<html>
<head>
<link rel="stylesheet" href="josh.css">
</head>
<body bgcolor="#FFFFFF">
<div id="&lt;configuration&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;configuration&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
	<pre class="literal">
&lt;configuration&gt;
&lt;/configuration&gt;</pre>
	</td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>The root element for all configuration files; it is required.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>All</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;appSettings&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;appSettings&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;appSettings&gt;
&lt;/appSettings&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>The <span class="literal">&lt;appSettings&gt;</span> element can be
          used to configure custom application settings as key/value pairs. These
          settings can later be retrieved at runtime using the AppSettings property
          of the <span class="literal">ConfigurationSettings</span> class, as
          shown in the example. This property is shared (static) and does not
          require the ConfigurationSettings class to be instantiated before accessing
          the property.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        <ul>
          <li><span class="literal">&lt;add&gt;</span> <br>
&nbsp; The pattern to match.</li>
          <li><span class="literal">&lt;remove&gt;</span> <br>
&nbsp; The pattern to match.</li>
          <li><span class="literal">&lt;clear&gt;</span> <br>
&nbsp; The pattern to match.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The following <span class="emphasis">web.config</span> section sets
          an application level key/value pair:</p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;appSettings&gt;
		&lt;add key=&quot;applicationConfigKey&quot; value=&quot;bar&quot;/&gt;
	&lt;/appSettings&gt;
&lt;/configuration&gt;</pre></span>
        </td>
    </tr>
    <tr>
      <td><p>The following ASP.NET page retrieves the value set by the preceding
          code and also retrieves a value set at the machine.config level: </p>
        <span class="programlisting">
<pre>
&lt;%@ Page Language=&quot;VB&quot; %&gt;
&lt;html&gt;
	&lt;head&gt;
		&lt;script runat=&quot;server&quot;&gt;
			Sub Page_Load( )
				Message1.Text &amp;= _
				ConfigurationSettings.AppSettings(&quot;machineConfigKey&quot;)
				Message2.Text &amp;= _
				ConfigurationSettings.AppSettings(&quot;applicationConfigKey&quot;)
			End Sub
		&lt;/script&gt;
	&lt;/head&gt;
&lt;body&gt;
	&lt;asp:label id=&quot;Message1&quot; runat=&quot;server&quot;&gt;
		Machine.Config setting:
	&lt;/asp:label&gt;&lt;br/&gt;
	&lt;asp:label id=&quot;Message2&quot; runat=&quot;server&quot;&gt;
		Web.Config setting:
	&lt;/asp:label&gt;
&lt;/body&gt;
&lt;/html&gt;</pre></span> </td>
    </tr>
     <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>As shown in the example, the <span class="literal">&lt;appSettings&gt;</span> element
          can be used separately from the &lt;system.web&gt; element and its
          children. </p>
        </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>For security reasons, use caution when deciding what kinds of data
          to store using the <span class="literal">&lt;appSettings&gt;</span> element.
          Remember that while the ASP.NET runtime is set up to prevent an application's <span class="emphasis">web.config</span> file
          from being requested or read, this file could still be vulnerable if
          the security of the web server were breached in some other way. Thus,
          you should generally avoid storing sensitive information such as usernames
          and passwords, or connection strings containing usernames and passwords,
          in the <span class="emphasis">web.config</span> file. A better, although
          still moderately vulnerable, alternative is to store this information
          at the machine.config level, since this file is not within the web
          space of the application and is not as vulnerable to compromise through
          attacks on IIS. However, remember that this information will be available
          to any application on the machine. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;system.web&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;system.web&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>

<pre class="literal">
&lt;system.web&gt;
&lt;/system.web&gt;</pre>
    </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Container element for all elements used in <span class="emphasis">web.config</span> files.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>All</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;authentication&gt;</span>, <span class="literal">&lt;authorization&gt;</span>, <span class="literal">&lt;browserCaps&gt;</span>, <span class="literal">&lt;clientTarget&gt;</span>, <span class="literal">&lt;compilation&gt;</span>, <span class="literal">&lt;customErrors&gt;</span>, <span class="literal">&lt;globalization&gt;</span>, <span class="literal">&lt;httpHandlers&gt;</span>, <span class="literal">&lt;httpModules&gt;</span>, <span class="literal">&lt;httpRuntime&gt;</span>, <span class="literal">&lt;identity&gt;</span>, <span class="literal">&lt;iisFilter&gt;</span>, <span class="literal">&lt;machineKey&gt;</span>, <span class="literal">&lt;pages&gt;</span>,  <span class="literal">&lt;processModel&gt;</span>, <span class="literal">&lt;securityPolicy&gt;</span>, <span class="literal">&lt;sessionState&gt;</span>, <span class="literal">&lt;trace&gt;</span>, <span class="literal">&lt;trust&gt;</span>, <span class="literal">&lt;webServices&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>This element is required in order to use any of its child elements.</p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;authentication&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;authentication&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;authentication&gt;
&lt;/authentication&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Provides attributes and contains child elements used to configure
          authentication options in ASP.NET.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul><li> <span class="literal">Mode</span> <br><br>
&nbsp; Determines the type of authentication that will be used by ASP.NET. Valid
values are: </li><br>

       <ul><li><span class="literal">Windows</span>(default) <br>
&nbsp; Uses credentials provided by IIS authentication methods (Basic, Digest,
Integrated Windows Authentication, or Certificates) to authenticate user requests.
Requests can then be permitted or denied based on settings contained within the <span class="literal">&lt;authorization&gt;</span> element,
using the authenticated username (or an associated group/role name) to allow
or deny the request. This is the default authentication mode defined in <span class="emphasis">machine.config</span>. </li>
          <li><span class="literal">Forms</span> <br>
&nbsp; Provides an infrastructure for performing custom authentication in situations
when Windows authentication is not possible. When Forms authentication is enabled,
users who have not logged in are automatically redirected to a login URL provided
as an attribute of the <span class="literal">&lt;forms&gt;</span> element. Once
logged in, a cookie is sent as an authentication token. Users can be authenticated
against any credentials database the developer chooses -- from Active Directory
to a custom credentials database. This mode requires the inclusion of the <span class="literal">&lt;forms&gt;</span> child
element.</li>
          <li><span class="literal">Passport</span> <br>
&nbsp; Takes advantage of Microsoft's Passport authentication service. This mode
requires inclusion of the <span class="literal">&lt;passport&gt;</span> child
element. </li>
          <li><span class="literal">None</span> <br>
&nbsp; Specifies that no authentication be performed at the ASP.NET level. Requests
can still be authenticated at the IIS level using one of the IIS authentication
modes in combination with NTFS access control lists (ACLs).</li>
        </ul>
		</ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;forms&gt;</span>, <span class="literal">&lt;passport&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example configures the pages within the scope of the configuration
          file to use ASP.NET forms-based authentication: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;authentication mode=&quot;Forms&quot;&gt;
			&lt;forms name=&quot;myAuthCookie&quot; loginUrl=&quot;login.aspx&quot;
			protection=&quot;All&quot; timeout=&quot;30&quot;path=&quot;/&quot; /&gt;
		&lt;/authentication&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span> </td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The <span class="literal">&lt;location&gt;</span> element can be used
          to configure authentication at the machine level, if desired, and its <span class="literal">allowOverride</span> attribute
          can be used to prevent overriding these settings in individual applications. </p>
        </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>Authentication can be a fairly involved topic. For more information
          on the various ASP.NET authentication methods and how they relate to
          IIS authentication, please see Chapter 9. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;forms&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;forms&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage">
<pre class="literal">
&lt;forms
	 loginUrl=String
	 name=String
	 path=String protection=&quot;All|None|Encryption|Validation&quot;
	 timeout=Integer&gt;
&lt;/forms&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Provides attributes and one child element <span class="literal">(&lt;credentials&gt;)</span> to
          configure ASP.NET to use forms-based authentication.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">name</span> <br>
&nbsp; Specifies the name of the authentication cookie. If this attribute is
omitted, the value defaults to <span class="literal">.ASPXAUTH</span>. When running
multiple applications that use forms-based authentication on the same server,
it's usually a good idea to give each application its own authentication cookie
name -- to minimize the risk of authenticated users from one application being
treated as authenticated in others.</li>
          <li><span class="literal">loginUrl</span> <br>
&nbsp; Specifies the redirect URL for users who do not have a valid authentication
cookie. If a user with no authentication cookie requests a page in the application,
they will be redirected to this URL to log in. The login page can then redirect
the user back to the originally requested page. If this attribute is omitted,
the value defaults to login.aspx. </li>
          <li><span class="literal">protection</span> <br>
&nbsp; Specifies the type of protection used to prevent the authentication cookie
from being modified during transit.Valid values are:</li>
          <ul><li><span class="literal">All</span> <br>
&nbsp; Cookies are both encrypted (using triple DES encryption, if available)
and subjected to data validation. Data validation is performed based on the settings
of the <span class="literal">machineKey</span> element. <span class="literal">All</span> is
the default value and is the recommended setting for securing the authentication
cookie.</li>
          <li><span class="literal">Encryption</span> <br>
&nbsp; Cookies are only encrypted. This reduces overhead associated with cookie
protection, but may leave cookies vulnerable to plain-text attacks.</li>
          <li><span class="literal">None</span> <br>
&nbsp; Neither encryption nor validation is enabled for cookie protection. This
reduces overhead when using forms-based authentication, but provides no protection
of the authentication cookie. This attribute is not recommended.</li>
          <li><span class="literal">Validation</span> <br>
&nbsp; A validation key is concatenated with cookie data. This key is checked
to ensure that cookie data has not been altered in transit.</li></ul>
          <li><span class="literal">timeout</span> <br>
&nbsp; Specifies the amount of time, in minutes, before the authentication cookie
expires. This is a sliding value, which is reset when a request is received after
more than half of the timeout period has elapsed. Note that this attribute does
not apply to persistent cookies. The default value is 30. </li>
          <li><span class="literal">path</span> <br>
&nbsp; Specifies the path for the authentication cookie. Because many browsers
treat the path in a case-sensitive manner, the default is set to the backslash
(\) character.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;credentials&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>See the example for the <span class="literal">&lt;authentication&gt;</span> element. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Forms-based authentication is only effective when used in conjunction
          with the <span class="literal">&lt;authorization&gt;</span> element
          to deny anonymous users access to pages within the application. </p>
        </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>It's a good idea to use SSL encryption to protect the forms authentication
          credentials and cookie to prevent the possibility of these credentials
          being hijacked. If you can't (or don't want to) use SSL, you should
          at least reduce the default timeout value to lessen the likelihood
          of someone capturing and impersonating the authentication cookie. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;credentials&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;credentials&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;credentials
		passwordFormat=&quot;Clear|SHA1|MD5&quot;&gt;
&lt;/credentials&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Allows you to store one or more sets of credentials in the application
          (or machine) configuration file for later use in authenticating requests.
