Prevent unauthorized changes to ASP.NET configuration files

Prevent unauthorized changes to ASP.NET configuration files

Some ASP.NET settings are so critical that the system administrator should prevent them from being changed by individual applications. This ability is especially crucial for servers that host multiple applications written by different developers. In this case, the administrator can prevent undesired changes by adding an allowOverride attribute to the tag:


Another way to prevent a set of values from being redefined is by adding an allowDefinition attribute to a

tag in the portion of the configuration file. For example, the following entry in machine.config effectively prevents the key from appearing in application’s web.config files:

The allowDefinition attribute can take three values: MachineOnly for settings that can appear only in machine.config; MachineToApplication for settings that can appear in machine.config and the application’s main web.config file, but not in secondary web.config files; and Everywhere for settings that can appear in any .config file. (This is the default behavior if this attribute setting is omitted).

This tips has been taken from Chapter 24 “ASP.NET Applications” of Francesco Balena’s Programming Microsoft Visual Basic .NET (Microsoft Press). Read a sample chapter from our Book Bank, or buy at 30% off the list price.

See also  Essential Measures for Safeguarding Your Digital Data

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist