Text/WATERSWEA
1. Understanding the Web.config file
The Web.config file is an XML text file, which is used to store the configuration information of the ASP.NET Web application (such as the most commonly used authentication method for setting the ASP.NET Web application) , which can appear in every directory of the application. When you create a new Web application through VB.NET, a default
The Web.config file contains default configuration settings, and all subdirectories inherit its configuration settings. If you want to modify the configuration settings of a subdirectory, you can create a new Web.config file in the subdirectory. It can provide configuration information in addition to the configuration information inherited from the parent directory, and can also override or modify settings defined in the parent directory.
Modifications to the Web.config file at runtime can take effect without restarting the service (Note: Exception for the <processModel> section). Of course the Web.config file is extensible. You can customize new configuration parameters and write configuration section handlers to handle them.
2. web.config configuration file (default configuration settings) All the following codes should be located in
<configuration>
<system.web>
and
</system.web>
</configuration>
, this XML tag is omitted in the following examples for learning purposes.
1. <authentication> Section
Function: Configure ASP.NET authentication support (for Windows, Forms, PassPort, None). This element can only be declared at the computer, site, or application level. The <authentication> element must be used with the <authorization> section.
Example:
The following example is a form-based authentication configuration site. When a user who is not logged in accesses a webpage that requires authentication, the webpage automatically jumps to the login webpage.
<authentication mode="Forms" >
<forms loginUrl="logon.aspx" name=".FormsAuthCookie"/>
</authentication>
The element loginUrl represents the name of the login web page, and name represents the cookie name.
2.
The role of the <authorization> section: control client access to URL resources. (such as allowing anonymous user access). This element can be declared at any level (computer, site, application, subdirectory, or page). Required in conjunction with the <authentication> section.
Example: The following example disables access to anonymous users
<authorization>
<deny users="?"/>
</authorization>
Note: You can use user.identity.name to get the current authenticated username; you can use
The web.Security.FormsAuthentication.RedirectFromLoginPage method redirects the authenticated user to the page the user just requested. For specific examples, please refer to:
Forms verification http://www.fanvb.net/websample/dataauth.aspx
3. <compilation> Section
role: Configure all compilation settings used by ASP.NET. The default debug attribute is "True". It should be set to True after the program is compiled and delivered for use (details are described in the Web.config file, examples are omitted here)
4. <customErrors>
role: for ASP.NET applications Provides information about custom error messages. It does not apply to errors that occur in XML Web services.
Example: When an error occurs, jump to a custom error page.
<customErrors defaultRedirect="ErrorPage.aspx" mode="RemoteOnly">
</customErrors>
The element defaultRedirect represents the name of the customized error web page. The mode element indicates: display custom (friendly) information to users who are not running on the local Web server.
5.
The role of the <httpRuntime> section: configure the ASP.NET HTTP runtime settings. This section can be declared at the computer, site, application, and subdirectory levels.
Example: Control the maximum size of files uploaded by users to 4M, the maximum time to 60 seconds, and the maximum number of requests to 100
<httpRuntime maxRequestLength="4096" executionTimeout="60" appRequestQueueLimit="100"/>
6. <pages>
role: to identify specific Configuration settings for the page (such as whether to enable session state, view state, whether to detect user input, etc.). <pages> can be declared at the computer, site, application, and subdirectory levels.
Example: Do not detect whether there is potentially dangerous data in the content entered by the user in the browser (Note: This item is detected by default. If you use non-detection, you must encode or verify the user's input). From the client The encrypted view state is checked when the page is posted back to verify that the view state has not been tampered with on the client side. (Note: This item is not verified by default)
<pages buffer="true" enableViewStateMac="true" validateRequest="false"/>
7. <sessionState>
function: Configure session state settings for the current application (such as setting whether to enable the session state, where the session state is saved).
Example:
<sessionState mode="InProc" cookieless="true" timeout="20"/>
</sessionState>
Note:
mode="InProc" means: store session state locally (you can also choose to store it in a remote server or SAL server or disable session state)
cookieless="true" means: if the user's browser does not support it Session state is enabled when cookies are used (default is False)
timeout="20" means: the number of minutes the session can be idle
.8. <trace>
function: Configure the ASP.NET tracking service, mainly used for program testing to determine where errors occur.
Example: The following is the default configuration in Web.config:
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
Note:
enabled="false" means not Enable tracing; requestLimit="10" specifies the number of trace requests stored on the server
pageOutput="false" specifies that trace output can only be accessed through the tracing utility;
traceMode="SortByTime" specifies that trace information is displayed in the order in which traces are processed
localOnly="true" means that the trace viewer (trace.axd) is only used for the host Web server
3. Customize the Web.config file configuration section
The process of customizing the Web.config file configuration section is divided into two steps.
One is to declare the name of the configuration section and the name of the .NET Framework class that handles the configuration data in that section between the <configSections> and </configSections> tags at the top of the configuration file.
The second is to make the actual configuration settings for the declared sections after the <configSections> area.
Example: Create a section to store database connection strings
<configuration>
<configSections>
<section name="appSettings" type="System.Configuration.NameValueFileSectionHandler, System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</configSections>
<appSettings>
<add key="scon" value="server=a;database=northwind;uid=sa;pwd=123"/>
</appSettings>
<system.web>
...
</system.web>
</configuration>
4. Access the Web.config file.
You can access the Web.config file by using the ConfigurationSettings.AppSettings static string collection. Example: Get the connection string established in the above example.
Dim sconstr As String = ConfigurationSettings.AppSettings("SconStr")
Dim scon = New SqlConnection(sconstr)