          The child &lt;user&gt; element is used to store the actual credentials.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">passwordFormat</span> <br>
&nbsp; Specifies the format in which passwords will be stored (and compared).
Valid options are Clear, SHA1, and MD5. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;user&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example shows the &lt;credentials&gt; element, which is used to
          store two user accounts to authenticate against: </p>
        <span class="programlisting">
        <pre>
&lt;credentials passwordFormat = &quot;SHA1&quot;&gt;
	&lt;user  name=&quot;foo&quot; password=&quot;794ED3D18464BAFF93F8DED1CFD00D9A2D9FE316&quot;/&gt;
	&lt;user  name=&quot;bar&quot; password=&quot;B7CDD2A2B0F05E6948E5CEED22FA9A38EB28DEC8&quot;/&gt;
&lt;/credentials&gt;</pre></span></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Once you've stored the credentials, you can authenticate against them
          by calling the static (shared) Authenticate method of the <span class="literal">FormsAuthentication</span> helper
          class. You can use the static (shared) HashPasswordForStoringInConfigFile
          method of FormsAuthentication to create an MD5 or SHA1 hash of the
          password for storing in the <span class="literal">&lt;user&gt;</span> element.
          When using the <span class="literal">&lt;credentials&gt;</span> element
          to store credentials, you should always hash passwords, since storing
          them in readable text presents a potential security risk. Although
          theoretically, no one should be able to read the configuration file,
          a server misconfiguration or security vulnerability could conceivably
          expose this file. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;user&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;user&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><p class="literal">&lt;user&gt;</p>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Store the username and password for each user defined in the <span class="literal">&lt;credentials&gt;</span> element. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">name</span> <br>
&nbsp; The username to be authenticated against.</li>
          <li><span class="literal">password</span> <br>
&nbsp; The password to be authenticated against.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>See the example for the &lt;credentials&gt; element. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>You should always use the HashPasswordForStoringInConfigFile method
          to hash passwords stored in the password attribute. A utility page
          that creates SHA1 or MD5 hashes of plain text passwords is provided
          in the examples for Chapter 9. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;passport&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;passport&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><p class="literal">&lt;passport redirectUrl=Url
          /&gt; </p>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>This optional element configures an internal URL to which unauthenticated
          requests will be redirected when using Microsoft's Passport authentication
          provider. This element should be used only when the <span class="literal">&lt;authentication&gt;</span> element's <span class="literal">mode</span> attribute
          is set to <span class="literal">Passport</span>. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">redirectUrl</span> <br>
&nbsp; A URL in the application to which requests lacking a Passport authentication
token are redirected.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example shows a <span class="emphasis">web.config</span> file
          that configures an application for Passport authentication: </p>
        <span class="programlisting">
		<pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;authentication mode=&quot;Passport&quot;&gt;
			&lt;passport redirectUrl=&quot;Login.aspx&quot;/&gt;
		&lt;/authentication&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>For more information on configuring Passport authentication, see the
          Passport SDK documentation, which is available from http://www.passport.com. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;authorization&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;authorization&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Provides two child elements, <span class="literal">&lt;allow&gt;</span> and &lt;deny&gt;,
          that allow you to configure the users, roles, or HTTP verbs that can
          be used to access application resources. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;allow&gt;</span>, <span class="literal">&lt;deny&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example allows users Mary and John to access application resources
          using any HTTP verb, while denying POST access to nonauthenticated
          users: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;authorization&gt;
			&lt;allow  users=&quot;Mary, John&quot; /&gt;
			&lt;deny users=&quot;?&quot; verbs=&quot;POST&quot; /&gt;
		&lt;/authorization&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The type of authorization implemented by the &lt;authorization&gt; element
          is referred to as URL authorization. You can read more about URL authorization
          in Chapter 9. </p>
        </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>You can specify authorization settings for a specific file or directory
          in your application that differs from the defaults configured in the
          root web.config file for the application in either of two ways: </p>
        <ul>
          <li>By adding an <span class="literal">&lt;authorization&gt;</span> element
            to the <span class="emphasis">web.config</span> file of the desired
            child directory, as shown in the example.</li>
          <li>By using a <span class="literal">&lt;location&gt;</span> tag in
            the root <span class="emphasis">web.config</span> file and setting
            its <span class="literal">path</span> attribute to the desired path,
            as follows:</li>
        </ul>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;location path=&quot;files&quot;&gt;
		&lt;system.web&gt;
			&lt;authorization&gt;
				&lt;deny users=&quot;?&quot; /&gt;
			&lt;/authorization&gt;
		&lt;/system.web&gt;
	&lt;/location&gt;
	&lt;system.web&gt;
		&lt;!--other configuration settings --&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span> </td>
    </tr>
  </table>
</div>
<div id="&lt;allow&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;allow&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Specifies users, roles, and/or HTTP verbs to be authorized for the
          application. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">users</span> <br>
&nbsp; A comma-delimited list of authorized usernames.</li>
          <li><span class="literal">roles</span> <br>
&nbsp; A comma-delimited list of authorized roles (NT groups).</li>
          <li><span class="literal">verbs</span> <br>
&nbsp; A comma-delimited list of authorized HTTP verbs (GET, HEAD, POST, or DEBUG). </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>See the example for the &lt;authorization&gt; element. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>You can use two wildcards to specify special groups of users:</p>
        <ul>
          <li><span class="literal">*</span> <br>
&nbsp; When used for the value of the user attribute, allows access for all users.
