aspxtreme
Home   Getting Started   Web Forms   Web Applications   ADO.NET   ASP/ADO   Back to Basics
 The #1 ASP/ASP.NET Developer Community   Home

Locking Configuration Settings

ASP.NET Web Applications   ASP.NET Configuration   Hierarchical Configuration Architecture

By default, configuration files located in child directories override and extend all configuration settings defined in parent configuration files.

In certain cases, though, administrators may need to lock or make specific configuration settings unchangeable to prevent modification. For example, an administrator may want to lock the sandbox security settings for hosted applications to reduce the risk of malicious attacks on the system.

To lock an entire configuration section:

  1. Declare a <location> directive having an allowOverride attribute set to false. 
    <location ... allowOverride = "false">
  2. Within the <location> element, define the configuration section you need to lock. 
    <location ... allowOverride = "false">
   <system.web>
      ... section to lock ...
   </system.web>
</location>

ASP.NET will throw an exception if a lower-level configuration file attempts to override any configuration section that is defined within this locked <location> element.

The following configuration file example ( which could be stored at either the main system level or at the applcation level ) locks the application identity of two different ASP.NET applications ( application1 and application2 ) and configures the applications to run only under specific accounts. 

<configuration>
   <location path = "application1" allowOverride = "false">
      <system.web>
         <identity impersonate = "true" userName = "application1" 
            password = "pwd1" />
      </system.web>
   </location>
  
   <location path = "application2" allowOverride = "false">
      <system.web>
         <identity impersonate = "true" userName = "application2"
            password = "pwd2" />
      </system.web>
   </location>
</configuration>

Any attempt to override the configuration settings in the previous example using the configuration settings in the following example would generate a configuration system error. 

<configuration>
   <system.web>
      <identity userName = "MyName" password = "MyPwd" />
   </system.web>
</configuration>

ASP.NET also includes other <location> attributes that may be used to lock individual configuration elements, such as lockItem, lockAttributes, lockElements, and so on. For more information, see Shared Configuration Attributes.

See Also

ASP.NET Configuration Sections   Configuration Inheritance   Configuration <location> Settings



Books and more ...


Suggested Reading

Need a break ?


Previous page Back to top Next page

Check out related books at Amazon

© 2000-2008 Rey Nuñez All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note

You can help support aspxtreme