Web.config is a configuration file for the Asp .net web application. Asp.net application has one web.config file which keeps the configurations required for the corresponding application.It is also possible that there should be more then on configuration file but different for diffrent folder. Web.config file is written in XML with specific tags having specific meanings.Machine.config file is used to configure the application in a particular machine.That is to be , configuration done in machine.config file is affected on any application that runs on a particular machine. Usually, this file is not altered and only web.config is used which configuring application.There should be only one Machine.config file in System.Now question arise what it had and how it helps:-
There are number of important settings that can be stored in the configuration file. Here are some of the most of thenm in configurations, stored inside Web.config file.
Database connections
Session States
Error Handling
Trace
Security
Globalization
Database Connections:-Data that can be stored inside the web.config file is the database connection string. Storing the connection string in the web.config file makes sense, this help u when u wanna made any modification to database can have to change only on sigle place.nor u will to keep it either as a class level variable in all associated source files or probably keep it in another class as a public static variable.But if this is stored in the Web.config file,it can be used anywhere in the program. This will certainly save us a lot of alteration in different files where we used the old connection.here is a small example of the connection string which is stored in the web.config file.
<configuration>
<appSettings>
<add key="conn" value="server=servername;uid=uid;pwd=pass;database=database" />
</appSettings>
</configuration>
it is very simple to store the connection string in the web.config file.The connection string is referenced by a key which in this case is "Connstring". The value attribute of the configuration file denotes the information about the database. Here we get the database name, userid and password and the server name.we can aslo use this for any other information that we not to show the user.now question how to access the connection string from our Asp .net web application.
using System.Configuration;
string connectionString = (string )ConfigurationSettings.AppSettings["conn"];
Session States:-Session in Asp .net web application is very important. Becasue HTTP is a stateless protocol and we needs session to keep the state alive. Asp .net stores the sessions in different ways. By default the session is stored in the asp .net process.You can always configure the application so that the session will be stored in one of the way.
1) Session State Service:- The state service is not running in the same process the asp .net application. So even the asp.net application application crashes the sessions will not be destroyed. Any advantage is sharing the state information across a Web garden (Multiple processors for the same computer).Here is example of Session State Service.
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:55455" sqlConnectionString="data source=127.0.0.1;user id=;password=''' cookieless="false" timeout="20"/>
(2)Sql Server:-The Second choice for session information is to use Sql Server 2000 database. For using Sql Server to storing session state we require the following operation to be held: we have to Run the InstallSqlState.sql script on the Microsoft SQL Server to store the session.
<sessionState mode = "SqlServer" stateConnectionString="tcpip=127.0.0.1:45565" sqlConnectionString="data source="SERVERNAME;user id='';password='' cookiesless="false" timeout="20"/>
SQL Server help us to share session state among the processors in a Web garden or the servers in a Web farm. we also get extra space to store the session. The SQL Server is slow as comparision to session in the state inproc mode.But one advantage is we can do anything with the session becuse it is in database now.
(3) InProc:-That is default Session State. one of the advantage of inproc session state is the applications will run faster as compare to other Session state types. But the disadvantage is Sessionsare not stored when there if problem occurs in the application, Also there could be frequent loss of session data experienced.
Error Handling:-Its play a major role in the application realtes to error management. Each error has to be caught and suitable action has to be taken to resolve that problem. Asp.net web.config filelets us configure, what to do when an error occurs in our application.Check the following xml tag in the web.config file that deals with errors:
<customErrors mode = "On">
<error statusCode = "404" redirect = "errorPage.aspx" />
</customErrors>
when we use mode=on this will show the error to remote client too that is errorpage.aspx other mode of customerrors is off it helps us when we not wanna show any error description to remote clientand show a default error msg to remote client.
Trace:-If tracing is enabled in the web.config file (set enabled="true" pageOutput="true") detailed information about the life of the page will be displayed at the end of every page. This can be helpful for debugging. If you set pageOutput="false" a trace.axd file will be creating in your applications root folder and trace information will be stored there. If pageOutputis set to false, the requestLimit attribute will designate the number of requests to write to the page log. Setting localonly="true" will allow you to view the trace file from a remote computer. Tracemode has two valid values: SortByTimeand SortByCategory. These define how the trace information should be displayed.
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
Security:- The most admireable aspect of any application is security question arise how to handle this and what the method to handle this there are four method of security.
(1) No Authentication: As the name suggest No Authentication , meaning that Asp.net there will no implementation of security.
(2) Windows Authentication: Windows authentication allows us to use the windows user accounts means authenticate the user against the user name password relates to window means login name and password .
(i)Basic
(ii)integrated
(iii)Diggest
User.Identity.Name;This returns the DOMAIN\UserName of the current user of the local machine.
(3) Passport Authentication:Passport Authentication provider uses Microsoft's Passport service to authenticate users. You need to purchase this service in order to use it.
(4)Forms Authentication:-Forms Authentication uses HTML forms to collect the user information and than it takes required actions on those HTML collected values.In order to use Forms Authentication you must set the Anonymous Access checkbox checked. Now we need that whenever user tries to run theapplication he will be redirected to the login page.
<authentication mode="Forms">
<forms loginUrl = "Login.aspx" name="gitesh" timeout="1"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
we have to set Authentication mode to "Forms". The forms loginUrl is the first page being displayed when the application is run by any user.The authorization tags has the deny users element which contains "?", this means that full access will be given to the authenticated users and none access will be given to the unauthenticated users. You can replace "?" with "*" meaning that all access is given to all the users no matter what.But when session is expired it will automatically redirect user to login page . Form authentication also helpsto make authentication to all the page of application by usingif(User.identity.isauthenticate)to check wheater user is valid or not.
Globalization:-
<globalization requestEncoding="encoding string" responseEncoding="encoding string" fileEncoding="encoding string"culture="culture string" uiCulture="culture string"/>
requestEncoding:-Default encoding is UTF-8, shown in the tag included in the Machine.config file created when the .NET Framework is installed. If request encoding is not specified in a Machine.config or Web.config file, encoding defaults to the computer's Regional Options locale setting. In single-server applications, requestEncoding and responseEncoding should be the same.
fileEncoding:-Default value for .aspx, .asmx, and .asax file parsing. Unicode and UTF-8 files saved with the byte order mark prefix will be automatically recognized regardless of the value of
fileEncoding.culture:-valid culture strings.
uiCulture:-Specifies the default culture for processing locale-dependent resource searches