aspnet2securityfaq0069 | Channel 9

Sign In

Subscribe

Return to
HomePage
ASPNET2SecurityFAQs

Question: How do I lock configuration settings?

Answer:

To lock the configuration settings for all the Web applications on a Web server to prevent an individual application from overriding them, place the configuration settings inside a <system.web> element nested within a <location> element in the machine-level Web.config file, and then set the allowOverride attribute to false.
The following example enforces the use of Windows authentication for all Web applications on the server.

		 <location allowOverride="false">
		  <system.web>
		    <authentication mode="Windows"/>
		  </system.web>
		 </location>

If you need to apply and lock settings for a specific Web application, use the path attribute on the <location> element to identify the Web application as shown here.

		 <location path="Default Web Site/VDirName">
		  <system.web>
		    <authentication mode="Windows"/>
		    <identity impersonate="false"/>
		  </system.web>
		 </location>

If you specify the path, it must be fully qualified and include the Web site name and virtual directory name.
Important: If it is critical that there are no cross-application breaches, then it better to configure the web.config file in the /VDirName for locking the configuration instead of using path attribute to lock the specific web application.

Return to
HomePage
ASPNET2SecurityFAQs

- History
  
  Modified By: System
  
  Apr 30th, 2008 @ 11:11 AM
  
  Views (90)
- Share
  - Del.icio.us
  - Digg
  - FriendFeed
  - Facebook
Markup Quick Guide

*bold*

_italics_

+underline+

! Heading 1

!! Heading 2

* Bullet List

** Bullet List 2

# Number List

## Number List 2

[another wiki page]

[url:http://www.example.com]

[image:example.gif]

{"Do not apply formatting"}

ASP.NET: ASP.NET 4.0 ScriptManager Improvements
WindowsClient: XAML Toolkit CTP = FxCopXaml + XamlDom + System.Xaml.dll support for Silverlight XAML
Channel 9: Fishbowl for Facebook
WindowsClient: Free Embeddable Fonts for your WPF Applications
ASP.NET: Program Manager Position on the ASP.NET PM team
Channel 10: Microsoft Teams Up with Nielsen
Channel 10: What Azure Looks Like
ASP.NET: Orchard team looking for a new developer
Channel 10: Student Discount on Office 2008 for Mac Now Available
WindowsClient: Surface SDK 1.0 SP1 supports XNA Game Studio 3.0 and later
WindowsClient: TestAPI 0.4 Released
Channel 9: Using the SharePoint Business Data Connectivity Designer in VS 2010
Channel 9: 10-4 Episode 36: Windows Server AppFabric and Workflow Services Lab
WindowsClient: New WPF Features: DatePicker\Calendar\VSM\Datagrid
Channel 9: Corrinne Yu: Principal Engine Architect, Halo Team Microsoft
TechNet Edge: IT Pro Momentum y Evidencias
Channel 10: Xbox Goes Social with Facebook, Twitter, and Zune Integration
ASP.NET: Enabling the ASP.NET Ajax script loader for your own scripts
ASP.NET: Building High Performance Web Applications
WindowsClient: RIA Services: A DomainService IS A WCF Service – Add Service Reference
close

Microsoft Communities