="Test"
connectionString ="server=(localhost);database=test;
uid=sa;pwd=sa"/>
</connectionStrings>
You can specify custom application - wide settings using the
<appSettings> section of the web.config file as shown below.
Listing 13
<appSettings>
<add key="key" value ="value"/>
</appSettings >
You can also add a new configuration section using the
<configSections> section. This is illustrated below.
Listing 14
<configuration>
<configSections>
<section name="TestSection" type="Test.TestSettings" />
</configSections>
</configuration>