This is the default configuration setting, as defined in machine.config.</li>
          <li><span class="literal">?</span> <br>
&nbsp; When used for the value of the user attribute, allows access to anonymous
users. This wildcard is more commonly used with the &lt;deny&gt; element. </li>
        </ul>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;deny&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;deny&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Specifies users, roles, and/or HTTP verbs to be denied authorization
          for the application. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">users</span> <br>
&nbsp; A comma-delimited list of authorized usernames.</li>
          <li><span class="literal">roles</span> <br>
&nbsp; A comma-delimited list of authorized roles (NT groups).</li>
          <li><span class="literal">verbs</span> <br>
&nbsp; A comma-delimited list of authorized HTTP verbs (GET, HEAD, POST, or DEBUG). </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>See the example for the &lt;authorization&gt; element. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The same wildcards used by the &lt;allow&gt; element also apply to
          the deny element. To deny access to anonymous (non-authenticated) users,
          set the value of the users attribute of the <span class="literal">&lt;deny&gt;</span> element
          to<span class="literal"> ?</span>. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;browserCaps&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;browserCaps&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;browserCaps&gt;
		&lt;result type=className /&gt;
		&lt;use var=serverVarName /&gt;
				property1=value
				property2=value
				propertyN=value
		&lt;filter match=string&gt;
				property1=value
				property2=value
				propertyN=value
		&lt;/filter&gt;
		&lt;filter match=string&gt;
			&lt;filter match=string with=expressionToSearch&gt;
				property1=value
				property2=value
				propertyN=value
			&lt;/filter&gt;
		&lt;/filter&gt;
		&lt;filter&gt;
			&lt;case match=string&gt;
				property1=value
				property2=value
				propertyN=value
			&lt;/case&gt;
			&lt;case match=string&gt;
				property1=value
				property2=value
				propertyN=value
			&lt;/case&gt;
		&lt;/filter&gt;
&lt;/browserCaps&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Controls the configuration of the browser capabilities component returned
          by the Response.Browser property. The property/value pairs under the <span class="literal">&lt;use&gt;</span> element
          configure the default values of the browser capabilities component
          properties; the property/value pairs in the &lt;filter&gt; elements
          update these properties based on a <span class="literal">match</span> between
          the string value specified for the match attribute of the &lt;case&gt; element
          and the value of the <span class="literal">var</span> attribute of
          the &lt;use&gt; element (which is typically set to <span class="literal">HTTP_USER_AGENT</span>).
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;result&gt;</span>, <span class="literal">&lt;use&gt;</span>, <span class="literal">&lt;filter&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The <span class="emphasis">machine.config</span> configuration file
          contains the default settings for the &lt;browserCaps&gt; element.
          The default settings provide the best example for modifying or updating
          this element. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The primary purpose of this configuration element and its children
          is to allow the addition of new browser types and updating the capabilities
          of these browsers. Thus, when a page calls the browser capabilities
          component, it will receive accurate information about the capabilities
          of the browser used for the current request. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;result&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;result&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><p class="literal">&lt;result type=className
          /&gt; </p>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Specifies the class.</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">type</span> <br>
&nbsp; The class name, and optionally, version, culture, and key information
that specifies the class that will contain the results of the browser capabilities
analysis. This class must derive from HttpCapabilitiesBase. The default (set
in machine.config) is System.Web.HttpBrowserCapabilities.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The default type of <span class="literal">System.Web.HttpBrowserCapabilities</span> is
          fine in most cases. If you want to add additional properties beyond
          those defined by the <span class="literal">HttpBrowserCapabilities</span> class,
          you can create your own class (derived from <span class="literal">HttpCapabilitiesBase
          or HttpBrowserCapabilities</span>) and use the &lt;result&gt; element
          to substitute it. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;use&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;use&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><p class="literal">&lt;use var=serverVariableName
          as=aliasName /&gt;</p>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Sets the name of the server variable to use when evaluating browser
          capabilities. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">var</span> <br>
&nbsp; The name of the server variable to use. The default is <span class="literal">HTTP_USER_AGENT</span>.</li>
          <li><span class="literal">as</span> <br>
&nbsp; The string containing a name by which the server variable can be referenced
in &lt;case&gt; elements and regular expressions. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The &lt;use&gt; element is followed by property/value pairs that specify
          the default properties for the browser capabilities component if no
          match is found with a &lt;filter&gt; element's <span class="literal">match</span> attribute
          (or that of its child &lt;case&gt; element). This usage is demonstrated
          in the entry for the &lt;browserCaps&gt; element. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;filter&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;filter&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;filter match=string&gt;
		property1=value
		property2=value
		propertyN=value
&lt;/filter&gt;
&lt; filter match=string&gt;
		&lt;filter match=string with=expressionToSearch&gt;
				property1=value
				property2=value
				propertyN=value
		&lt;/filter&gt;
&lt;/filter&gt;
&lt; filter&gt;
		&lt;case match=string&gt;
				property1=value
				property2=value
				propertyN=value
		&lt;/case&gt;
		&lt;case match=string&gt;
				property1=value
				property2=value
				propertyN=value
		&lt;/case&gt;
&lt;/filter&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description"> <br>
        Specifies a regular expression pattern to search for in the server variable
          given in the &lt;use&gt; element (or optionally, another expression).
          Multiple &lt;filter&gt; elements can be contained in the &lt;browserCaps&gt; element;
          likewise, each &lt;filter&gt; element can contain &lt;case&gt; elements
          or other &lt;filter&gt; elements. All property assignments for matching &lt;filter&gt; elements
          will be executed, regardless of their order.</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">match</span> <br>
&nbsp; The pattern to match. Uses .NET Framework regular expression syntax. This
attribute is optional. If omitted, all requests will be assumed to match and
any property/value assignments contained within the &lt;filter&gt; element will
be executed.</li>
          <li><span class="literal">with</span> <br>
&nbsp; The regular expression or string to search for. This attribute is optional.
If omitted, the server variable specified in the &lt;use&gt; element will be
searched. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;case&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The fact that &lt;filter&gt; elements can be nested makes them very
          flexible in terms of locating subsets of information. For example,
          the default &lt;browserCaps&gt; element in <span class="emphasis">machine.config</span> uses
          nested &lt;filter&gt; elements to locate both the major and minor browser
          versions contained in the <span class="literal">HTTP_USER_AGENT</span> server
          variable so that it can assign specific properties that vary among
          minor versions (i.e., the x in 4.x) of a browser. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;case&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;case&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;case match=string&gt;
		property1=value
		property2=value
		propertyN=value
&lt;/case&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Specifies one of a group of exclusive matching cases for which property
          assignments will be executed. Only the first matching &lt;case&gt; element
          within a given &lt;filter&gt; element will be executed. The rest will
          be ignored.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">match</span> <br>
&nbsp; The pattern to match. Uses the .NET Framework regular expression syntax.
This attribute is optional. If omitted, all requests will be assumed to match,
and any property/value assignments contained within the &lt;filter&gt; element
will be executed. </li>
          <li><span class="literal">with</span> <br>
&nbsp; The regular expression or string to search for. This attribute is optional.
If omitted, the server variable specified in the &lt;use&gt; element will be
searched. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>This element is useful in situations when you only want a single match.
          For example, the default &lt;browserCaps&gt; configuration in <span class="emphasis">machine.config</span> uses
          the &lt;case&gt; element to assign the platform, <span class="literal">win16</span>,
          and <span class="literal">win32</span> attributes. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;clientTarget&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;clientTarget&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;clientTarget&gt;
		&lt;add alias=aliasName
				userAgent=userAgentString /&gt;
		&lt;remove alias=aliasName /&gt;
		&lt;clear /&gt;
&lt;/clientTarget&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Assigns aliases for specified browser user agent strings to be used
          by ASP.NET Server Controls in deciding what type of content to render.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        <ul>
          <li><span class="literal">&lt;add&gt;</span> <br>
&nbsp; Adds an alias with the name specified by the <span class="literal">alias</span> attribute
for the User Agent string specified by the <span class="literal">userAgent</span> attribute. </li>
          <li><span class="literal">&lt;remove&gt;</span> <br>
&nbsp; Removes a previously configured alias with the name specified by the alias
attribute. </li>
          <li><span class="literal">&lt;clear&gt;</span> <br>
&nbsp; Clears all previously configured aliases.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example comes from the default &lt;clientTarget&gt; element: </p>
        <span class="programlisting"> <pre>
&lt;clientTarget&gt;
	&lt;add alias=&quot;ie5&quot; userAgent=&quot;Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)&quot; /&gt;
	&lt;add alias=&quot;ie4&quot; userAgent=&quot;Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.0)&quot; /&gt;
	&lt;add alias=&quot;uplevel&quot; userAgent=&quot;Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.0)&quot; /&gt;
	&lt;add alias=&quot;downlevel&quot; userAgent=&quot;Unknown&quot; /&gt;
&lt;/clientTarget&gt;</pre></span></td>
    </tr>
     <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>This element is used primarily by the built-in ASP.NET Server Controls.
