web.config: 3 things you can do with it (2024)

Table of Contents
What is the purpose of a web.config file? Why web.config? Do I need a web.config file in my project? 1. Configure file upload size 2. Configure redirect settings 3. Custom error pages What are some disadvantages of using this file? Conclusion

This is a quick introduction to the web.config file. I will also cover the top 3 things you can set up in this file.

web.config: 3 things you can do with it (2)

What is the purpose of a web.config file?

The web.config is a file that is read by Internet Information Services (IIS) and the ASP.NET Core Module to configure various settings and behaviors of an application hosted with IIS.

Why web.config?

Most of the configuration settings you can customise in the web.config file can also be configured in the appsettings.json files, so why would you want to use this file instead? There are many benefits to using the web.config file to configure settings for your application.

  • The web.config file is written in XML, which makes it readable and easy to understand.
  • The application logic is separated from the configuration logic.
  • You can create a set of hierarchal configurations for different parts of your application. By placing a web.config file in different sub-directories, you can have specialized sets of rules for different sections of your application.
  • You need to have the web.config file in your application hosted on IIS anyway, so why not use that file for configuration settings?

Do I need a web.config file in my project?

The web.config file must be present in the deployment at all times, correctly named, and able to configure the site for normal start up.

This is because sensitive files exist on the app’s physical path and if the web.config file is missing or named incorrectly, IIS may serve these files to the client. If the web.config file is present, IIS will not serve these sensitive files if they are requested.

NB: You must never remove the web.config file from a production deployment.

1. Configure file upload size

You can adjust the maximum file upload size for your ASP .Net project in the web.config file. By default, the maximum upload size is 30mb (or 31 457 280 bytes) for each upload.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
 <security>
 <requestFiltering>
 <!-- This will handle requests up to 50MB -->
 <requestLimits maxAllowedContentLength="52428800" />
 </requestFiltering>
 </security>
 </system.webServer>
</configuration>

Setting the maxAllowedContentLength to 52428800 Bytes will increase the maximum allowed file upload size from 30MB to 50MB.

Additionaly, we set the the maximum allowed size of any request body in bytes with MaxRequestBodySize in the IISServerOptions class inside the Program.cs file to allow the increased file upload size.

services.Configure<IISServerOptions>(options =>
{
 //maximum allowed files of 50mb in bytes
 options.MaxRequestBodySize = 50 * 1024 * 1024;
});

Finally, go into your server using the IIS Manager GUI and see that the Maximum allowed content length value in the request filtering settings for the domain is set from 36700160 bytes to 52428800 bytes.

web.config: 3 things you can do with it (3)
web.config: 3 things you can do with it (4)
web.config: 3 things you can do with it (5)

The default ASP.NET Core application template doesn’t create the web.config file and it is only automatically created when you publish the application. However, you can add it manually to the root of the application.

2. Configure redirect settings

You can configure HTTP modules and handlers in the web.config file. Modules and handlers can be used to intercept and process incoming requests to your application so you can use it for tasks such as URL rewriting, authentication, or custom request processing.

The example below shows how you can rewrite the URL of an incoming request to redirect HTTP (non-secure) traffic to HTTPS (secure).

<rule name="RedirectToHTTPS" stopProcessing="true">
 <match url="(.*)" />
 <conditions>
 <add input="{HTTPS}" pattern="off" ignoreCase="true" />
 </conditions>
 <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
</rule>
  • The rule tag defines a rule named “RedirectToHTTPS” to redirect traffic to HTTPS.
  • <match url="(.*)" /> defines a URL pattern to be matched.
  • input=”{HTTPS}” this line checks the value of the {HTTPS} server variable. The pattern checks if the value input received is “on” or “off” for the pattern defined in the input.
  • <action type=”Redirect” url=”https://{SERVER_NAME}/{R:1}" redirectType=”Permanent” /> defines what should happen if the server variable is found to be HTTP. The action here is a redirect to the HTTPS version of the same URL.

Having access to redirect traffic is very important because as you can see in the example above, you can ensure that the client visits your site using a secure connection and that any sensitive information is transmitted securely. There are so many more behaviours you can customise from the web.config file.

3. Custom error pages

<configuration>
 <system.web>
 <customErrors mode="On" defaultRedirect="apperror.cshtml">
 <error statusCode="404" redirect="404.cshtml" />
 <error statusCode="500" redirect="500.cshtml" />
 </customErrors>
 </system.web>
</configuration>

The defaultRedirect attribute specifies the default page the user will be redirected to in the instance of an unhandled error. For any unhandled exceptions, the user will be redirected to the “apperror.cshtml” page.

