A number of different file types are associated with an ASP.NET application, and it’s important to understand the purpose of each type, even if you aren’t using all of them in your current applications. In this section, we’ll look at the major file types associated with ASP.NET Web Applications and web services and what each of them does.
web.config Files web.config is the file type used for configuration of various settings within an ASP.NET application. Applications may contain more than one web.config file (though there may be only one per directory or subdirectory), and the web.config files are applied in an hierarchical fashion. What this means is that if you have defined a particular setting (such as the user accounts permitted to access that directory) in the web.config file at the root of your application, this setting applies to the application and all of its subdirectories, if it has any. You can override that setting for a particular subdirectory by using a web.config file in a subdirectory of the application. The web.config files use an XML-based syntax, and both the tag names and their attributes are case-sensitive.
web.config provides configuration settings for:
- Application-specific settings, such as connection string information (since the web.config file resides within the web application’s file space, it is probably best to avoid storing sensitive information such as passwords in plain text in a configuration file, or at all, if that’s feasible).
- Authentication and authorization.
- Browser capabilities (mapping specific functionality to the information retrieved from a User Agent string).
- Compilation settings, including whether an application should be run in debug or release mode.
- Custom error handling information.
- Globalization settings.
- HttpHandlers and HttpModules associated with the application.
- HttpRuntime settings.
- Application Identity and encryption/decryption key settings.
- ASP.NET Page defaults (for the @ Page directive).
- ASP.NET Process settings, including settings for Web Gardens, and proactive restart of applications based on memory used or number of requests received.
- Code-access security settings, including mappings of trust levels to security policy files, and trust setting for an application.
- Session state settings, including whether to run Session state in process, out of process, or in SQL Server.
- Application Trace settings. Tracing is a useful new feature for debugging and troubleshooting that we’ll discuss in Chapter 10.
- Web service settings.
Note that web.config is an optional file. Any configuration settings not set in a web.config file within the application will be inherited from the server-level configuration file, machine.config. A sample web.config file is shown in Example 2-3.
Example 2-3 . Sample web.config file
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation
defaultLanguage="c#"
debug="true"/>
<trace
enabled="true"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true" />
<sessionSTATE
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;
user id=sa;password="
cookieless="false"
timeout="20" />
</system.web>
</configuration>
We’ll discuss how to make changes to web.config, and the syntax of the various configuration sections, in Chapter 8.
/ 33 