          Thus, you should avoid making changes to the existing aliases to avoid
          preventing these controls from rendering uplevel content. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;compilation&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;compilation&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;compilation
		batch=boolean
		batchTimeout=numSeconds
		debug=boolean
		defaultLanguage=languageAlias
		explicit=boolean
		maxBatchSize=maxPages
		maxBatchGeneratedFileSize=maxSize
		numRecompilesBeforeAppRestart=numRecompiles
		strict=boolean
		tempDirectory=dirName &gt;
		&lt;compilers&gt;
			&lt;compiler language=languageAlias
					extension=fileExt
					type=typeName
					warningLevel=number
					compilerOptions=optionString /&gt;
		&lt;/compilers&gt;
		&lt;assemblies&gt;
			&lt;add assembly=assemblyName /&gt;
			&lt;remove assembly=assemblyName /&gt;
			&lt;clear /&gt;
		&lt;/assemblies&gt;
&lt;/compilation&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Provides attributes and child elements for configuring the compilation
          options of ASP.NET applications. All attributes are optional.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">batch</span> <br>
&nbsp; Specifies whether ASP.NET should attempt to batch compile all pages in
the application when the first request for a page is made. The default is True. </li>
          <li><span class="literal">batchtimeout</span> <br>
&nbsp; Specifies the amount of time, in seconds, that the compiler will spend
attempting to batch compile pages in the application. If the timeout is exceeded,
pages will be compiled as they are requested for the first time. The default
is 15. </li>
          <li><span class="literal">debug</span> <br>
&nbsp; Specifies whether pages will be compiled with debug symbols. The default
is False. </li>
          <li><span class="literal">defaultLanguage</span> <br>
&nbsp; Specifies the language compiler that will be used to compile inline code
in ASP.NET pages for which no language is specified. The default is VB (Visual
Basic .NET). </li>
          <li><span class="literal">explicit</span> <br>
&nbsp; Specifies whether the Visual Basic .NET OptionExplicit compiler option
is enabled. The default is True. </li>
          <li><span class="literal">maxBatchSize</span> <br>
&nbsp; Specifies the maximum number of classes generated during batch compilation.
The default is 1000. </li>
          <li><span class="literal">maxBatchGeneratedFileSize</span> <br>
&nbsp; Specifies the maximum combined size in KB of generated source files created
during batch compilation. The default is 3000. </li>
          <li><span class="literal">numRecompilesBeforeAppRestart</span> <br>
&nbsp; Specifies the number of recompiles before the appDomain containing the
application is cycled (a new appDomain is created and the old one is torn down).
The default is 15. </li>
          <li><span class="literal">strict</span> <br>
&nbsp; Specifies whether the Visual Basic .NET OptionStrict compiler option (which
disallows implicit narrowing conversions) is enabled. The default is False. </li>
          <li><span class="literal">tempDirectory</span> <br>
&nbsp; Specifies the directory in which temporary files from dynamically compiled
code for the application will be stored. The default is %windir%\Microsoft.NET\Framework\%version%\Temporary
ASP.NET Files. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;assemblies&gt;</span>, <span class="literal">&lt;compilers&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example enables the Visual Basic .NET <span class="literal">OptionStrict</span> compiler
          option and disables batch compilation: </p>
        <span class="programlisting"><pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;compilation batch=&quot;false&quot; strict=&quot;true&quot;&gt;
		&lt;/compilation&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span> </td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Make sure you understand the impact of changes to this element before
          making modifications. For example, setting the <span class="literal">debug</span> attribute
          to True will have a significant negative impact on performance. While
          setting the <span class="literal">strict</span> attribute to True will
          reduce the likelihood of bugs from implicit data type conversion, it
          could also increase the number of compiler errors you get while developing
          your code. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;assemblies&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;assemblies&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;assemblies&gt;
		&lt;add assembly=assemblyInfo /&gt;
		&lt;remove assembly=assemblyInfo /&gt;
		&lt;clear /&gt;
&lt;/assemblies&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Adds or removes assemblies to be referenced and linked during dynamic
          compilation of ASP.NET pages. By default, the mscorlib, System, System.Drawing,
          System.EnterpriseServices, System.Web, System.Data, System.Web.Services,
          and System.Xml assemblies are referenced during dynamic compilation,
          as are any assemblies located in the application directory's bin subdirectory.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        <ul>
        <li><span class="literal">&lt;add&gt;</span> <br>
&nbsp; Adds an assembly specified by the assembly attribute to the list of assemblies
to be linked during dynamic resource compilation. </li>
          <li><span class="literal">&lt;remove&gt;</span> <br>
&nbsp; Removes a previously configured assembly specified by the assembly attribute
from the list of assemblies to be linked during dynamic resource compilation. </li>
          <li><span class="literal">&lt;clear&gt;</span> <br>
&nbsp; Clears all previously configured assemblies.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example shows the &lt;add&gt; element used by the Mobile Internet
          Toolkit to add the assembly System.Web.Mobile to the list of assemblies
          for dynamic compilation: </p>
        <span class="programlisting"><pre>
&lt;assemblies&gt;
	&lt;add assembly=&quot;System.Web.Mobile,Version=1.0.3300.0,Culture= _
	neutral PublicKeyToken=b03f5f7f11d50a3a&quot; /&gt;
&lt;/assemblies&gt;</pre></span> </td>
    </tr>
     <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The asterisk (*) wildcard is used with the &lt;add&gt; element to
          indicate that all assemblies in the application's private assembly
          cache (by default, the bin subdirectory of the application) should
          be added to the list of assemblies linked during dynamic compilation.
          This ensures that all members of these assemblies will be available
          to all the pages in your application automatically. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;compilers&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;compilers&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;compilers&gt;
	&lt;compiler language=languageAlias
		extension=fileExt
		type=typeName
		warningLevel=number
		compilerOptions=optionString /&gt;
&lt;/compilers&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Contains one or more &lt;compiler&gt; elements, each of which defines
          configuration options for a particular compiler to be used with ASP.NET.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;compiler&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Thanks to the &lt;compilers&gt; and &lt;compiler&gt; elements, adding
          support for a new .NET language in ASP.NET is as simple as adding a
          new &lt;compiler&gt; element specifying the language aliases, the file
          extension for class files for the language, and the type information
          for the language compiler. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;compiler&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;compiler&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;compiler language=languageAlias
		extension=fileExt
		type=typeName
		warningLevel=number
		compilerOptions=optionString /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Specifies configuration options for a given language.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">language</span> <br>
&nbsp; Specifies the name or names by which the language will be specified in
the language attribute of the <span class="literal">@Page</span> directive. Multiple
names should be separated by semicolons. This attribute is required. </li>
          <li><span class="literal">extension</span> <br>
&nbsp; Specifies the extension(s) used by code-behind files for the specified
language. Multiple entries should be separated by semicolons. This attribute
is required. </li>
          <li><span class="literal">type</span> <br>
&nbsp; Specifies the .NET type information for the class to be used to compile
resources for the specified language. This attribute is required. </li>
          <li><span class="literal">warningLevel</span> <br>
&nbsp; Specifies the compiler warning level for the language. This attribute
is optional and may not be supported for all compilers. </li>
          <li><span class="literal">CompilerOptions</span> <br>
&nbsp; Specifies a string containing valid compiler options to be passed to the
compiler. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The &lt;compilers&gt; element in machine.config provides a good example
          of the use of this element. Review that configuration section to see
          how the Visual Basic .NET, C#, and JScript .NET compilers are configured. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;customErrors&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;customErrors&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;customErrors
	defaultRedirect=Url
	mode=mode &gt;
	&lt;error statusCode=httpStatusCode redirect=Url /&gt;
&lt;/customErrors&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Specifies one or more pages to which users should be redirected if
          an unhandled exception is detected in an ASP.NET application. A default
          error page can be specified, as well as one or more error pages for
          specific HTTP error codes.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">defaultRedirect</span> <br>
&nbsp; Specifies the URL of the page to which all errors should be redirected
when no specific error page is configured for the HTTP status code of the error.
