How To Add Safe Control In Web.config File

Posted on  by

SharePoint – Register an assembly as a safe control in the Web.config file. You will need to add your safe control to the web.config file. However, you need to think “WEB FARM” with many servers hosting the web application so I will show you a couple ways to do this. There are three ways you can update the web.config. Register an assembly as a safe control in the Web.config file In order for you to use your own custom assembly with your web parts and other little bits, you will need to add your safe control to the web.config file. However, you need to think 'WEB FARM' with many servers hosting the web application so I will show you a couple ways to do this.

18 Dec 2011CPOL
Complete description about the ASP.NET configuration. This article helps you to understand the web.config file in a better way and also helps you to program against it.

Introduction

The time you start developing your web application until you finish the application, you will more often use the Web.config file not only for securing your application but also for wide range of other purposes which it is intended for. ASP.NET Web.config file provides you a flexible way to handle all your requirements at the application level. Despite the simplicity provided by the .NET Framework to work with web.config, working with configuration files would definitely be a task until you understand it clearly. This could be one of the main reasons that I started writing this article.

This article would be a quick reference for the professional developers and for those who just started programming in .NET. This article would help them to understand the ASP.NET configuration in an efficient way. The readers may skip the reading section 'Authentication, Authorization, Membership Provider, Role Provider and Profile Provider Settings', as most of them are familiar with those particular settings.

Background

In this article, I am going to explain about the complete sections and settings available in the Web.config file and how you can configure them to use in the application. In the later section of the article, we will see the .NET classes that are used to work with the configuration files. The contents of the articles are summarized below:

  1. Web.config sections/settings
  2. Reading Web.config
  3. Writing or manipulating Web.config
  4. Encrypting the Web.config and
  5. Creating your own Custom Configuration Sections

Points to be Remembered

ASP.NET Web.config allows you to define or revise the configuration settings at the time of developing the application or at the time of deployment or even after deployment. The following are brief points that can be understood about the Web.config file:

  • Web.config files are stored in XML format which makes us easier to work with.
  • You can have any number of Web.config files for an application. Each Web.config applies settings to its own directory and all the child directories below it.
  • All the Web.config files inherit the root Web.config file available at the following location systemrootMicrosoft.NETFrameworkversionNumberCONFIGWeb.config location
  • IIS is configured in such a way that it prevents the Web.config file access from the browser.
  • The changes in Web.config don’t require the reboot of the web server.

Web.config Settings

Before we start working with configuration settings of ASP.NET, we see the hierarchy of the Web.config file.

So from the above tree structure, we can understand that the configuration tag is the root element of the Web.config file under which it has all the remaining sub elements. Each element can have any number of attributes and child elements which specify the values or settings for the given particular section. To start with, we’ll see the working of some of the most general configuration settings in the Web.config file.

system.web

In the configuration hierarchy, the most common thing we will work with is the system.web section. Now we look at some of the child sections of the system.web section of Web.config file.

Compilation Settings

If you are using Visual Studio 2010, probably the only available section of Web.config file by default is Compilation section. If you want to specify the target framework or if you need to add an assembly from the Global Assembly Cache (GAC) or if you want to enable the debugging mode of the application, you can take Compilation settings as granted for these tasks. The following code is used to achieve the discussed settings:

Under the assemblies element, you are supposed to mention the type, version, culture and public key token of the assembly. In order to get the public key token of an assembly, you need to follow the below mentioned steps:

  1. Go to Visual Studio tools in the start menu and open the Visual Studio command prompt.
  2. In the Visual Studio command prompt, change the directory to the location where the assembly or .dll file exists.
  3. Use the following command, sn –T itextsharp.dll.
  4. It generates the public key token of the assembly. You should keep one thing in mind that only public key token is generated only for the assemblies which are strongly signed.

Example

Explicit and sample attributes are applicable only to VB.NET and C# compiler however ignores these settings.

Page Settings

Ok, by this time, we have got familiar with the Web.config file and we have seen the settings of Compilation Sections, now we will see the settings of a page. As an ASP.NET application consists of several number of pages, we can set the general settings of a page like sessionstate, viewstate, buffer, etc., as shown below:

By using the MasterPageFile and theme attributes, we can specify the master page and theme for the pages in web application.

Custom Error Settings

The next section of Web.config file, we are going to look around is Custom Error settings, by the name itself it is clear that we can configure the settings for the application level errors in these section. Now we will see the description of the customErrors section of the Web.config from the below mentioned code snippet.

The customErrors section consists of defaultRedirect and mode attributes which specify the default redirect page and the on/off mode respectively.
The subsection of customErrors section allows redirecting to specified page depending on the error status code.

