Most used web.config settings
1. <authentication> -
<system.web>
<authentication mode="Windows" />
</system.web>
<system.web>
<authentication mode="Forms" />
</system.web>
<system.web>
<authentication mode="Passport" />
</system.web>
The code above shows the type of authentication you are going to use for your site. Windows will be windows authentication, which is used normally within an intranet. Forms is used for setting up a traditional website and passport is set up by Microsoft
2. <authorization> - Authorization refers to the permissions granted to a user. The webconfig refers to them as roles. The web.config takes a number of deny and allow tags within the authorization. You could for instance have a role of admin. You could then have specific files only allowed for those that are in the admin role.
<!-- SET UP AUTHORIZATION USING LOCATION TAG -->
<location path="AdminSites">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
The code above uses a location tag. The location tag will clearify the directory we are setting up. The directory "AdminSites" is only available to those that are in the admin role and denied to all other members.
3. <customErrors>
<customErrors defaultRedirect="ErrorPage.aspx" mode="On">
<error statusCode="500" redirect="servererror.aspx" />
<error statusCode="404" redirect="filenotfound.aspx" />
<error statusCode="403" redirect="AccessDenied.aspx" />
</customErrors>
When you encounter and error on a page you typically will receive a page that lists the error and a trace of the methods that were run right up until the error. If you use the customError configuration you will be able to direct the client to a page that will give a better presentation other than an error screen. You use the defaultRedirect attribut to be the default error page. Within the customError element you can add other errror pages for specific errors the client may encounter.
4. <pages> - The page element list page specific properties. Using the pages element will eliminate the use of changing elements within the page directive of your application. Below is an extensive list of the attributes used within the page element
<pages
buffer="[True|False]"
enableEventValidation="[True|False]"
enableSessionState="[True|False|ReadOnly]"
enableViewState="[True|False]"
enableViewStateMac="[True|False]"
smartNavigation="[True|False]"
autoEventWireup="[True|False]"
pageBaseType="typename, assembly"
userControlBaseType="typename"
validateRequest="[True|False]"
masterPageFile="file path"
theme="string"
styleSheetTheme="string"
maxPageStateFieldLength="number"
compilationMode="[Always|Auto|Never]"
pageParserFilterType="string"
viewStateEncryptionMode="[Always|Auto|Never]"
maintainScrollPositionOnPostBack="[True|False]"
asyncTimeout="number"
>
5. <sessionState> - The attributes that are connected with the sessionState element are - mode, cookieless, timeout, stateConnectionString, sqlConnectionString and stateNetworkTimeout.
<configuration>
<system.web>
<sessionState mode="InProc"
cookieless="true"
timeout="20"/>
</sessionState>
</system.web>
</configuration>
6. <appSettings>
<configuration>
<appSettings>
<add key="Application Name" value="MyApplication" />
</appSettings>
</configuration>
The appSettings element allows you to put data into the web.config so you do not have to have the code in multiple places within the application. Your application will simply call the appSettings element and get the data that it needs. The appSettings element is a key/value pair, it supports a sub-element called add.