This attribute is optional. </li>
          <li><span class="literal">mode</span> <br>
&nbsp; Specifies the custom errors mode. Valid values are <span class="literal">Off,
On</span>, and <span class="literal">RemoteOnly</span>. Off disables custom error
handling, On enables custom error pages for both local and remote requests. RemoteOnly
enables custom error pages for remote requests, while sending detailed error
messages for local requests. This attribute is required.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;error&gt;</span></p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example configures a default page to be displayed to remote clients
          when an unhandled exception is encountered: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;customErrors defaultRedirect=&quot;Error.aspx&quot; /&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span> </td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>If you set the mode attribute to <span class="literal">RemoteOnly</span>,
          you will only be able to see detailed error information from the local
          machine on which the pages are running. Remote requests will return
          the custom error page (if any) configured for the status code of the
          error that occurred. </p>
        </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>If you want to see the debug information provided by ASP.NET when
          an error occurs, the mode attribute should be set to Off. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;error&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;error&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;error statusCode=httpStatusCode
	  redirect=Url /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Specifies a custom error page to handle redirections for a specific
          HTTP status code.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">statusCode</span> <br>
&nbsp; Specifies the HTTP status code (such as 404 for a &quot;Not Found&quot; error)
for the specified custom error page. This attribute is optional. </li>
          <li><span class="literal">redirect</span> <br>
&nbsp; Specifies the URL of the page to which requests with a matching HTTP status
code should be redirected. This attribute is optional. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example configures a custom error page for 404 errors, and the
          default error page configured in the previous example: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;customErrors defaultRedirect=&quot;Error.aspx&quot;&gt;
			&lt;error statusCode=&quot;404&quot; redirect=&quot;My404ErrorPage.aspx&quot;/&gt;
		&lt;/customErrors&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span> </td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>While custom error pages provide a convenient way to prevent users
          from seeing raw error messages (and perhaps provide more helpful messages),
          they are not a substitute for proper exception handling. By the time
          an error reaches a custom error page, recovering from the error gracefully
          will be much more difficult, which can degrade the experience of your
          users. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;globalization&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;globalization&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;globalization
		requestEncoding=encodingString
		responseEncoding=encodingString
		fileEncoding=encodingString
		culture=cultureString
		uiCulture=cultureString /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Provides attributes for configuring encoding and culture settings.
          These attributes are used as the basis for the expected encoding of
          requests, responses, and files for internationalization.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        <ul>
          <li><span class="literal">requestEncoding</span> <br>
&nbsp; Specifies the assumed encoding of incoming requests. This can be any valid
encoding string and should match the <span class="literal">responseEncoding</span> attribute.
The default is UTF-8. This attribute is optional. </li>
          <li><span class="literal">responseEncoding</span> <br>
&nbsp; Specifies the content encoding of responses. This can be any valid encoding
string and should match the requestEncoding attribute. The default is UTF-8.
This attribute is optional. </li>
          <li><span class="literal">fileEncoding</span> <br>
&nbsp; Specifies the encoding used to parse .aspx, .asmx, and .asax files. This
attribute is optional. </li>
          <li><span class="literal">culture</span> <br>
&nbsp; Specifies the assumed culture for incoming requests. The value can be
any valid culture string. This attribute is optional. </li>
          <li><span class="literal">uiCulture</span> <br>
&nbsp; Specifies the culture for locale-specific resource searches. The value
can be any valid culture string. This attribute is optional. </li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example shows how the default &lt;globalization&gt; settings
          are configured in <span class="emphasis"> web.config:</span> </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;globalization requestEncoding=&quot;utf-8&quot; responseEncoding=&quot;utf-8&quot; /&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span> </td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>A list of valid culture strings can be found in the .NET Framework
          documentation for the <span class="literal">System.Globalization.CultureInfo</span> class. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;httpHandlers&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;httpHandlers&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;httpHandlers&gt;
	&lt;add verb=httpVerbs
		path=pathInfo
		type=typeInfo
		validate=boolean /&gt;
	&lt;remove verb=httpVerbs
		path=pathInfo /&gt;
	&lt;clear /&gt;
&lt;/httpHandlers&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Adds or removes HttpHandlers, which are used to provide request processing
          for a specified HTTP verb and/or file type or path. ASP.NET itself
          is set up as an HttpHandler for .aspx and .asmx files, and HttpHandlers
          are used to prevent downloading of source code for other ASP.NET file
          types, such as global.asax.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        <ul>
          <li><span class="literal">&lt;add&gt;</span> <br>
&nbsp; Adds an HttpHandler. The HTTP verbs (GET, POST, etc.) handled by the HttpHandler
are specified by the verb attribute; the asterisk (*) wildcard is used to specify
all <span class="literal">verbs</span>. The path or file extension to be handled
by the <span class="literal">HttpHandler</span> is specified by the <span class="literal">path</span> attribute.
The class used to process the request is specified by the <span class="literal">type</span> attribute.
This class must implement the IHttpHandler interface. Finally, the validate attribute
tells ASP.NET whether or not to attempt to load the class specified by the type
attribute before a matching request comes in. </li>
          <li><span class="literal">&lt;remove&gt;</span> <br>
&nbsp; Removes a previously configured HttpHandler, based on the specified <span class="literal">verb</span> and <span class="literal">path</span> attributes.
The attributes must match a previously configured &lt;add&gt; element. </li>
          <li><span class="literal">&lt;clear&gt;</span> <br>
&nbsp; Clears all previously configured HttpHandlers.</li>
        </ul>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example configures a custom HttpHandler for the file extension <span class="emphasis">.aspnetian</span>: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
	&lt;system.web&gt;
		&lt;httpHandlers&gt;
			&lt;add verb=&quot;*&quot; path=&quot;*.aspnetian&quot; type=&quot;aspnetian.aspnetianHandler&quot; /&gt;
		&lt;/httpHandlers&gt;
	&lt;/system.web&gt;
&lt;/configuration&gt;</pre></span></td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>To make the example work properly, you need to map the file extension <span class="emphasis">.aspnetian</span> to
          the ASP.NET ISAPI handler, Otherwise, the request would never be handed
          to the custom HttpHandler. Chapter 9 has a step-by-step walkthrough
          of the process for mapping additional file types to the ASP.NET ISAPI
          handler. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;httpModules&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;httpModules&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap><pre class="literal">
&lt;httpModules&gt;
		&lt;add name=moduleName type=typeInfo /&gt;
		&lt;remove name=moduleName /&gt;
		&lt;clear /&gt;
&lt;/httpModules&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Adds or removes <span class="literal">HttpModules. HttpModules</span> are
          special classes that participate in the processing of all application
          requests. Both ASP.NET caching and session state are implemented as
          HttpModules, as are the authentication and authorization features of
          ASP.NET.
      </td>
    </tr>
  </table>
</div>
<div id="&lt;httpRuntime&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;httpRuntime&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;httpRuntime
   appRequestQueueLimit=numRequests
   executionTimeout=numSeconds
   maxRequestLength=numKBytes
   minFreeLocalRequestFreeThreads=numThreads
   minFreeThreads=numThreads
   useFullyQualifiedRedirectUrl=boolean /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Contains attributes used to configure the settings for the ASP.NET HTTP runtime. </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
       <ul><li><span class="literal">appRequestQueueLimit</span><br>&nbsp;Specifies the upper limit for request queuing. Once this limit has
been reached, additional requests will receive a response of
&quot;503 - Server Too Busy&quot;. The
default is 100.
</li><li><span class="literal">executionTimeout</span><br>&nbsp;Specifies the amount of time, in seconds, that a request can execute
before being terminated by the runtime. The default is 90.
</li><li><span class="literal">maxRequestLength</span><br>&nbsp;Specifies the maximum file size, in KB, that can be uploaded by a
client to an ASP.NET application. This attribute is used primarily to
prevent denial of launched service attacks by attempting to upload
very large files to the server. The default is 4096.
</li><li><span class="literal">minFreeLocalRequestFreeThreads</span><br>&nbsp;Specifies the minimum number of threads that will be reserved for
requests from the local host that require additional threads. The
default is 4.
</li><li><span class="literal">minFreeThreads</span><br>&nbsp;Specifies the minimum number of threads that will be reserved for
requests that require additional threads. The default is 8.
</li><li><span class="literal">useFullyQualifiedRedirectUrl</span><br>&nbsp;Specifies whether URLs sent to the client for redirects are fully
qualified or relative. The default is <span class="literal">False</span>, which
specifies that the URL is relative.
</li></ul>

      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example forces client-side redirect URLs to be fully qualified,
		which is required for some of the mobile controls supplied in the Microsoft Mobile Internet Toolkit: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
   &lt;system.web&gt;
      &lt;httpRuntime
         useFullyQualifiedRedirectUrl=&quot;true&quot; /&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
     <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>One of the most commonly customized attributes is <span class="literal">maxRequestLength</span>,
		since for sites that need to upload files, 4MB can be fairly limiting.
