One of the advantages of grouping individual pages together into an application
is that values can be set for all these pages at once by setting the properties
of the application. The settings of values for the properties of an application
that will control the application at runtime is known as configuring the ASP.Net
In ASP.Net, all that needs to be done to configure an application is to create a
Configuration file called 'Web.config' and place it in the root directory of the
application. The settings that are provided in this file are applied throughout
the application, including its sub-directories. This 'Web.config' is an XML
Different Configuration Settings:
The different configuration settings for an ASP.Net application that can be
defined in the 'Web.config' file are:
The Application settings section is enclosed between the <appSettings> and </appSettings>
tags. These settings allow the user to set the application configuration
details. Application settings enable the user to store and retrieve information
as key-value pairs. It simply populates a Hash Table, which can be easily
accessed through ASP.Net pages. It is also possible to store SQL queries, as
show in below Code Snippet 1:
Code Snippet 1:
<add key="MySQLQuery" value="select *
The key value pair, as can be seen from Code Snippet 1, is enclosed within the <appSettings>
tag. The configuration settings stored in the config files can be read back in
an ASP.Net page using the command show in Code Snippet 2.
Code Snippet 2:
. . .
String GetQuery = ConfigurationSettings.AppSettings["MySQLQuery"];
. . .
The <pages> configuration setting allows the developer to control some of the
default behaviors for all the ASP.Net Pages in the application or machine. These
behaviors include options such as whether the output should be buffered before
sending, and whether Session state is enabled for pages within the application.
The properties that can be set at the page level are listed in below table with
Sets whether the
response to a client is sent directly or is first buffered on the server
and then sent.
ViewState is to be enabled or disabled.
Code Snippet 3 shows how the pages
configuration settings can be implemented in a 'Web.config' file.
Code Snippet 3:
<pages buffer="true" enableViewState="false"/>
SessionState, like many other ASP.Net services, can be configured through the
'Web.config' file. The below table lists the various attributes of sessionState
along with their descriptions.
to store the session state. The various options for this attributes are
- this indicated that session is not enabled
InProc - this indicates that session state is
this indicated that session
state is stored on a remote server
this indicates that session
state is stored on a SQL Server
session without cookies should be used to identify client sessions.
Specifies the time
in minutes for which a session can be idle before it is abandoned.
server name and port where the session is stored remotely.
connection string for the SQL Server.
Code Snippet 4 shows the SessionState settings
in a 'Web.config' file
Code Snippet 4:
<SessionState mode="inproc" cookieless="false" timeout="20"/>
We have seen 3 configuration settings which are <appSettings>, <Pages> & <SessionState>
for an ASP.Net application in PART 1.
ASP.Net provides the flexibility to write custom error pages and redirect the
browser (client) to these error pages when any specific error occurs. For
example, if a resource (file, image, audio file) is not found on the server,
instead of displaying to the user a "404 Not Found" error message, the error can
be trapped and the browser can be re-directed to a pre-designed page. The error
pages to be displayed can be designed to give a more polite and user - friendly
explanation of the error and if cause. The syntax for this configuration setting
is shown in Code Snippet 5.
Code Snippet 5:
<customErrors defaultRedirect="url" mode="On|Off|RemoteOnly>
<error statusCode="statuscode" redirect="url"/>
defaultRedirect attribute specifies the default page where the client will be
redirect if an unhandled error occurs.
Mode specifies whether the customErrors option is turned on. Mode will be set to
RemoteOnly if the custom error pages are to be displayed only to the remote
clients, and not to people working from the local machine.
customErrors tag allows a sub-tag <error> to be defined, which takes two
attributes, namely statusCode & redirect.
The statusCode attribute is used to trap the error code and the redirect
attribute specifies to which page the response should be redirected on the
occurrence of the specified error.
Code snippet 6 shows a sample for the customError Settings.
Code Snippet 6:
<customErrors defaultRedirect="http://localhost/Appdir/AllErrors.aspx" mode="RemoteOnly">
<error statusCode="404" redirect="http://localhost/Appdir/ErrorNo404.aspx"/>
In above code snippet, the Web.config file redirects the page request to a page
called 'ErrorNo404.aspx', in case the 404 error occurs. In case of any other
error, the request is redirected to the 'AllErrors.aspx' page.
Some web sties changes for their services. For example, consider email sites.
Though many are available for free, for some premium value addition services,
most of the sites charges a fee. Entry into the paid section is granted to the
user only if the user has a valid user name and password. The process of
validating the username and password is known as Authentication. In the days
prior to ASP.NET, huge amounts of code needed to be written for the
authentication routines. However, with the advent of ASP.Net, it has been
reduced to a few lines of code. The settings can be specified in the
'web.config' file itself. The syntax for doing the same is illustrated in below
code snippet 7.
Code Snippet 7:
<forms name="name" loginUrl="url" Protection="All|None|Encryption" timeout="xx" path="/">
<user name="username" password="password"/>
In Code Snippet 7, the mode specifies the type of authentication that is to be
performed. The options could be one of the four as described in below table.
authentication as the default authentication mode. This mode will be
used in case of any form internet information service (IIS)
forms based authentication as the default authentication mode.
Microsoft Passport authentication as the default authentication mode.
authentication, Only anonymous users are expected or application can
handle events to provide their own authenticatio