Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Example Analysis of ASP.NET web.config configuration Node

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/03 Report--

This article will explain in detail the example analysis of ASP.NET web.config configuration nodes. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Web.config file lookup rules:

(1) if there is a web.config file in the directory where the current page is located, check to see if there is the name of the node you are looking for, and if so, return the result and stop searching.

(2) if the web.config file does not exist in the directory where the current page is located or the node name does not exist in the web.config file, look for its parent directory to the root directory of the website.

(3) if the web.config file does not exist in the root directory of the site or the node name does not exist in the web.config file, look in the% windir% "Microsoft.NET" Framework "v2.0.50727" CONFIG "web.config file.

(4) if the corresponding node does not exist in the% windir% "Microsoft.NET" Framework "v2.0.50727" CONFIG "web.config file, look in the% windir%" Microsoft.NET "Framework" v2.0.50727 "CONFIG" machine.config file.

(5) return null if it is still not found.

While the asp.net application is running, if the web.config file changes, it will cause the corresponding application to restart, and the user session information stored in the server memory will be lost (such as Session stored in memory).

(1) appSetings configuration node

Nodes are mainly used to store some configuration information of asp.net applications, such as the save path of uploaded files, etc.

String fileType=ConfigurationManager.AppSettings ["FileType"]

(2) Node

The node is mainly used to configure the database connection. We can add any node in the node to save the database connection string. In the future, we can dynamically obtain the value of the node in the code to instantiate the database connection object. So once the database connection information changes during deployment, we only need to change the configuration here. There is no need to change the program code and redeploy because of the change of database connection information.

String connectionString = ConfigurationManager.ConnectionStrings ["AspNetStudyConnectionString1"] .ConnectionString

(3) Node

The node configures all the compilation settings used by ASP.NET. The default debug property is "true", which allows debugging, which affects the performance of the Web site, so you should set it to "false" after the program has been compiled and delivered.

(4) Node

Set the asp.net authentication mode. There are four authentication modes, and their values are as follows:

Windows uses Windows authentication, which is suitable for domain users or LAN users.

Forms uses form authentication and relies on site developers for authentication.

Passport uses authentication services provided by Microsoft for authentication.

None does not perform any authentication.

(5) Node

The node is used to define some custom error messages. This node has two attributes, Mode and defaultRedirect, where the defaultRedirect attribute is an optional attribute that represents the default URL redirected to when an error occurs in the application program, or displays a general error if it is not specified. The Mode property is a required attribute that has three possible values, which represent the following meanings:

On indicates that both local and remote users will see custom error messages.

Off disables custom error messages, and both local and remote users will see detailed error messages.

RemoteOnly indicates that local users will see detailed error messages, while remote users will see custom error messages.

It is necessary to explain the concepts of local and remote users. When the machine we use to access the asp.net application and the machine used to publish the asp.net application are the same machine, we become local users, and vice versa, we call them remote users. In order to find errors in the development and debugging phase, it is recommended to set the Mode property to Off, while in the deployment phase, the Mode property should be set to On or RemoteOnly, so as to prevent these detailed error messages from exposing the details of the program code and causing hackers to invade.

(6) Child nodes

Under the node also contains

< error>

Child node, this node is mainly redirected to our custom error page based on the server's HTTP error status code. Note that for the configuration under the child node to take effect, the node's Mode property must be set to "On". Here is an example:

(7) nodes

The node is used to deliver the user's request to the appropriate handler based on the URL and HTTP predicates of the user's request. This node can be configured at any level of the configuration level, that is, special handling can be performed for special files specified in a particular directory.

As can be seen from the above configuration, Get or Post requests for * .mdf and * .ldf files will be handed over to System.Web.HttpForbiddenHandler for processing, and the result is that users cannot view or download the relevant files. If we do not allow users to download files or certain types of files under one of our folders, we can add the corresponding child nodes to the node.

Let's use an example to illustrate the use of nodes, create an IPData directory in our asp.net application, create an IPData.txt file in the IPData directory, and then add the following configuration to Web.config:

(IX) nodes

The node is used to set up the ASP.NET HTTP runtime. This section can be declared at the computer, site, application, and subdirectory levels.

For example, the following configuration controls that the maximum number of files that users can upload is 40m (40mm 1024K), the maximum timeout is 60 seconds, and the maximum number of concurrent requests is 100.

(10) Node

The node is used to indicate the settings for a specific page, and there are three main attributes, which are as follows:

Whether buffer has HTTP response buffering enabled.

Whether enableViewStateMac should run computer Authentication check (MAC) on the view state of the page to place user tampering, defaults to false, and if set to true will cause performance degradation.

Whether validateRequest verifies that there are cross-site scripting attacks and SQL injection vulnerabilities in user input. The default is true. If a match occurs, a HttpRequestValidationException exception will be issued. Pages containing online text editors generally validate user input by themselves and set this property to false.

(11) Node

The node is used to configure the session state configuration of the current asp.net application. Here is a common configuration:

The above node configuration is set to enable Cookie in the asp.net application, and specifies that the session state mode is to save session state in the process, as well as a session timeout of 30 minutes.

The Mode attribute of a node can be one of the following values:

Custom uses custom data to store session state data.

InProc default value. Session state data is stored by the asp.net worker process.

Off disables session state.

SQLServer uses an out-of-process SQLServer database to hold session state data.

StateServer uses the out-of-process ASP.NET state service to store state information.

Generally, InProc mode is used to store session state data by default. The advantage of this mode is that the access speed is fast, but the disadvantage is that it takes up memory, so it is not suitable to store large user session data in this mode.

(12) nodes

The globalization settings used to configure the application. This node has several important attributes, which are as follows:

FileEncoding optional properties. Sets the storage encoding for .aspx, .asmx, and .asax files.

RequestEncoding optional properties. Sets the encoding of the client request, which defaults to UTF-8.

ResponseEncoding optional properties. Sets the encoding of the server-side response, which defaults to UTF-8.

The following is the default configuration in the asp.net application:

(13) Reading and writing of web.config documents

Public void SetAppSetting (string key, string value) {AppSettingsSection appSetting = (AppSettingsSection) config.GetSection ("appSettings"); if (appSetting.Settings [key] = = null) / / if this node does not exist, add {appSetting.Settings.Add (key, value);} else// if it exists, modify {appSetting.Settings [key] .value = value }} this is the end of the article on "sample Analysis of ASP.NET web.config configuration nodes". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report