security configuration
Transcript of security configuration
By-Teach4u.in
Content1. Web.config2. Why Applications?3. IIS
1. Role in handing a request4. .NET
1. Applications2. Application Object 3. Global.asax
5. Configuration files1. Machine.config2. Web.Config
What is Web.Config File? Configuration file is used to manage various
settings that define a website. The settings are stored in XML files that are separate from your application code. In this way you can configure settings independently from your code. Generally a website contains aingle Web.config file stored inside the application root directory. However there can be many configuration files that manage settings at various levels within an application.
Why Applications?Dark ages (pre-2003)
Server crashes not unusual Single failure bring down whole system
Worse yet: Memory leaks
Cause IIS hang Stop serving pages
Required manual intervention(reboot)
Why ApplicationsToday (Windows Server 2003 & later)
Applications still crash Applications are compartmentalized OS handles gracefully
System rarely affectedOS monitors application health
Recycles unhealthy processesResult: system stable & reliable
IIS Overview
IIS ApplicationsFolders may be configured as “Applications”
IIS configuration interfaceEach application is assigned to an Application Pool
Each application pool has a unique Windows processSpecify error handling, timeouts, etc. for each
application
Benefit:Compartmentalize applicationsReduces dependencies
Improves reliabilityAllows application specific settings
Error handling, log files, filters, headers, timeouts… 100’s of settings
Applications SettingsConfiguration settings:
Web.config Application level settings Located in root folder
Machine.config Settings common to all applications
Application event handlersGlobal.asax file
Located in root folder
ASP.NET Configuration.config files
Hierarchical configurationSimilar to CSS
Inheritance Child has precedence over parent
Machine.configRarely need to modify
Web.ConfigXML file
Case sensitiveCamel casing
Configure:Application settingsError handlingTimeoutsSessions…etc. etc.Authenticationdocumentation
Security .config files not served
Global.asaxHandles application & session events
15+ events Application_startApplication_errorSession_start
Located in root folder of applicationTriggered each page requestOptional
Global.asaxExample:
Create new application on serverweb.config: sourceglobal.asax: sourceTestPage.aspx: source, output
SummaryConfiguration Objectives:
Flexibility Security Reliability Convenience
IIS Handles requests
Application Application object Events: global.asax
Configuration Machine.config Web.config