Home > ASP.NET Applications > ASP.NET Configuration > Format of ASP.NET Configuration Files
ASP.NET Web Applications ASP.NET Configuration
ASP.NET configuration settings are stored in Extensible Markup Language ( XML ) files.
Basically, there are two types of configuration files for ASP.NET applications you should be concerned with: Machine.config and Web.config.
The Machine.config file contains configuration information that apply to all .NET applications for a specific version of the framework installed on the machine, whereas a Web.config file contains configuration settings that apply to a specific ASP.NET application or resource ( typically a directory or a file ).
NOTE: Web.config files are optional, but the Machine.config file is required.
ASP.NET configuration files are made up of configuration sections, which in turn are made up of XML configuration elements with attributes that specify the actual configuration settings.
Essentially, each configuration section serves to implement configuration settings for a specific application need, such as for managing security, database connections, caching, compiler options, custom errors, debug and trace options, and so on.
Technically, each section declaration in a configuration file specifies:
- the name of a configuration settings section, and
- the name of the section-handler class that processes configuration data for that section.
The .NET Framework installs with predefined configuration sections in the Machine.config file. These built-in sections provide the default configuration settings and almost all the functionalities needed to configure most ASP.NET applications.
Depending on the application’s need, developers can either use the default settings, or specify settings for any or all of the configuration sections in any of the application’s Web.config files.
Developers can also create custom configuration sections. For more information, see Creating New Configuration Sections.
Because ASP.NET configuration files are XML-based, the elements and attributes are case-sensitive, as prescribed in the following norms:
- Element and attribute names are camelCased, which means that the first character of an element name is lowercase and the first letter of any subsequent concatenated word is uppercase.
- Attribute values are PascalCase, which means that the first character is uppercase and the first letter of any subsequent concatenated words is uppercase. Exceptions are true and false, which are always lowercase.
All configuration information must be contained between the opening and closing tags of a <configuration> element.
Basically, the information contained within the <configuration> element is grouped into two main parts:
- the section declarations part, and
- the section settings part.
<configuration>
<!-- section declarations -->
<!-- section settings -->
</configuration>
In essence, a section must first be declared before you can specify configuration settings for that section. ASP.NET throws an exception if configuration settings are specified for an unknown section.
Configuration section declarations appear at the top of the configuration file and must be contained between the opening and closing tags of a <configSections> element.
<configuration>
<configSections>
<!-- section declarations -->
</configSections>
<!-- section settings -->
</configuration>
Each section in turn is declared via a <section> element.
To help organize the configuration information, the section declarations are typically nested within <sectionGroup> elements, which basically represent the namespace to which the configuration settings apply.
For instance, all of the default ASP.NET configuration sections predefined in the Machine.config file are declared within the <system.web> section group.
Below shows the declaration for the built-in <authentication> and <authorization> sections as they appear in the machine configuration file.
<configuration>
<configSections>
<sectionGroup name = "system.web">
<section name = "authentication"
type = "System.Web.Configuration.AuthenticationSection, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
allowDefinition = "MachineToApplication" />
<section name = "authorization"
type = "System.Web.Configuration.AuthorizationSection, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
... other configuration section declarations ...
</sectionGroup>
</configSections>
... default configuration settings ...
</configuration>
You need to declare a configuration section only once.
As mentioned, the default ASP.NET configuration sections are already declared at the machine level configuration file. All other configuration files for any ASP.NET application running on the same machine automatically inherit the configuration sections that are declared in the Machine.config file. You only need to declare a new section if you need to use a custom settings section.
Below shows use of the <configSections>, <sectionGroup>, and <section> elements in this application’s Web.config file, which declares a custom settings section.
<configSections>
<sectionGroup name = "system.web">
<section name = "sourceView"
type = "System.Configuration.NameValueSectionHandler, System,Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</sectionGroup>
</configSections>
Likewise, configuration files in application subdirectories automatically inherit any custom settings section declared in parent directories.
The configuration section settings part follows the <configSections> part and contains the actual configuration settings.
Settings for a configuration section can only be defined for a section that has been declared in the <configSections> area.
Below shows the configuration section settings for the custom section declared in this application’s Web.config file.
<configuration>
<configSections>
<sectionGroup name = "system.web">
<!-- section declaration -->
<section name = "sourceView"
type = "System.Configuration.NameValueSectionHandler, System,Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</sectionGroup>
</configSections>
<system.web>
<!-- section settings -->
<sourceView>
<add key = "root" value = "d:\web projects\asp.net.ph" />
</sourceView>
</system.web>
</configuration>
The following example shows the declaration for the built-in <authentication> and <authorization> sections as they appear in the machine configuration file.
<configuration>
<configSections>
<sectionGroup name = "system.web">
<section name = "authentication"
type = "System.Web.Configuration.AuthenticationSection, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
allowDefinition = "MachineToApplication" />
<section name = "authorization"
type = "System.Web.Configuration.AuthorizationSection, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
... other configuration section declarations ...
</sectionGroup>
</configSections>
... default configuration settings ...
</configuration>
The following example shows how to specify application settings in a Web.config file for the built-in <authentication> and <authorization> sections. You do not need to declare these sections as they are already predefined in the Machine.config.
<configuration>
<system.web>
<authentication mode = "Forms">
<forms name = "401kApp" loginUrl = "/login.aspx" />
</authentication>
<authorization>
<deny users = "?" />
</authorization>
</system.web>
</configuration>
In brief, unless your application uses custom configuration sections, your Web.config files need only contain configuration settings.
ASP.NET Configuration Sections Accessing Configuration Settings Hierarchical Configuration Architecture