Understanding ASP.NET Configuration

Configuration in ASP.NET is based on a series of XML-based files that are hierarchical in nature. Each server contains a master (or root) configuration file called machine.config that is stored at the path %windir%\Microsoft.NET\ Framework\%version%\CONFIG\machine.config. (See the following illustration, which shows how the path would look for the Visual Studio .NET Final Beta on Windows Server 2003. The version number for the final release will be different.) This master configuration file contains the default settings for all ASP.NET applications on that server. This file also contains settings for machine-wide configuration (such as assembly binding and remoting channels), as well as other settings. Use caution when you edit this file to avoid inadvertently making changes that affect other applications.

In addition to machine.config, each ASP.NET Web application can have one or more files called Web.config (one per folder) in its folder hierarchy. Each Web.config file overrides any settings of the configuration files in parent folders. Settings in Web.config apply only to content within the folder in which the file resides, and any content in child folders. This allows you to set up a hierarchy of configuration files that lets you set application-wide configuration options at the highest levels, while still allowing you to override those settings at a lower level. For example, if you have a group of files whose access must be restricted, you can place those files in a separate folder within your application and then add a Web.config file that implements tighter security restrictions. You’ll see how to do this later in this chapter.

Note

If you decide to use multiple levels of configuration files within your application, you should consider using comments to make it clear where you’re overriding settings from parent Web.config files or from machine.config. This way, those who need to maintain the application can understand your intent. Comments in ASP.NET configuration files use the same syntax as HTML comments: <!-- -->. Keep in mind also that many of the settings configured in Web.config and machine.config can also be overridden at the page level using attributes of the @ Page directive. Take care to ensure that all developers on a project (as well as those who will maintain the application) understand this, to avoid confusion.

Changes to configuration file settings are detected automatically by the ASP.NET runtime and integrated into the cached configuration settings for the application. When a change is made, all new requests for resources within the scope of a given configuration file use the new configuration settings automatically.