		Use caution when increasing this value, however; only increase it as much as necessary
		for the maximum file size you expect. Making this value too large can make your site
		vulnerable to denial-of-service attacks.  </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;identity&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;identity&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;identity
   impersonate=boolean
   userName=string
   password=string /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Specifies whether request impersonation is enabled, as well as the identity to be used for requests made from the ASP.NET worker process and the password for that identity.  </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
      <ul><li><span class="literal">impersonate</span><br>&nbsp;Specifies whether impersonation is enabled for the application. If
<span class="literal">True</span>, requests made by the ASP.NET worker process
will be made with the security context of the account specified by
the <span class="literal">userName</span> attribute; if that attribute is
blank, the context of the account of the logged on user. The default
is <span class="literal">False</span>.
</li><li><span class="literal">userName</span><br>&nbsp;Specifies the username of the Windows account to use for
impersonation. If the value is left blank or is omitted, requests
will be made in the context of the logged-in user.
</li><li><span class="literal">password</span><br>&nbsp;Specifies the password for the account named in the
<span class="literal">userName</span> attribute. This password is stored in
clear text.
</li></ul>


      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example turns on impersonation for the logged-in user authenticated by IIS: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
   &lt;system.web&gt;
      &lt;identity
         impersonate=&quot;true&quot;
         userName=&quot;&quot; /&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
     <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Because the password attribute stores <span class="literal">passwords</span> in readable text, you should carefully consider whether it makes sense to use
		this functionality. Storing sensitive information such as passwords in text files presents a potential security risk.   </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;machineKey&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;machineKey&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;machineKey
   validationKey=&quot;autogenerate|value&quot;
   decryptionKey=&quot;autogenerate|value&quot;
   validation=&quot;SHA1|MD5|3DES&quot; /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <p>Specifies the settings for cryptographic keys used for validation and decryption of Forms Authentication cookies.  </p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>All</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
      <ul><li><span class="literal">validationKey</span><br>&nbsp;The key used for validation of forms authentication cookie data, MAC
checking of ViewState, and session state cookies. The default is
<span class="literal">autogenerate</span>, which generates and stores a random
key. For web farm implementations, you can set this value to the same
40 to 128-character key value on each server to ensure that all
servers can validate successfully.
</li><li><span class="literal">decryptionKey</span><br>&nbsp;The key used for decryption of forms authentication cookie data. The
default is <span class="literal">autogenerate</span>, which generates and
stores a random key. For web farm implementations, you can set this
value to the same 40 to 128-character key value on each server to
ensure that all servers can validate successfully.
</li><li><span class="literal">validation</span><br>&nbsp;Specifies the type of encryption used for data validation.</li></ul>
    </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
       <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>For web farms, ensuring that the validationKey and decryptionKey values are synchronized across all servers in the farm is important. If they are not synchronized,
		you may get errors in Forms Authentication, ViewState errors, or problems with session state.  </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;pages&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;pages&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;pages
   buffer=boolean
   enableSessionState=&quot;true|false|ReadOnly&quot;
   enableViewState=boolean
   enableViewStateMac=boolean
   autoEventWireup=boolean
   smartNavigation=boolean
   pageBaseType=typeInfo
   userControlBaseType=typeInfo /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Contains attributes used to configure the default settings for ASP.NET pages and user controls.
		 These settings can be overridden by attributes on the <span class="literal">@ Page</span> or <span class="literal">@ Control</span> directive.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
      <ul><li><span class="literal">buffer</span><br>&nbsp;Specifies whether buffering of page output is on or off. The default
is True.
</li><li><span class="literal">enableSessionState</span><br>&nbsp;Specifies whether a page has access to the Session state module.
Acceptable values include True,
False, and ReadOnly. The
default is True.
</li><li><span class="literal">enableViewState</span><br>&nbsp;Specifies whether ViewState is enabled at the page level. The default
is True.
</li><li><span class="literal">enableViewStateMac</span><br>&nbsp;Specifies at the page level whether a machine authentication check
(MAC) is performed on the ViewState hidden field. This specification
can help identify client-side tampering with the ViewState. The
default is True.
</li><li><span class="literal">autoEventWireup</span><br>&nbsp;Specifies whether ASP.NET will automatically support specific page
events, such as Page_Load. The default is True.
</li><li><span class="literal">smartNavigation</span><br>&nbsp;Specifies whether the Smart Navigation feature, for which IE 5 or
above provides support for posting back and refreshing only portions
of a page, is turned on at the page level. The default is
False.
</li><li><span class="literal">pageBaseType</span><br>&nbsp;Specifies the base class from which all pages are derived. The
default is System.Web.UI.Page.
</li><li><span class="literal">userControlBaseType</span><br>&nbsp;Specifies the base class from which all user controls are derived.
The default is System.Web.UI.UserControl.
</li></ul>
 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
	 <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example disables both Session state and ViewState at the page level: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
   &lt;system.web&gt;
      &lt;pages
         enableSessionState=&quot;false&quot;
         enableViewState=&quot;false&quot;/&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
          <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>The <span class="literal">&lt;pages&gt;</span> element is very useful for setting application-level (or folder-level) defaults for pages in your application.
		 One possible use is to place pages that do not require access to session state in a separate folder and use the &lt;pages&gt; element to
		  disable session state for that folder. In this case, a session will not be created for a user until the user requests a
		  page in your application for which <span class="literal">EnableSessionState</span> is <span class="literal">True</span>.  </p>
		</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>The default setting of <span class="literal">EnableSessionState</span> is <span class="literal">True</span>. It's important to remember this because the MAC check uses the settings
		in the <span class="literal">&lt;machineKey&gt;</span> element to create an encrypted version of the ViewState hidden field. In a web farm scenario, the &lt;machineKey&gt; settings for each server in the farm must match. Otherwise, the MAC check will fail when a user's
		initial request is handled by one server, while a subsequent postback is handled by another server with different settings for <span class="literal">&lt;machineKey&gt;</span>. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;processModel&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;processModel&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;processModel
   enable=boolean
   timeout=&quot;Infinite&quot;|HH:MM:SS
   idleTimeout=&quot;Infinite&quot;|HH:MM:SS
   shutdownTimeout=&quot;Infinite&quot;|HH:MM:SS
   requestLimit=numRequests
   requestQueueLimit=&quot;Infinite&quot;|numRequests
   restartQueueLimit=&quot;Infinite&quot;|numRequests
   memoryLimit=percentMemory
   cpuMask=cpuNumBitMask
   webGarden=boolean
   userName=username
   password=password
   logLevel=&quot;All|None|Errors&quot;
   clientConnectedCheck=HH:MM:SS
   comAuthenticationLevel=&quot;Default|None|Connect|Call|Pkt|
      PktIntegrity|PktPrivacy&quot;
comImpersonationLevel=&quot;Default|Anonymous|Identify|Impersonate|
   Delegate&quot;
   responseRestartDeadlockInterval=&quot;Infinite&quot;|HH:MM:SS
   responseDeadlockInterval=&quot;Infinite&quot;|HH:MM:SS
   maxWorkerThreads=numThreads
   maxIoThreads=numThreads
   serverErrorMessageFile=fileName /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Contains attributes used to configure the ASP.NET worker process in IIS 5.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine Only</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
     <ul><li><span class="literal">enable</span><br>&nbsp;Specifies whether the &lt;processModel&gt;
settings are enabled. The default is True.
</li><li><span class="literal">timeout</span><br>&nbsp;Specifies the life span, in the format
hh:mm:ss, of the process. When this value
expires, a new process is started and the current process is shut
down. To disable the timeout, use the value
Infinite. The default is
Infinite.
</li><li><span class="literal">idleTimeout</span><br>&nbsp;Specifies the life span of the process, when idle, in the format
hh:mm:ss. When this value expires, the
current process is shut down. To disable the timeout, use the value
Infinite. The default is
Infinite.
</li><li><span class="literal">shutdownTimeout</span><br>&nbsp;Specifies the amount of time, in the format
hh:mm:ss, that the process is given to
shut down gracefully. When this value expires, the process will be
killed. To disable the timeout, use the value
Infinite. The default is
0:00:05.
</li><li><span class="literal">requestLimit</span><br>&nbsp;Specifies the number of requests that can be served by the ASP.NET
process before it is shut down and restarted. This attribute can be
used to proactively restart the ASP.NET process to compensate for
memory leaks or other problems that may be associated with legacy
resources (such as COM components) that you need to use in your
applications. The default is Infinite, which
disables this feature.
