Learn the behind the scenes work of the Web.config file. The Web.config file is an xml file that stores several server settings to process a request. It can be used to store machine-wide variables, direct requested extensions to use specific handlers, page security, etc.

If you open a new Web Application in Visual Studio 2008, you will notice Visual Studio automatically creates a Web.config file for you. This file can be one of several Web.config files on your machine. Others can be located in the .NET framework library, server root, and even subdirectories. All parent Web.config file settings will be inherited by child Web.config files. All child Web.config files can overwrite the settings listed in their parent Web.config files unless you specify the setting to not be overwritten. The Web.config file in your current working directory will have the most dominate settings.

All settings are inside of xml tags. The Web.config file is an xml file which must be declared at the top of the document. Below is an example of that.

As you can see in the example above, I’ve included the 2 most common child nodes of the tag. The child and the child. Like their names indicate, the tag contains elements that more server specific such as security, custom error pages, etc. The tag holds more of the information that can be used on actual applications such as sql connection strings.

There are 2 different types of security – Authentication and Authorization. Authentication specifies the type of authentication used thorough the application such as Windows, Forms, Passport mode or None if no authentication is necessary. Authorization specifies which users can access which pages. An example of each type is listed below:

Another common setting to change in your Web.config file for your web site is custom error pages. Default server error pages are usually plain, basic, and aren’t modeled after your template or contain possible suggestions for what page you were trying to access. By using the tag you can set each error to use a specific page.

An example is below:

Now that we’ve covered the most common child nodes of , we can move on to .

Due to the extra security on Web.config files, important variable strings can be stored to avoid accidental exposure. It isn’t uncommon for the debug variable to be set to true and errors allow unwanted eyes to see confidential information. A common example of this would be a database connection string. By using the tags you can store name/value pairs to be accessed by your application.

This is an example of how to store a database connection string.

This is an example of the code you’d use to access the stored name/value pairs in the Web.config file.