You can then specify pages for the instances when you want to take users to specific pages when an error occurs using the <error> tag and the redirect attribute.

  • An error with a statusCode of 404 (Not Found) will redirect the user to the “404.cshtml” page.
  • An error with a statusCode of 500 (Internal Server Error) error will redirect the user to the “500.cshtml” page.

You can customise even more settings from this file, including:

  • Database connection strings
  • Security settings
  • Caching settings

What are some disadvantages of using this file?

The web.config file is pushed along with the rest of your code to the repository so you should never store sensitive information in your code.

You don’t want to include API Keys and connection strings especially in the production environment. Although it is possible to configure these values directly in the web.config file you will not want to store any secret values in this file. Here are some techniques you can use to define sensitive values in an external file and calling them into the configuration files that will be pushed to your repository.

Conclusion

The web.config file provides us with a powerful set of configuration possibilities that can set up centrally and flexibly. We are able to control various aspects of the behaviour of our application, but we also have to be careful not to leave sensitive information in this file as it can be accessed from your application’s repository.

Thank you for taking the time to read this article and I hope it helped you!

web.config: 3 things you can do with it (2024)
Top Articles
What is the difference between Staking and Earn? | FAQ | Coinmerce
Compare FHSAs, TFSAs and RRSPs
Tyson Employee Paperless
Unity Stuck Reload Script Assemblies
Practical Magic 123Movies
The Daily News Leader from Staunton, Virginia
Ds Cuts Saugus
BULLETIN OF ANIMAL HEALTH AND PRODUCTION IN AFRICA
Farmers Branch Isd Calendar
Stolen Touches Neva Altaj Read Online Free
Bed Bath And Body Works Hiring
Paketshops | PAKET.net
Valentina Gonzalez Leaked Videos And Images - EroThots
The Rise of Breckie Hill: How She Became a Social Media Star | Entertainment
Alejos Hut Henderson Tx
Kris Carolla Obituary
Buy PoE 2 Chaos Orbs - Cheap Orbs For Sale | Epiccarry
Minecraft Jar Google Drive
Gino Jennings Live Stream Today
Iu Spring Break 2024
Talbots.dayforce.com
Craigslist Southern Oregon Coast
Energy Healing Conference Utah
Mccain Agportal
Epguides Strange New Worlds
Marine Forecast Sandy Hook To Manasquan Inlet
Bella Bodhi [Model] - Bio, Height, Body Stats, Family, Career and Net Worth 
Craigslist Illinois Springfield
Spiritual Meaning Of Snake Tattoo: Healing And Rebirth!
Marilyn Seipt Obituary
Enduring Word John 15
Delta Math Login With Google
Top Songs On Octane 2022
Vip Lounge Odu
Cavanaugh Photography Coupon Code
Marine Forecast Sandy Hook To Manasquan Inlet
42 Manufacturing jobs in Grayling
Finland’s Satanic Warmaster’s Werwolf Discusses His Projects
Poe Flameblast
Gregory (Five Nights at Freddy's)
Fool's Paradise Showtimes Near Roxy Stadium 14
Nu Carnival Scenes
Theater X Orange Heights Florida
Nearest Wintrust Bank
Dancing Bear - House Party! ID ? Brunette in hardcore action
Dobratz Hantge Funeral Chapel Obituaries
Lux Funeral New Braunfels
Diamond Spikes Worth Aj
Fishing Hook Memorial Tattoo
Scholar Dollar Nmsu
Equinox Great Neck Class Schedule
Latest Posts
Payment History: How It Affects Your Credit Score - And What NOT To Do
What is ICT Power of 3? for FOREXCOM:XAUUSD by Elijahenoch7
Article information

Author: Terrell Hackett

Last Updated:

Views: 5601

Rating: 4.1 / 5 (52 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Terrell Hackett

Birthday: 1992-03-17

Address: Suite 453 459 Gibson Squares, East Adriane, AK 71925-5692

Phone: +21811810803470

Job: Chief Representative

Hobby: Board games, Rock climbing, Ghost hunting, Origami, Kabaddi, Mushroom hunting, Gaming

Introduction: My name is Terrell Hackett, I am a gleaming, brainy, courageous, helpful, healthy, cooperative, graceful person who loves writing and wants to share my knowledge and understanding with you.