Format of ASP.NET Configuration Files

Configuration information for ASP.NET resources is contained in a collection of configuration files, each named Web.config. Each configuration file contains a nested hierarchy of XML tags and subtags with attributes that specify the configuration settings. Because the tags must be well-formed XML, the tags, subtags, and attributes are case-sensitive. Tag names and attribute names are camel-cased, which means that the first character of a tag name is lowercase and the first letter of any subsequent concatenated words is uppercase. Attribute values are Pascal-case, which means that the first character is uppercase and the first letter of any subsequent concatenated words is uppercase. Exceptions are true and false, which are always lowercase.

All configuration information resides between the <configuration> and </configuration> root XML tags. Configuration information between the tags is grouped into two main areas: the configuration section handler declaration area and the configuration section settings area.

Configuration section handler declarations appear at the top of the configuration file between <configSections> and </configSections> tags. Each declaration contained in a <section> tag specifies the name of a section that provides a specific set of configuration data and the name of the .NET Framework class that processes configuration data in that section.

The configuration section settings area follows the <configSections> area and contains the actual configuration settings. There is one configuration section for each declaration in the <configSections> area. Each configuration section contains subtags with attributes that contain the settings for that section.

The following Web.config file example declares two configuration <section> handlers. One manages application settings and the other manages session state.

<configuration>
   <configSections>
      <section name="appSettings"   
         type="System.Configuration.NameValueFileSectionHandler, 
         System, Version=1.0.3300.0, 
         Culture=neutral, PublicKeyToken=b77a5c561934e089"/>         
      <section name="sessionState" 
         type="System.Web.SessionState.SessionStateSectionHandler, 
         System.Web, Version=1.0.3300.0, Culture=neutral, 
         PublicKeyToken=b03f5f7f11d50a3a" 
         allowDefinition="MachineToApplication"/>
   </configSections>

   <appSettings>
      <add key="dsn" value="localhost;uid=MyUserName;pwd=;"/>
      <add key="msmqserver" value="server\myqueue"/>
   </appSettings>
   
   <sessionState cookieless="true" timeout="10"/>
</configuration>

You need to declare a configuration section handler only once. You can place it in the server's root Machine.config file or in a Web.config file in the virtual directory containing the Web application files. Configuration files in subdirectories automatically inherit configuration handlers declared in parent directories. For more information, see Configuration Inheritance.

Configuration settings are often nested together under section grouping tags. These top-level section tags typically represent the namespace to which the configuration settings apply. For example, the top-level <system.net> tag represents the settings for network classes, and the <system.web> tag represents the settings for the ASP.NET classes.

The following example shows tag nesting.

<configuration>
   <configSections>
      <sectionGroup name="system.net">
         <section name="authenticationModules"
            type="System.Net.Configuration.NetAuthenticationModuleHandler, 
            System, Version=1.0.3300.0, Culture=neutral, 
            PublicKeyToken=b77a5c561934e089"/>                               
         <section name="webRequestModules" 
            type="System.Net.Configuration.WebRequestModuleHandler, 
            System, Version=1.0.3300.0, Culture=neutral,
            PublicKeyToken=b77a5c561934e089"/>
       </sectionGroup>

       <sectionGroup name="system.web">
          <section name="authorization" 
             type="System.Web.Configuration.AuthorizationConfigHandler, 
             System.Web, Version=1.0.3300.0, Culture=neutral, 
             PublicKeyToken=b03f5f7f11d50a3a"/>            
          <section name="sessionState" 
             type="System.Web.SessionState.SessionStateSectionHandler,
             System.Web, Version=1.0.3300.0, Culture=neutral,
             PublicKeyToken=b03f5f7f11d50a3a"
             allowDefinition="MachineToApplication"/>        
       </sectionGroup>
    </configSections>

   <system.net>
      <! — Net Class Settings would go here. -->
   </system.net>
   <system.web>
        <authorization>
            <allow users="*"/> <!-- Allow all users -->
            <!-- Allow or deny specific users.
            allow users="[comma separated list of users]"
                  roles="[comma separated list of roles]"/>
            <deny users="[comma separated list of users]"
                  roles="[comma separated list of roles]"/>
            -->
        </authorization>
        <sessionState 
            sqlConnectionString="data source=localhost;
               Integrated Security=SSPI;
               Initial Catalog=northwind"
            cookieless="false" 
            timeout="10"/>
   </system.web>
</configuration>

The ASP.NET configuration infrastructure makes no assumptions about the types of configuration data that the infrastructure supports. Configuration section handler classes process all Web.config data. You can use the predefined configuration section handlers that are supplied with the .NET Framework or you can create your own handlers to process your own custom configuration data.

For information about creating custom configuration types, see Creating New Configuration Sections.

See Also

ASP.NET Configuration | Configuring Applications | Creating New Configuration Sections