Configure apps by using configuration files
.NET Framework gives developers and administrators control and flexibility over the way applications run through configuration files. Configuration files are XML files that can be changed as needed. An administrator can control which protected resources an application can access, which versions of assemblies an application will use, and where remote applications and objects are located. Developers can put settings in configuration files, eliminating the need to recompile an application every time a setting changes. This section describes what can be configured and why configuring an application might be useful.
Managed code can use the classes in the System.Configuration namespace to read settings from the configuration files, but not to write settings to those files.
This article describes the syntax of configuration files and provides information about the three types of configuration files: machine, application, and security.
Configuration file format
Configuration files contain elements, which are logical data structures that set configuration information. Within a configuration file, you use tags to mark the beginning and end of an element. For example, the
<runtime> element consists of
</runtime>. An empty element would be written as
As with all XML files, the syntax in configuration files is case-sensitive.
You specify configuration settings using predefined attributes, which are name/value pairs inside an element's start tag. The following example specifies two attributes (
href) for the
<codeBase> element, which specifies where the runtime can locate an assembly (for more information, see Specifying an Assembly's Location).
<codeBase version="220.127.116.11" href="http://www.litwareinc.com/myAssembly.dll"/>
Machine configuration files
The machine configuration file, Machine.config, contains settings that apply to an entire computer. This file is located in the %runtime install path%\Config directory. Machine.config contains configuration settings for machine-wide assembly binding, built-in remoting channels, and ASP.NET.
The configuration system first looks in the machine configuration file for the <appSettings> element and other configuration sections that a developer might define. It then looks in the application configuration file. To keep the machine configuration file manageable, it is best to put these settings in the application configuration file. However, putting the settings in the machine configuration file can make your system more maintainable. For example, if you have a third-party component that both your client and server application uses, it is easier to put the settings for that component in one place. In this case, the machine configuration file is the appropriate place for the settings, so you don't have the same settings in two different files.
Deploying an application using XCOPY will not copy the settings in the machine configuration file.
For more information about how the common language runtime uses the machine configuration file for assembly binding, see How the Runtime Locates Assemblies.
Application configuration files
An application configuration file contains settings that are specific to an app. This file includes configuration settings that the common language runtime reads (such as assembly binding policy, remoting objects, and so on), and settings that the app can read.
The name and location of the application configuration file depend on the app's host, which can be one of the following:
These apps have two configuration files: a source configuration file, which is modified by the developer during development, and an output file that's distributed with the app.
By default, the name of the source configuration file is App.config. When you create a .NET Framework project in Visual Studio, an App.config file is automatically added to the project. You can also add a file manually by selecting File > New File. Place the App.config file in the project directory and set its Copy To Output Directory property to Copy always or Copy if newer.
To create the output configuration file that's deployed with the app, Visual Studio copies the source configuration file to the directory where the compiled assembly is placed. This file is named <yourappname>.exe.config. For example, an app named myApp.exe has an output configuration file named myApp.exe.config.
For more information about ASP.NET configuration files, see ASP.NET Configuration Settings.
Security configuration files
Security configuration files contain information about the code group hierarchy and permission sets associated with a policy level. We strongly recommend that you use the Code Access Security Policy tool (Caspol.exe) to modify security policy to ensure that policy changes do not corrupt the security configuration files.
Starting with .NET Framework 4, the security configuration files are present only if security policy has been changed.
The security configuration files are in the following locations:
Enterprise policy configuration file: %runtime-install-path%\Config\Enterprisesec.config
Machine policy configuration file: %runtime-install-path%\Config\Security.config
User policy configuration file: %USERPROFILE%\Application data\Microsoft\CLR security config\vxx.xx\Security.config