• Choose a category
• All
• Classic-Fiction

The Section

In the section, you define mappings between security levels and policy files. The section can be configured at the application level but not in subdirectories. The section contains one or more elements with name and policyFile attributes. You also can use the section to extend the security system by providing your own named trust levels mapped to a custom security policy file.

Here’s an excerpt from the site’s root web.config file that ASP.NET installs:

The name attribute can be set to Full, High, or Low in all versions of the .NET Framework. Each trust level identifies a particular security level that you map to a policy file. Security policy files are XML files located in the same folder as machine.config.

Notice that in ASP.NET the Full level of trust doesn’t need to have an associated policy file full of permission sets and code-group definitions. The reason is that ASP.NET doesn’t add extra security settings in the case of Full trust, so in such cases the content of the policyFile attribute is ignored.

The Section

The section stores session-state settings for the current application. The section determines the behavior and implementation details of the ASP.NET Session object. The Session object can work in different modes to accommodate the application’s requirements for performance, robustness, and data reliability. In Table 3-14, you can see the list of acceptable attributes for the element. The mode attribute is the only mandatory attribute. Some attributes are mutually exclusive.

Table 3-14. Session-State Attributes

Attribute

Description

allowCustomSqlDatabase

If this is set to true, it enables you to specify a custom SQL Server database to store session data instead of using the default ASPState database.

compressionEnabled

Specifies whether compression is applied to the session-state data.

cookieless

Specifies how to communicate the session ID to clients. Feasible values are those listed in Table 3-5.

cookieName

Name of the cookie, if cookies are used for session IDs.

customProvider

Name of the custom session-state store provider to use for storing and retrieving session-state data.

mode

Specifies the implementation mode of the session state. Acceptable values are Off, InProc, Custom, StateServer, and SQLServer. When it’s set to Off, session-state management is disabled and the Session object is not available to the application. InProc is the default working mode, and it stores session data locally in the Web server’s memory. Alternatively, the session state can be stored on a remote server (StateServer) or in a SQL Server database (SQLServer). The Custom option indicates that the application is using a custom data store.

partitionResolverType

Indicates the type and assembly of the partition resolver component to be loaded to provide connection information when session state is working in SQLServer or StateServer mode. If a partition resolver can be correctly loaded, the sqlConnectionString and stateConnectionString attributes are ignored.

regenerateExpiredSessionId

When a request is made with a session ID that has expired, if this attribute is true, a new session ID is generated; otherwise, the expired one is revived. The default is false.

sessionIDManagerType

Null by default. If this attribute is set, it indicates the component to use as the generator of session IDs.

sqlCommandTimeout

Specifies the number of seconds a SQL command can be idle before it is canceled. The default is 30.

sqlConnectionRetryInterval

Specifies the time interval, in seconds, between attempts to connect