Centralized Configuration Settings


Although the generally recommended approach is to place all configuration settings in a web.config file for each individual Web application, you can also define configuration settings in a parent web.config file that will be applied to resources in subdirectories or subapplications.

You specify settings in parent web.config files—or only in machine.config—through the <location /> element:

<location path="[web path]">
<[sectionGroup]>
<[section] />
</[sectionGroup>
</location>

The <location /> element is most commonly used for security purposes in Web sites with complex directory structures. Rather than creating a web.config file for each directory and specifying the authorization requirements, you can use the <location /> element to store authorization requirements centrally in the application’s root web.config file, as shown in the following code example. This is perhaps the best use of the <location /> element.

<configuration>
<!-- Other application configuration settings not shown -->
<location path="Forums/EditPost.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>

In this sample web.config file, a single comment line reflects that more configuration settings have likely been specified but are not shown in the sample. We also find the <location /> element used to deny access to anonymous users. This is accomplished through <deny users=“?” /> applied to path=“Forums/EditPost.aspx”. This is the setting we use on the www.asp.net site to prevent unauthorized users from accessing the edit post functionality of the ASP.NET Forums (www.asp.net/Forums).




Microsoft ASP. NET Coding Strategies with the Microsoft ASP. NET Team
Microsoft ASP.NET Coding Strategies with the Microsoft ASP.NET Team (Pro-Developer)
ISBN: 073561900X
EAN: 2147483647
Year: 2005
Pages: 144

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net