</li><li><span class="literal">requestQueueLimit</span><br>&nbsp;Specifies the number of requests that can be queued by ASP.NET before
it is shut down and restarted. This attribute can be used to
proactively remedy situations in which resource contention causes
requests to be queued. The default is 5000.
</li><li><span class="literal">restartQueueLimit</span><br>&nbsp;Specifies the number of requests that will remain in the request
queue while a process restart based on the
requestQueueLimit setting occurs. The default is
10.
</li><li><span class="literal">memoryLimit</span><br>&nbsp;Specifies the upper limit, as a percentage, of the
server's physical memory that the ASP.NET process
will be allowed to use. If this value is exceeded, a new process will
be started up and the current process will be shut down. The default
is 60.
</li><li><span class="literal">cpuMask</span><br>&nbsp;Used in web garden scenarios to specify the CPU or CPUs in a
multiprocessor server that will run the ASP.NET process. This value
is a bitmask. The default is 0xffffffff, which
specifies that a worker process should be created for every CPU.
</li><li><span class="literal">webGarden</span><br>&nbsp;Specifies whether web gardening, in which worker processes are tied
to specific processors within a multiprocessor server, is enabled.
The default is False.
</li><li><span class="literal">userName</span><br>&nbsp;Specifies the identity under which the ASP.NET worker process will be
run. This can be a valid NT account or one of two special values:
<ul>
<li><span class="literal">SYSTEM</span><br>&nbsp;Runs the ASP.NET process as the SYSTEM account, which is a highly privileged administrative account.</li>
<li><span class="literal">machine</span><br>&nbsp;Runs the ASP.NET process as the ASPNET account (installed with the .NET Framework),
which is a special account with few privileges. This process is the default and provides superior out-of-the box security for web
applications written with ASP.NET. Note that the documentation for the &lt;processModel&gt; element incorrectly states that SYSTEM
is the default. </li></ul>
</li><li><span class="literal">password</span><br>&nbsp;Specifies the password of the account specified by the
userName attribute. Use the value
AutoGenerate (the default) when using the
SYSTEM or machine accounts.
</li><li><span class="literal">logLevel</span><br>&nbsp;Specifies the type of process events that are logged to the NT event
log. Valid values are:
<ul>
<li><span class="literal">All</span><br>&nbsp;All process events will be logged.</li>
<li><span class="literal">Errors</span><br>&nbsp;Only errors will be logged; this is the default.</li>
<li><span class="literal">None</span><br>&nbsp;No process events will be logged.</li>
</ul>
</li><li><span class="literal">clientConnectedCheck</span><br>&nbsp;Specifies the amount of time, in the format
hh:mm:ss, that a request remains in the
queue before the ASP.NET process checks to ensure that the client is
still connected. The default is 0:00:05.
</li><li><span class="literal">comAuthenticationLevel</span><br>&nbsp;Specifies the authentication level used for DCOM security. The
default is Connect.
</li><li><span class="literal">comImpersonationLevel</span><br>&nbsp;Specifies the authentication level used for COM security. The default
is Impersonate.
</li><li><span class="literal">responseRestartDeadlockInterval</span><br>&nbsp;Specifies the amount of time, in the format
hh:mm:ss, that will be allowed to elapse
between process restarts due to the
responseDeadlockInterval attribute value. This
specification prevents constant process cycling due to deadlocks. To
disable this feature, use the value Infinite. The
default is 0:09:00.
</li><li><span class="literal">responseDeadlockInterval</span><br>&nbsp;Specifies the amount of time, in the format
hh:mm:ss, that may elapse without a
response when requests are queued. When this value expires, the
process will be shut down and restarted. To disable this feature, use
the value Infinite. The default is
0:03:00.
</li><li><span class="literal">maxWorkerThreads</span><br>&nbsp;Specifies the upper limit for worker threads per CPU in the thread
pool. The default is 25.
</li><li><span class="literal">maxIoThreads</span><br>&nbsp;Specifies the upper limit for IO threads per CPU in the thread pool.
The default is 25.
</li><li><span class="literal">serverErrorMessageFile</span><br>&nbsp;Specifies the filename of a file to be displayed when a
&quot;Server Unavailable&quot; error occurs.
</li></ul>

 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
        </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
      <tr>
	   <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
       <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>In IIS 6 native mode, the settings in the
&lt;processModel&gt; element will be ignored.
</p></td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>Because the settings in the &lt;processModel&gt;
element are read by and applied to the unmanaged <span class="emphasis">aspnet_isapi.dll</span> handler that passes requests
to the managed <span class="emphasis">aspnet_wp.exe</span> worker process (rather than by managed code), changes to the
&lt;processModel&gt; element will not be applied
until IIS is restarted. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;securityPolicy&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;securityPolicy&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;securityPolicy&gt;
   &lt;trustLevel
      name=trustLevelName
      policyFile=fileName /&gt;
&lt;/securityPolicy/&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Configures mappings of trust names (used by the
<span class="literal">&lt;trust&gt;</span> element) to security policy files.
The security policy files contain elements that configure the code
access security permissions that are specific to that trust level.
<span class="literal">&lt;securityPolicy&gt;</span> can contain one or more
<span class="literal">&lt;trustLevel&gt;</span> elements.
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
   </td>
    </tr>
    <tr>
      <td><p>None</p>
 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child
          Elements</span>
      <ul><li><span class="literal">&lt;trustLevel&gt;</span><br>Each <span class="literal">&lt;trustLevel&gt;</span>element maps a trust-level
name to a specific policy file that implements the code access
security permissions for that trust level. The
name attribute specifies the name by which the
trust level will be referred in the <span class="literal">&lt;trust&gt;</span>
element, while the <span class="literal">policyFile</span> attribute specifies
the <span class="literal">name</span> of the policy file to map to the name.
</li></ul>

      </td>
    </tr>
	 <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example comes from the default
&lt;securityPolicy&gt; element in machine.config:
</p>
        <span class="programlisting">
        <pre>
&lt;securityPolicy&gt;
   &lt;trustLevel
      name=&quot;Full&quot;
      policyFile=&quot;internal&quot; /&gt;
   &lt;trustLevel
      name=&quot;High&quot;
      policyFile=&quot;web_hightrust.config&quot; /&gt;
   &lt;trustLevel
      name=&quot;Low&quot;
      policyFile=&quot;web_lowtrust.config&quot; /&gt;
   &lt;trustLevel
      name=&quot;None&quot;
      policyFile=&quot;web_notrust.config&quot; /&gt;
&lt;/securityPolicy&gt;</pre></span>
 </td>
    </tr>

       <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>For a specific application, if you want to modify the code access
security permissions applied, you could create a new CAS policy file
and map that file to a custom trust level by using the
<span class="literal">&lt;trustLevel&gt;</span> element. To implement the new
security policy, you would add a <span class="literal">&lt;trust&gt;</span>
element to the web.config file of
the desired application and use it to specify the mapped policy file
by name. </p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;sessionState&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;sessionState&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;sessionState
   mode=&quot;Off|Inproc|StateServer|SQLServer&quot;
   cookieless=boolean
   timeout=numMinutes
   stateNetworkTimeout=numSeconds
   stateConnectionString=&quot;tcpip=server:port&quot;
   sqlConnectionString=connString/&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
      <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
  <ul><li><span class="literal">mode</span><br><br>&nbsp;Specifies whether session state is enabled, and if so, how the state
data will be stored. Valid values are:</li><br><ul>
<li><span class="literal">Off</span><br>&nbsp;The session state is disabled.</li>
<li><span class="literal">InProc</span><br>&nbsp;The session state data will be stored in memory on the local server. This is the same model as session state in classic ASP.
 This session state mode does not allow session state to be shared across servers in a web farm. </li>
<li><span class="literal">StateServer</span><br>&nbsp;The session state data will be stored in memory in a special NT state service on a designated state server.
This session state mode allows session state to be shared across servers in a web farm. </li>
<li><span class="literal">SQLServer</span><br>&nbsp;The session state data will be stored in a special SQL Server database on a designated SQL Server. This session state mode allows session state to be shared across servers in a web farm.
This mode also requires running a SQL query (which is included with the .NET Framework SDK) to set up the SQL Server database. </li>
</ul><br>
The default is <span class="literal">InProc</span>.
<li><span class="literal">cookieless</span><br>&nbsp;Specifies whether or not cookies will be used to associate users with
specific sessions. If set to True, the session
identifier will be automatically munged into the URL for each
request. This requires that your application use relative URLs to
work correctly. The default is False.
