The machine.config located at the "C:\WINDOWS\Microsoft.NET\Framework\vx.x.xxxx\CONFIG"
directory, is used to apply configuration settings for all the applications in
the entire system. In ASP.NET 2.0 you have a backup of machine.config file as
well. Here, the machine.config files available are machine.config, machine.config.comments
and machine.config.default. Out of the numerous sections in the machine.config
file, the most important ones are:
The processModel and the sessionState sections contain the
attribute allowDefinition that can have either of the values, MachineOnly or
MachineToApplication. If allowDefinition is set to MachineOnly, you cannot
override the section in your application or folder level. This is because
updating of the definition is restricted and remains constant for the entire
system. However, if the allowDefinition attribute's value is
MachineToApplication, you can override the same in your application or folder
levels. Further, you can override the appSettings attribute of the
machine.config file in your web.config configuration file at the application or
folder levels as there is not restriction that can be applicable here.
You can control and configure the ASP.NET Worker Process
using the <processModel> section of the machine.config file. You can
enable or disable it and also recycle the worker process. Further, you can shut
down the ASP.NET Worker Process using the idleTimeout or the shutDownTimeout
attributes of the <processModel> section.
Trust levels imply whether a code should be treated by the
CLR as trusted. There are various trust levels in ASP.NET with specific
implications for each. This section would discuss how we can modify the trust
levels in the machine.config file. It should be noted that an ASP.NET web
application has full trust and unrestricted permissions by default. However,
you can modify this using the <trust level> section in the machine.config
file. The trust level in the machine.config file can have any of the following
The following is the syntax for using trust level in the
<trust level="Full|High|Medium|Low|Minimal" />
Refer to the code snippet that that illustrates how you can
set the trust level in the machine.config file.
<trust level="Medium" originUrl=""/>
Note that with ASP.NET 2.0, you can have trust levels at
both the application and machine levels.