  • 400 Bad Request
  • 401 Unauthorized
  • 404 Not Found
  • 408 Request Timeout

For a more detailed report of status code list, you can refer to this URL:

Location Settings

If you are working with a major project, probably you might have numerous numbers of folders and sub-folders, at this kind of particular situation, you can have two options to work with. First thing is to have a Web.config file for each and every folder(s) and Sub-folder(s) and the second one is to have a single Web.config for your entire application. If you use the first approach, then you might be in a smoother way, but what if you have a single Web.config and you need to configure the sub-folder or other folder of your application, the right solution is to use the 'Location' tag of 'system.web' section of Web.config file. However you can use this tag in either of the discussed methods.

The following code shows you to work with Location settings:

In a similar way, you can configure any kind of available settings for any file/folder using the location tag.

Session State and View State Settings

As we all know, the ASP.NET is stateless and to maintain the state we need to use the available state management techniques of ASP.NET. View state and session state are among them. For complete information about view state and Session State and how to work with, there are some excellent articles in CodeProject, which you can refer here:

Now we'll see the Web.config settings of View State and Session State:
View State can be enabled or disabled by using the following page settings in the web.config file.

Session state settings for different modes are as shown below:

HttpHandler Settings

HttpHandler is a code that executes when an http request for a specific resource is made to the server. For example, request an .aspx page the ASP.NET page handler is executed, similarly if an .asmx file is requested, the ASP.NET service handler is executed. An HTTP Handler is a component that handles the ASP.NET requests at a lower level than ASP.NET is capable of handling.

You can create your own custom http handler, register it with IIS and receive notice whenever a request is made. For doing this, you just need to create a class which implements IHttpHanlder and then you need to add the following section of configuration settings in the web.config file. For this demonstration, I have created a sample imagehandler class which displays a JPG image to the browser.You can go through the imagehandler class code in the sample download code.

HttpModule Settings

HttpModule is a class or an assembly that implements the IHttpModule interface that handles the application events or user events. You can too create your own custom HttpModule by implementing the interface and configure it with ISS. The following settings show the HttpModules configuration in the web.config.

Authentication, Authorization, Membership Provider, Role Provider and Profile Provider Settings

These settings are directly available in the web.config file if you have created the ASP.NET application by using the Visual Studio 2010. I'm not going to elaborate them as there are lot of articles in CodeProject describing the functionality and use of these settings and for further information you can refer to them. Some of the links are here:

Authentication Settings

Authorization Settings

Membership Provider Settings

Role Provider Settings

Profile Provider Settings

AppSettings

In the above section, we have seen the settings available in system.web tag, now we will see the available settings in appSettings section.
appSettings element helps us to store the application settings information like connection strings, file paths, URLs, port numbers, custom key value pairs, etc.
The following code snippet shows the example of appSettings Section:

connectionStrings

The most common section of web.config file the connectionStrings sections allows you to store multiple connection strings that are used in the application. The connectionStrings tag consists of child element with attributes name and connectionstring which is used to identify the connectionstring and the other is used to connect to the database server respectively.

The general connectionstring settings are shown below:

ConfigSections

ConfigSections helps you to create your own custom configuration section that can be used with the web.config file. We look at this in the later section of the article, for the time being, we can have look at the configsection settings. ConfigSections should be declared just below the configuration (parent element) otherwise it is going through you an error.

Web.config

Teen Safe Control App

Programmatically Accessing the Web.config File

We can use the C# classes to read and write the values to the Web.config file.

Reading appSettings values

The following code is used to read the appSettings values from Web.config file. You can use either of the methods shown below:

Reading connectionstring values

The following code is used to read the connectionstring values from Web.config file. You can use either of the methods shown below:

Reading configuration section values

The following code is used to read the configuration section values from Web.config file. The comments in the code will help you to understand the code:

Update the configuration section values

The following code is used to read the configuration section values from Web.config file:

Encrypt Configuration Sections of Web.config File

As we have already discussed that IIS is configured in such a way that it does not serve the Web.Config to browser, but even in some such situation to provide more security, you can encrypt some of the sections of web.config file. The following code shows you the way to encrypt the sections of web.config file:

Custom Configuration Section in Web.config

I have thought twice before I could put this section of content in this article, as there are a lot of wonderful articles explaining this topic, but just to make this article as complete, I have included this topic too.

Create Custom Configuration Section

The ConfigurationSection class helps us to extend the Web.config file in order to fulfill our requirements. In order to have a custom configuration section, we need to follow the below steps:

Before we actually start working with it, we will have a look at the section settings. We need to have a ProductSection element with child elements girdSettings and color. For this purpose, we will create two classes with the child elements which inherits ConfigurationElement as shown below:

.. and then we will create a class called ProductSection, for the root element which includes the above child elements.