</li><li><span class="literal">timeout</span><br>&nbsp;Specifies the amount of time, in minutes, before the session will
time out when inactive (no requests are received with that
SessionID). The default is 20.
</li><li><span class="literal">stateNetworkTimeout</span><br>&nbsp;Specifies the amount of time, in seconds, that network operations
will time out when working with the StateServer
session state mode. The default is 10.
</li><li><span class="literal">stateConnectionString</span><br>&nbsp;Specifies the server name or IP address and TCP port number for the
session state server when using StateServer mode.
This attribute is required when the mode attribute is
StateServer. The default is
tcpip=127.0.0.1:42424.
</li><li><span class="literal">sqlConnectionString</span><br>&nbsp;Specifies the SQL Server name and authentication credentials when
using SQLServer session mode. This attribute is
required when the mode attribute is SQLServer. The
default is data source=127.0.0.1;userid=sa;password=. Where possible, this value should
use trusted connections to avoid storing a SQL userID and password in
the web.config or machine.config file. To support SQL Server
state mode, you need to run the
InstallSqlState.sql batch file on the target SQL
server to create the ASPState database and its associated tables and
stored procedures. This file is installed by default in the
%windir%\Microsoft.NET\Framework\%version%
folder.
</li></ul></ul>

 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child Elements</span>
   </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
	 <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example configures session state to run in SQL Server mode without cookies: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
   &lt;system.web&gt;
      &lt;sessionState
         mode=&quot;SQLServer&quot;
         cookieless=&quot;true&quot;
         sqlConnectionString=&quot;data source=myServer;trusted_
connection=true&quot; /&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
          <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>To use SQL Server mode with a trusted connection, the account
identity of the ASP.NET worker process must have a login to the SQL
Server database and must have permission to access the ASPState and
TempDB databases. If you cannot use a trusted connection, you should
create a special account specifically to access the state database,
and use that account for the sqlConnectionString
attribute.
</p></td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td><p>Note that when using either of the out-of-process session state
modes, it's wise to use the
<span class="literal">EnableSessionState</span> attribute of the
@ <span class="literal">Page</span> directive to disable
session state for pages in your application that do not use it.
Otherwise, these pages will make unnecessary cross-machine calls to
retrieve unused session state information. If you have a page that
reads session data but does not alter it, you can also set the
<span class="literal">EnableSessionState</span> attribute to
<span class="literal">ReadOnly</span> to avoid the cross-machine call to store
updated session data.
</p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;trace&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;trace&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;trace
   enabled=boolean
   localOnly=boolean
   pageOutput=boolean
   requestLimit=numRequests
   traceMode=&quot;SortByTime|SortByCategory&quot; /&gt</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
  <ul><li><span class="literal">enabled</span><br>&nbsp;Specifies whether tracing is enabled. The default is
False.
</li><li><span class="literal">localOnly</span><br>&nbsp;Specifies whether or not trace output can be viewed by machines other
than the local host. The default is True.
</li><li><span class="literal">pageOutput</span><br>&nbsp;Specifies whether trace output is rendered to the page or stored in
memory and made accessible by the special
Trace.axd URL. Trace.axd
maps to an HttpHandler that displays all currently stored traces for
a given application. The default is False.
</li><li><span class="literal">requestLimit</span><br>&nbsp;Specifies the number of requests that can be stored in the trace
buffer read by Trace.axd. Once the total number
of request traces specified by this attribute has been stored, no
more traces will be stored until the trace log has been cleared. The
page displayed by Trace.axd includes a link for
clearing the trace log. The default is 10.
</li><li><span class="literal">traceMode</span><br>&nbsp;Specifies the sort order of items in the Trace Information section of
the trace. Valid values are SortByTime and
SortByCategory. SortByCategory
is useful when you are using Trace.Write and Trace.Warn with your own
category names passed as parameters. The default is
SortByTime.
</li></ul>

 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child Elements</span>
   </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
	 <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example turns tracing on at the application level: </p>
        <span class="programlisting">
        <pre>
&lt;/configuration&gt;
    &lt;system.web&gt;
        &lt;trace enabled=&quot;true&quot; /&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
           <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Chapter 10 provides an overview of how to use the
trace functionality of ASP.NET.</p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;trust&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;trust&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;trust
   level=&quot;Full|High|Low|None&quot;
   originUrl=URL /&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
   <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Assigns a named trust level created with the
<span class="literal">&lt;trustLevel&gt;</span> child element of the
<span class="literal">&lt;securityPolicy&gt;</span> element to a machine, a
site, or an application.
      </td>
    </tr>
      <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Machine, Application</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
  <ul><li><span class="literal">level</span><br>Specifies the trust level to be applied. This attribute can be any
value defined by the &lt;securityPolicy&gt;
element. The default is Full. This attribute is
required.
</li><li><span class="literal">originUrl</span><br>Specifies URL of origin of an application. This attribute allows
classes such as WebRequest, which may need the
origin host information for certain security permissions, to work
properly. This attribute is optional.
</li></ul>
 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child Elements</span>
   </td>
    </tr>
    <tr>
      <td><p>None</p>
      </td>
    </tr>
	 <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>This example sets the application CAS permissions, based on a custom trust level: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
   &lt;system.web&gt;
      &lt;trust level=&quot;myTrustLevel&quot; /&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
          <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>Make sure that you understand the security implications of using
custom security policy mappings before using this element. Incorrect
permissions can cause major problems for your application.</p>
      </td>
    </tr>
  </table>
</div>
<div id="&lt;location&gt;">
  <table cellpadding="0" cellspacing="0" border="0" width="100%" class="main">
    <tr>
      <td valign="top" class="name">&lt;location&gt;</td>
      <td valign="top" nowrap class="compatibility"> </td>
    </tr>
    <tr>
      <td colspan="2" class="divider"><img src="dwres:18084" width="100%" height="1"></td>
    </tr>
    <tr>
      <td valign="top" class="usage" nowrap>
<pre class="literal">
&lt;location
   path=pathToConfigure
   allowOverride=boolean &gt;
   &lt;system.web&gt;
      &lt;! --  Configuration settings  -- &gt;
   &lt;/system.web&gt;
&lt;/location&gt;</pre>
      </td>
      <td valign="top" align="right">&nbsp;</td>
    </tr>
   <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="description">
        <br>Allows you to prevent settings in machine.config
or web.config from being overridden in child
configuration files. You can also use it to configure settings for
specific files or folders from a configuration file in a parent
folder.
      </td>
    </tr>
      <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="scope"><span class="title">Scope</span>
        </td>
    </tr>
    <tr>
      <td><p>Any</p>
      </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="attributes"><span class="title">Attributes</span>
<ul><li><span class="literal">path</span><br>Specifies the path to the file or folder to which the configuration
settings contained in the &lt;location&gt; tag
pair should be applied.
</li><li><span class="literal">allowOverride</span><br>Specifies whether child configuration files can override values
configured within the &lt;location&gt; tag pair.
This attribute locks down configuration settings (i.e., at the
machine.config level) for which
you want to enforce uniformity.
</li></ul>

 </td>
    </tr>
    <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="child elements"><span class="title">Child Elements</span>
   </td>
    </tr>
    <tr>
      <td><p><span class="literal">&lt;system.web&gt;</span></p>
      </td>
    </tr>
	 <tr>
      <td colspan="2" class="clearseparation">&nbsp;</td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="example"><span class="title">Example</span>
        </td>
    </tr>
    <tr>
      <td><p>The example, if used in machine.config, would force all applications
on the machine to use Windows authentication: </p>
        <span class="programlisting">
        <pre>
&lt;configuration&gt;
   &lt;location
      allowOverride=&quot;false&quot;&gt;
      &lt;system.web&gt;
         &lt;authentication mode=&quot;Windows&quot;&gt;
      &lt;/system.web&gt;
   &lt;/location&gt;
   &lt;system.web&gt;
      &lt;!-- Other configuration settings --&gt;
   &lt;/system.web&gt;
&lt;/configuration&gt;</pre></span>
 </td>
    </tr>
    <tr>
      <td valign="top" colspan="2" class="notes"><span class="title">Notes</span>
        </td>
    </tr>
    <tr>
      <td><p>This tag provides powerful control over configuration. In addition to
the scenario of enforcing an authentication method across all
applications, you can also use the path attribute
to configure multiple child folders or files from the web.config file in the root of the
application. Using this configuration can avoid having a large number
of child <span class="emphasis">web.config</span> files to manage for
a larger application.</p>
      </td>
    </tr>
  </table>
</div>
</body>
</html>
