Chapter 20. web.config Reference
ASP.NET provides a completely new model for configuring web applications. This greatly simplified process makes it considerably easier to deploy application configuration settings, the application's content, and its components. Central to this new configuration model is web.config, an XML-based file that contains the configuration settings for your application. Because the file is written in XML, it is both human- and machine-readable.
web.config files configure applications hierarchically—i.e., an application can contain more than one web.config file, with each file residing in a separate folder of the application. Settings in a web.config file in a child folder of the application root override the settings of the web.config file in the parent folder. Settings not defined in the child web.config file inherit the settings from the parent web.config file. Figure 20-1 demonstrates these rules of precedence.
In addition to inheriting settings from a web.config file defined in a parent folder, all applications on a given machine inherit settings from a file called machine.config. The machine.config file contains default ASP.NET configuration settings, as well as settings for other .NET application types. Thus, in Figure 20-1, the Chapter20 folder inherits the machine.config setting for the enableSessionState attribute of the <pages> element, which is True by default. The web.config file in the Chapter20 folder overrides the machine.config default settings for the <authorization> element, denying access to any anonymous user (any user who has not logged in). The Sub1 subfolder inherits this setting (as well as all settings defined in machine.config) and adds a setting to override the machine.config setting for the <pages> element, disabling session state for all pages contained in the Sub1 folder.
web.config is made up of one or more of the elements listed in Section 20.2 later in this section. The <configuration> element is required, as is its child, <system.web>. All child elements of <system.web> (i.e., the elements that actually provide the configuration information) are optional; however, the use of certain elements may require you to include other elements or child elements. Each element may also contain one or more attributes that affect the behavior of that element.
Certain elements are limited in the scope at which they can be used. Some elements can be used only at the Application level (in the web.config file at the root of the application), some only at the machine level (in machine.config), and some can be used at any scope (in machine.config or in any web.config file, whether at application root or subfolder level).
The elements in Table 20-1 are organized both functionally and hierarchically. That is, elements with related functions, such as <authentication> and <authorization>, are grouped together, and child elements immediately follow their parent elements. Thus, the <credentials> element immediately follows the <forms> element, which is its parent, and is immediately followed by <user>, which is a child of <credentials>. Table 20-1 summarizes the web.config elements covered in this chapter.