Then finally, we will configure these elements in Web.config file as shown below:

Access Custom Configuration Section

The following code is used to access the custom configuration section:

Conclusion

In this article, we have learned about the ASP.NET configuration file and we have seen almost all the available and frequently used settings of web.config file. I hope you enjoyed reading this article and this article might have helped you in completing your tasks in some way. Any comments, suggestions and feedback are always welcome, which will help me to write more articles and improve the way in which I present the articles.

-->How To Add Safe Control In Web.config File

For security, SharePoint differentiates between Web controls that are protected against script injection and Web controls that are not. Protected controls, or safe controls, can be accessed by untrusted users. You can mark controls as safe in the Safe Control Entries property of a SharePoint project item or in the Package Designer when you add an assembly to the package. For more information, see

  • web.config file Settings Change and Registering a Web Part Assembly as a Safe Control.

Important

How To Add Safe Control In Web.config File Download

These procedures are for illustrative purposes. Mark controls safe only if you are certain that they are secure.

Marking Safe Controls in the Safe Control Entries Property

To mark controls as safe or unsafe in the safe control entries property

  1. Create a SharePoint solution with a Visual Web Part project.

  2. Add two controls to the Web part: a text box and a button. Leave the names at their default values, TextBox1 and Button1, respectively.

  3. Add two entries to the Web part's Safe Control Entries property. To do this, choose the ellipsis () button next to the Safe Control Entries property in the Properties window.

    The Safe Control Entries dialog box appears.

  4. In the Safe Control Entries dialog box, choose the Add button twice to add two safe control entries to the Members pane: one for the button and one for the text box.

  5. Choose the first safe control entry, and then change the value of its Safe property to False, its Type Name property to Button1, and its Safe Against Script property to False.

    This step identifies the button control as an unsafe control.

  6. Choose the second safe control entry in the list. Leave the value of its Safe property as True and set its Type Name property to TextBox1 and its Safe Against Script property to True.

    The text box control is now marked as a control that is safe against script injection.

  7. Choose the OK button to close the dialog box.

Marking Safe Controls in the Package Designer

To mark controls as safe or unsafe in the Package Designer

  1. Create a SharePoint solution with a Visual Web Part project.

  2. Add two controls to the Web part: a text box and a button. Leave the names at their default values, TextBox1 and Button1, respectively.

    Take note of the namespace of the control because it is used later.

  3. On the menu bar, choose Build > Build Solution to build the project.

  4. Create another SharePoint solution.

  5. In Solution Explorer, open the shortcut menu for the Package.Package file, and then choose Open to open the Package Designer.

  6. In the Package Designer, choose the Advanced tab.

  7. Under Additional Assemblies, choose the Add button, and then choose Add Existing Assembly from the list.

  8. In the Add Existing Assembly dialog box, choose the ellipsis () button next to Source Path.

  9. Choose the assembly from the SharePoint solution that you created in Step 1, and then choose the Open button.

  10. For this example, leave the Deployment Target Die siedler 4 no cd crack german. option as GlobalAssemblyCache.

    This step causes the assembly to deploy to the system Global Assembly Cache (GAC). If you want the assembly to deploy to the Web application (Bin) folder, select that option instead. For more information, see Deploying Web Parts in SharePoint Foundation.

  11. In the Safe Controls box, choose the Click here to add a new item button.

  12. Enter the values for the properties from the following table.

    Property NameValue
    NamespaceThe fully-qualified namespace for the control, such as BdcModelProject1.VisualWebPart1.
    Type NameButton1
    Assembly NameA strong assembly name, such as: Microsoft.Office.SharePoint.ClientExtensions, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c.
    SafeClear the Safe check box.
    Safe Against ScriptLeave the Safe Against Script check box clear.

    Drivers sony vaio pcg 5k2m kamera express. Note

    The Assembly Name value for assemblies added through the Advanced tab of the Package Designer cannot be a token, it must be a strongly-named assembly. For more information, see Creating and Using Strong-Named Assemblies.

  13. Choose the Tab key to create another safe control entry.

  14. Choose the Click here to add a new item button again.

  15. Enter the values for the properties from the following table.

    Property NameValue
    NamespaceThe fully-qualified namespace for the control, such as BdcModelProject1.VisualWebPart1.
    Type NameTextBox1
    Assembly NameA strong assembly name, such as: Microsoft.Office.SharePoint.ClientExtensions, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c.
    SafeSelect the Safe check box.
    Safe Against ScriptSelect the Safe Against Script check box.

  16. Choose the Tab key, and then choose the OK button to close the dialog box.

Pyxis Cii Safe Control Station

See also