8.1 Understanding Configuration Files
In ASP.NET, configuration information is stored in one of two files: machine.config or web.config. While an application can have as many web.config files as it has directories and subdirectories (subject to scope limitations of some elements), there is only one machine.config file per machine; it contains the default configuration information for every web application, as well as other application types, on the machine. This information includes Windows Forms applications, security settings, remoting settings, and other network settings. You should use extreme caution when editing machine.config to avoid accidentally making changes that break other applications. It's probably a good idea to back up the machine.config file before editing it, in case you need to restore the original settings.
web.config is an optional configuration file that is stored with each web application. If an application contains a web.config file, the file takes precedence over machine.config (i.e., the settings in web.config override those in machine.config). If a web application does not contain a web.config file, it inherits its settings from machine.config. An application may have multiple web.config files, but each must reside in its own directory or subdirectory.
The web.config files in an application are hierarchical. Just as the settings in a web.config file in the application root will override the settings in machine.config, the settings in a web.config file in a subdirectory will override those in a web.config file in the parent directory.
The syntax of the machine.config and web.config files is based on XML. Each configuration section consists of a parent element that may in turn contain attributes or child elements. In the following snippet, the <configuration> and <system.web> elements are standard elements that are required in each web.config file. The <authentication> and <authorization> elements are parent configuration elements, while the <deny> element is a child element of the <authorization> element:
<configuration> <system.web> <authentication mode="Windows"/> <authorization> <deny users="?"/> </authorization> </system.web> <configuration>
The configuration of an ASP.NET application depends on which elements you include in your web.config file and on the values of their attributes (and any attributes of their child elements), as well as the defaults established in the machine.config file for that machine. Chapter 20 documents the configuration elements in detail. Most of this chapter looks at practical examples of how to set common configuration settings.