SHREE SWAMI VIVEKANAND COLLEGE

SURENDRANAGAR
CLASS:- BCA/BSCIT SEMESTER -5
SUBJECT:- Asp.net
Prepared By:- Bhartiba parmar
 Chapter-5
Web application and configuration
• Contents
Overview Of Asp.net Configuration
Configuration Files
Common configuration
Tracing
Custom Error
Authentication & Authorization
Overview Of Asp.net Configuration
 Asp.net configuration is done in Xml file format because xml is platform independent
 Asp.net allows you to define configuration setting at the time of creating your web application for
the first time.
 Some benefit of xml based configuration files are as follow.
• It is xml based it store and retrieved easily in any platform, hardware, os etc…
• Most imp not restart web server when change in configuration.
• It automatically update web application
• It is on xml base so open simple editor
• Configuratiuon done at many level
• Configure IIS to configure all web application within a machine
• Configure asp.net web application and all its web pages under it
• Configure individual web page of asp.net web application to provide some special security.
Configuration files
 Configuration file are the most important to consider if you want to configure your web site.
 Configuration files help you to apply setting at different levels for your web page
 The configuration web site you need to configure those file using the any of following way
• Using text editors
• Using ISM(internet services manager)which provide MMC(Microsoft manager console)
• Using web site administration tool it also called WAT(website administration tool)
 There are two types of configuration files which are used to configure either all web application
store in your machine
• Machine.config
• Web.config
Machine.config
This file as name shows is used to configure entire machine
All your web application store in your machine
This file is also known as server configuration file as it works like configuration all web
application of particular machine
Every machine which has asp.net installed has one machine.config file.
Web.Config
Each and every web application has its own web.config file which can configure current
web application or a particular web page of your web application.
It is central location for storing the information to be accessed by web pages.
The XML based web.config file is used to specify the application wide settings for your
entire application.
There can be multiple config files in your application.
Web.config file does not have any visual representation.
The root elements of web.config is <congiguration>
Web.config file contains application wide data like custom setting and error
messages,database connection string etc.
Element of file configuration :-
 <configuration> section consists of many other sub element which are as follow
 <configsection>: this allows you to configure different sections of web application like java script, web
services, resources, etc….
 <appsettiungs>: this allows you to add application related variable or settings
 <connectionstrings>: this allows you to create connection string variable which can be used in any web
forms of your web application
 <system.web> : this is probably important element used to configure your web application
 <system.codedom>: this section store complier specific information used for your web application
under<compilers> elements .
 <system.webserver>: this section store information and configuration settings for web server which will be
used for your running your web application
 <runtime>: this section is used to specify some run time setting for your web application
Common configuration
 Tracing web sites
Tracing allows you to check for any types of bugs that your web application may have
 Customizing errors
While using web site sometimes different errors occur.By customizing errors you can redirected your error to specific page
which can display error but in your design specific way
 Authentication and authorization
This is probably most used setting for any type of web site.Authentication user are requirement for most of the web site .To
allow when any unauthorized user visit your web site should not able to harm your information it done with help of both
combination
 Enabling role manager
Enabling role manager is a feature which is used along with authentication and authorization
 Session configuration
You can configure session related setting under this.Under this you can specify setting for session like timeout period, session
mode, and cookie based session or cookie less session etc…
 Trust levels
There can be many different types of web site user . Web master, web developer, administrator, etc… who will have access to
manly those pages which page these are informative.So different types of levels can be define by some specific user
 Web service configuration
Web services also be configure . You can configure web service to lock some resource from being accessed by some user
 Caching
Caching in short means keeping your output in to cache so access in faster way .Asp.net allows you to catch output
depending on requirement
Tracing
 To trace means to monitor
 It monitor how your web application run , when your run web site Sometimes you cannot catch from where
the problem begins so need to trace your web site with help of tracing
 Tracing is important to test your web site in order to give perfect output as per requirement which fulfill
need.
 You can enabled tracing in two levels.
• Page Leve Tracing
• Application Level Tracing

1. Page Leve Tracing

We can control whether tracing is enabled or disabled for an Asp.Net page with the Trace attribute of the
@ Page directive.

<%@ Page Trace="true" %>

<%@ Page Language=“C#" Trace="true" AutoEventWireup="false" CodeFile="Default.aspx.cs"
Inherits="_Default" %>
2. Application Level Tracing

When we enable application level tracing, trace information is gathered and processed for each page in
that application. We can enable application level tracing by using the trace element in the Web.config file.

<configuration>
<system.web>
<trace enabled="true" pageOutput="true" requestLimit="50"
localOnly="false" mostRecent="true"traceMode="SortByTime" />
</system.web>
</configuration>

By default, application level tracing can be viewed only on the local Web server computer.
Custom Error
When a run-time or design-time error occurs in an application, ASP.NET shows a default Yellowish-Red error
page that gives a brief description of the error along with some status code. If this page is viewed by the
developer, then he can analyse the actual reason by its status code, but if a user or anyone other than the
developer is viewing this error page, they won't get the actual idea of why this error is coming. So to provide a
friendly error message page we need to set custom error in web.config.

ome of the basic common errors with status codes are:

Error Code Description

Bad Request The request cannot be fulfilled due to bad
400
syntax
Forbidden The request was a legal request, but the
403
server is refusing to respond to it
404 Not Found Page Not Found
Method not allowed A request was made of a page using
405
a request method not supported by that page
408 Timeout server time out
To set a custom use the following procedure:

1. Go to web.config and add a tag called custom error like the following code snippet:
1. <customErrors mode="On">
2. <error statusCode="404" redirect="error.aspx"/>
3.</customErrors>

2. Create an error.aspx page and provide a user-friendly message there. The code is shown in the following image:

Now when we request the same page, instead of giving the deferror page it will provide our "error.aspx" page.
When we are using custom error mode we have the
following 3 options:

•OFF: ASP.NET uses its default error page for both local
and remote users in case of an error.

•ON: Custom error will be enabled for both local as well as

remote client.

•REMOTE ONLY: The custom error page will be shown

to a remote user only, the local user will get the built-
in error page.
Authentication
Authentication is a process in which user identity is checked.To determine the identity of user it username and
password are used to verify.When the user run application first identity of user is checked.The application web.config
file contain all of the configuration setting for an asp.net

Types of Authentication
None (no Authentication) :-
This types of Authentication is set when you do not want to go for any types of Authentication process o If you specify
no Authentication asp.net will not go for any type of security for your web application
Forms Authentication :-
THIS Authentication is mostly used while developing web application.Most important this methods is used while we
develop any financial web application.
Windows Authentication:-
Windows Authentication mode is the default Authentication mode.If you set Authentication mode to window a user
is Authentication on the basic of his or her window account .When you go for window Authentication it takes setting
directly from IIS .
Passport Authentication
Passport Authentication is directly concerned with Microsoft services .This method used centralized Authentication
services directly through passport Authentication develop by Microsoft.In this Microsoft check user’s name and
password by passport Authentication
Authorization
It is the process of allowing an authenticated users to access the resources by checking whether the user has
access rights to the system. Authorization helps you to control access rights by granting or denying specific
permissions to an authenticated user.
Types of Authorization
• URL authorization
URL authorization maps users and roles to URLs in ASP.NET applications
• File authorization
File authorization validate the ACL (access control list) of the .aspx or .asmx handler file to determine
whether a user should have access to the file.
• Customized Authorization
You can also customize your Authorization