Understanding the ASP.NET configuration file Web.config

1. Understanding the Web.config file

The Web.config file is an XML text file, which is used to store the configuration information of the ASP.NET Web application (such as the most commonly used settings for the ASP.NET Web application Authentication method of the application), which can appear in every directory of the application. When you create a new Web application through VB.NET, a default
Web.config file will be automatically created in the root directory by default, including default configuration settings, and all subdirectories will inherit its configuration settings. If you want to modify the configuration settings of a subdirectory, you can create a new Web.config file in the subdirectory. It can provide configuration information in addition to the configuration information inherited from the parent directory, and can also override or modify settings defined in the parent directory.

Modifications to the Web.config file during runtime can take effect without restarting the service (Note: Exception in the section). Of course the Web.config file is extensible. You can customize new configuration parameters and write configuration section handlers to handle them.

2. web.config configuration file (default configuration settings) All the following codes should be located



## Between # and




, this XML tag is omitted from the following examples for learning purposes

　1. Section

Function: Configure ASP.NET authentication support (four types: Windows, Forms, PassPort, and None). This element can only be declared at the computer, site, or application level. The element must be used in conjunction with the section.

　Example:

The following example is a form-based authentication configuration site. When a user who is not logged in accesses a webpage that requires authentication, the webpage automatically jumps to the login webpage.






The element loginUrl represents the name of the login web page, and name represents the cookie name

2. Section

Function: Control client access to URL resources (if allowed Anonymous user access). This element can be declared at any level (computer, site, application, subdirectory, or page). Must be used in conjunction with the section.

Example: The following example prohibits access by anonymous users





Note: You can use user.identity.name to get the current authenticated user name; you can use the
web.Security.FormsAuthentication.RedirectFromLoginPage method to redirect the authenticated user to the page the user just requested. .For specific examples, please refer to:

Forms verification http://www.fanvb.net/websample/dataauth.aspx

3. Section

Function : Configure all compilation settings used by ASP.NET. The default debug attribute is "True". It should be set to True after the program is compiled and delivered for use (details are described in the Web.config file, examples are omitted here)

　4.

Function: Provide information about custom error messages for ASP.NET applications. It does not apply to errors occurring in XML Web services.

Example: When an error occurs, jump the web page to a custom error page.




The element defaultRedirect represents the name of the customized error web page. The mode element means: display custom (friendly) information to users who are not running on the local web server.

5. Section

Function: Configure ASP.NET HTTP runtime settings. This section can be declared at the computer, site, application, and subdirectory levels.

Example: Control the maximum size of user upload files to 4M, the maximum time to 60 seconds, and the maximum number of requests to 100



6.

Function: Identifies page-specific configuration settings (such as whether to enable session state, view state, whether to detect user input, etc.). can be declared at the computer, site, application, and subdirectory levels.

Example: Do not detect whether there is potentially dangerous data in the content entered by the user in the browser (Note: This item defaults to detection. If you use non-detection, you must encode or verify the user's input. ), the encrypted view state will be checked when the page is posted back from the client to verify that the view state has not been tampered with on the client side. (Note: This item is not verified by default)



7.

Function: Configure session state settings for the current application (such as setting whether to enable session state and where to save session state).

　Example:




Note :

Mode="InProc" means: store session state locally (you can also choose to store it in a remote server or SAL server or disable session state)

cookieless="true" means : Enable session state if the user's browser does not support cookies (default is False)

timeout="20" means: the number of minutes the session can be idle

8.

Function: Configure ASP.NET tracking service, mainly used for program testing to determine where errors occur.

Example: The following is the default configuration in Web.config:



Note:

enabled="false" means not to enable tracking; requestLimit="10" means specifying the number of tracking requests stored on the server

pageOutput="false" means that the trace output can only be accessed through the tracing utility;

traceMode="SortByTime" means that the trace information is displayed in the order in which the trace is processed

localOnly="true" means The trace viewer (trace.axd) is only used for the host Web server

3. Customizing the Web.config file configuration section

The process of customizing the Web.config file configuration section is divided into two steps.

One is to declare the name of the configuration section and the name of the .NET Framework class that handles the configuration data in the section between the and tags at the top of the configuration file.

The second is to make the actual configuration settings for the declared section after the area.

　Example: Create a section to store the database connection string

　
　
　

　
　.... ..



IV. Access the Web.config file

You can use the ConfigurationSettings.AppSettings static string collection To access the Web.config file example: Get the connection string established in the example above.

Dim sconstr As String = ConfigurationSettings.AppSettings("SconStr")
Dim scon = New SqlConnection(sconstr)

For more information about the ASP.NET configuration file Web.config, please read related articles Follow PHP Chinese website!