How to: Create Web.config Files
ASP.NET uses a hierarchy of XML text files, each named Web.config, to store settings that control how your Web site works. Using the features of the ASP.NET configuration system, you can configure an entire server, an ASP.NET application, or individual pages. This topic describes how to create a Web.config file in Visual Web Developer.
To create a Web.config file
In Solution Explorer, click the Refresh icon to make sure that a Web.config file does not already exist for your application.
If you have already used the Web Site Administration Tool or some other means of configuring your application, a Web.config file might have been created automatically. Clicking Refresh updates your file list.
In Solution Explorer, right-click your Web site name, and then click Add New Item.
In the Templates window, click Web Configuration File.
The file name in the Name text box should be Web.config. You can give the file another name, but this is the default. The .config file name extension is protected from being downloaded by ASP.NET.
Click Add to create the file and open it for editing.
The file contains the code shown in the "Example" section later in this topic, with a few initial defaults. Your application inherits all configuration settings from the Machine.config and Web.config files in the %SystemRoot%\Microsoft.NET\Framework\<version>\CONFIG directory, but you will not see those default settings here. Application-level or directory-level Web.config files only need to be created if you want to override the inherited default settings or add to collection elements like httpHandlers.
To view all of the configuration settings for your current application, you could run the code included in the topic How to: View Inherited and Local Configuration Settings Programmatically. Alternatively, you can view the Machine.config.comments or Web.config.comments files (which also contain useful comments) in the %SystemRoot%\Microsoft.NET\Framework\<version>\CONFIG directory, but these two files will not contain all of your run-time settingsHow to: View Inherited and Local Configuration Settings Programmatically.
If you have changed your Web.config file, save it.
Saving a Web.config file restarts the application. You can alternatively use the configSource attribute of individual section elements to point to a secondary configuration file that does not cause an application restart when it is changed. For more information, see configSource in General Attributes Inherited by Section Elements.
To use IntelliSense to edit configuration settings
In Visual Web Developer, open your Web.config file.
In the editing window, place your cursor inside the <system.web> </system.web> tags on a line by itself, but not inside any other tags.
Type the less-than character (<) to start a new element.
A drop-down list appears that offers valid elements to add at this insertion point. Alternatively, you can press Ctrl+J to display the drop-down list without typing the less-than character.
The anonymouseIdentification element is placed in your Web.config file and is terminated. If an element is terminated by a closing tag, then there are available child elements that you can set. If an element is terminated, like the following anonymousIdentification element, there are no available child elements to set.
Place your cursor within the <anonymousIdentification /> tag, and then press the SPACEBAR key.
A drop-down list appears that offers valid attributes to add to the anonymousIdentification element. Alternatively, you can press Ctrl+J to display the drop-down list without pressing the SPACEBAR key.
The enabled attribute is placed in your Web.config file, and because it is a Boolean attribute, the values of true and false are offered in a drop-down list.
Select false. This is the system default.
The IntelliSense system makes suggestions for elements and attributes that are available at the insertion point. Sometimes, specialized attributes are not offered. For example, when configuring a providers element, such as for the siteMap element, different attributes are available depending on the type of provider you are adding. IntelliSense does not show these attributes because they depend upon the value of the type attribute.
Change the value of the enabled attribute to "falsex", which is an invalid value.
The IntelliSense system provides validation checking and displays a squiggly line under any text that does not validate.
The following code example illustrates the initial contents of a Web.config file created by Visual Web Developer. Default settings are given for the compilation and the authentication elements. To turn on ASP.NET debugging, all you would do is change the debug attribute of the compilation element to true. All of the elements that can appear within the system.web element are documented in ASP.NET Configuration Settings.
<?xml version="1.0"?> <!-- Note: As an alternative to hand editing this file you can use the Web Site Administration Tool to configure settings for your application. Use the Web site->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in \Windows\Microsoft.Net\Framework\v2.x\Config --> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <appSettings/> <connectionStrings/> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="false"/> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Windows"/> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm"/> <error statusCode="404" redirect="FileNotFound.htm"/> </customErrors> --> </system.web> </configuration>
When storing sensitive information in a configuration file for an application, you should encrypt the sensitive values using protected configuration. For more information about this and other security issues for configuration files, see Securing ASP.NET Configuration.