ASP.NET provides a completely new model for configuring web applications. This greatly simplified process makes it considerably easier to deploy application configuration settings, the application's content, and its components. Central to this new configuration model is
web.config , an XML-based file that contains the configuration settings for your application. Because the file is written in XML, it is both human- and machine-readable.
web.config files configure applications hierarchicallyi.e., an application can contain more than one
web.config file, with each file residing in a separate folder of the application. Settings in a
web.config file in a child folder of the application root override the settings of the
web.config file in the parent folder. Settings not defined in the child
web.config file inherit the settings from the parent
web.config file. Figure 20-1 demonstrates these rules of precedence.
In addition to inheriting settings from a
web.config file defined in a parent folder, all applications on a given machine inherit settings from a file called
machine.config . The
machine.config file contains default ASP.NET configuration settings, as well as settings for other .NET application types. Thus, in Figure 20-1, the
Chapter20 folder inherits the
machine.config setting for the enableSessionState attribute of the <pages> element, which is True by default. The
web.config file in the
Chapter20 folder overrides the
machine.config default settings for the <authorization> element, denying access to any anonymous user (any user who has not logged in). The
Sub1 subfolder inherits this setting (as well as all settings defined in
machine.config ) and adds a setting to override the
machine.config setting for the <pages> element, disabling session state for all pages contained in the
Sub1 folder.
web.config is made up of one or more of the elements listed in Section 20.2 later in this section. The <configuration> element is required, as is its child, <system.web>. All child elements of <system.web> (i.e., the elements that actually provide the configuration information) are optional; however, the use of certain elements may require you to include other elements or child elements. Each element may also contain one or more attributes that affect the behavior of that element.
Certain elements are limited in the scope at which they can be used. Some elements can be used only at the Application level (in the
web.config file at the root of the application), some only at the machine level (in
machine.config ), and some can be used at any scope (in
machine.config or in any
web.config file, whether at application root or subfolder level).
The elements in Table 20-1 are organized both functionally and hierarchically. That is, elements with related functions, such as <authentication> and <authorization>, are grouped together, and child elements immediately follow their parent elements. Thus, the <credentials> element immediately follows the <forms> element, which is its parent, and is immediately followed by <user>, which is a child of <credentials>. Table 20-1 summarizes the
web.config elements covered in this chapter.
|
<configuration> |
<case> |
<clear> |
|
<appSettings> |
<clientTarget> |
<httpModules> |
|
<add> |
<add> |
<add> |
|
<remove> |
<remove> |
<remove> |
|
<clear> |
<clear> |
<clear> |
|
<system.web> |
<compilation> |
<httpRuntime> |
|
<authentication> |
<compilers> |
<identity> |
|
<forms> |
<compiler> |
<machineKey> |
|
<credentials> |
<assemblies> |
<pages> |
|
<user> |
<add> |
<processModel> |
|
<passport> |
<remove> |
<securityPolicy> |
|
<authorization> |
<clear> |
<trustLevel> |
|
<allow> |
<customErrors> |
<sessionState> |
|
<deny> |
<error> |
<trace> |
|
<browserCaps> |
<globalization> |
<trust> |
|
<result> |
<httpHandlers> |
<location> |
|
<use> |
<add> | |
|
<filter> |
<remove> |