Some ASP.NET settings are so critical that the system administrator should prevent them from being changed by individual applications. This ability is especially crucial for servers that host multiple applications written by different developers. In this case, the administrator can prevent undesired changes by adding an allowOverride attribute to the <location> tag:
<location path="Default Web Site/MyApp" allowOverride="false">
<allow roles="MyDomain\Administrator" />
<deny users="*" />
Another way to prevent a set of values from being redefined is by adding an allowDefinition attribute to a tag in the portion of the configuration file. For example, the following entry in machine.config effectively prevents the key from appearing in application's web.config files:
System.Web, Version=1.0.3300.0, Culture=neutral,
The allowDefinition attribute can take three values: MachineOnly for settings that can appear only in machine.config; MachineToApplication for settings that can appear in machine.config and the application's main web.config file, but not in secondary web.config files; and Everywhere for settings that can appear in any .config file. (This is the default behavior if this attribute setting is omitted).
This tips has been taken from Chapter 24 "ASP.NET Applications" of Francesco Balena's Programming Microsoft Visual Basic .NET (Microsoft Press). Read a sample chapter from our Book Bank, or buy at 30% off the list price.