Using the Web.config File to Configure Security Settings

Using the Web.config File to Configure Security Settings

Each time you create a .NET web service, Visual Studio .NET creates a special file named Web.config that you can use to configure key application settings. The following statements illustrate the file’s default contents:

<?xml version="1.0" encoding="utf-8" ?> <configuration>      <system.web>     <!--  DYNAMIC DEBUG COMPILATION           Set compilation debug="true" to insert debugging symbols           (.pdb information) into the compiled page. Because this           creates a larger file that executes more slowly, you should           set this value to true only when debugging and to false at           all other times. For more information, refer to the           documentation about debugging ASP.NET files.     -->     <compilation defaultLanguage="vb" debug="true" />     <!--  CUSTOM ERROR MESSAGES           Set customErrors mode="On" or "RemoteOnly" to enable custom           error messages, "Off" to disable. Add <error> tags for each           of the errors you want to handle.     -->     <customErrors mode="RemoteOnly" />     <!--  AUTHENTICATION           This section sets the authentication policies of the           application. Possible modes are "Windows",           "Forms", "Passport" and "None"     -->     <authentication mode="Windows" />     <!--  AUTHORIZATION           This section sets the authorization policies of the           application. You can allow or deny access to application           resources by user or role. Wildcards: "*" mean everyone, "?"           means anonymous (unauthenticated) users.     -->     <authorization>         <allow users="*" /> <!-- Allow all users -->             <!--  <allow     users="[comma separated list of users]"                              roles="[comma separated list of roles]"/>                   <deny      users="[comma separated list of users]"                              roles="[comma separated list of roles]"/>             -->     </authorization>     <!--  APPLICATION-LEVEL TRACE LOGGING           Application-level tracing enables trace log output for every           page within an application. Set trace enabled="true" to           enable application trace logging.  If pageOutput="true", the           trace information will be displayed at the bottom of each           page.  Otherwise, you can view the application trace log by           browsing the "trace.axd" page from your web application root.     -->     <trace enabled="false" requestLimit="10" pageOutput="false" ÄtraceMode="SortByTime" localOnly="true" />     <!--  SESSION STATE SETTINGS           By default ASP.NET uses cookies to identify which requests           belong to a particular session. If cookies are not available,           a session can be tracked by adding a session identifier to           the URL. To disable cookies, set sessionState           cookieless="true".     -->     <sessionState             mode="InProc"             stateConnectionString="tcpip="             sqlConnectionString="data source=;user              id=sa;password="             cookieless="false"             timeout="20"     />     <!--  GLOBALIZATION           This section sets the globalization settings.     -->     <globalization requestEncoding="utf-8" responseEncoding="utf-8" />     </system.web> 

Within the Web.config file, the <authentication> and <authorization> fields let you control access to a web service. The following <authentication> statement, for example, specifies that the program is using Forms authentication:

<authentication mode="Forms" loginurl="/login.aspx" />

In a similar way, the following <authorization> entry allows access only to users named “Gates”:

<authorization>    <allow users="Gates"/> </authorization>

Using the <authorization> entry, you can use the question mark (?) that .NET relates to anonymous users. The following entry, for example, would deny access to anonymous users:

<authorization>    <deny users="?"/> </authorization>

. NET Web Services Solutions
.NET Web Services Solutions
ISBN: 0782141722
EAN: 2147483647
Year: 2005
Pages: 161
Authors: Kris Jamsa © 2008-2017.
If you may any questions please contact us: