Working With Configuration Files in IIS 7
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
In IIS 7, the configuration system enables you to customize Web server administration by delegating configuration sections from server-level configuration files to Web.config files in your sites, applications, and virtual or physical directories.
Delegating Configuration in IIS 7.0
In IIS 7, the locking and unlocking of sections in configuration is known as feature delegation, and these actions enable you to define at what level IIS will read and write configuration. By default, all sections in configuration are locked and can be configured only in server-level configuration files except for the following sections (also referred to as features):
Default document
Directory browsing
HTTP protocol
HTTP redirect
You can unlock additional configuration sections to let non-administrators view and change configuration for the unlocked sections in Web.config files for specific sites, applications, directories, or even URLs. For example, you might unlock the connectionStrings section to let non-administrators configure settings to connect their applications to databases. Alternatively, if you want only administrators to view and change configuration, you can lock all configuration sections and store settings only in server-level configuration files.
Configuration Levels
In IIS 7, you can configure settings at the following levels:
Web server
Site
Application
Virtual or physical directory
URL (also known as file-level configuration)
Note
To configure settings at a child level, a configuration section must be unlocked (also known as delegated) at the parent level or levels. For example, to configure a feature at the application level, the related configuration section or sections must be delegated at both the server and the site levels.
Configuration Files
Configuration exists in a physical directory in either server-level configuration files or in Web.config files. Every configuration file maps to a specific site, application, or virtual directory.
Server-level configuration is stored in the following configuration files:
Machine.config. This file is located in %windir%\Microsoft.NET\Framework\framework_version\CONFIG.
Root Web.config for the .NET Framework. This file is located in %windir%\Microsoft.NET\Framework\framework_version\CONFIG.
ApplicationHost.config. This file is located in %windir%\system32\inetsrv\config.
Site, application, and virtual and physical directory configuration can be stored in one of the following locations:
A server-level configuration file. When configuration for a site, application, directory, or URL is stored in a server-level configuration file, you must use a location tag to specify the site, application, directory, or URL to which the configuration applies.
A parent-level Web.config file. When configuration for an application, directory, or URL is stored in a parent-level configuration file, you must use a location tag to specify the child at which the configuration applies.
The Web.config file for the site, the application, or the directory. When you configure settings for an application, directory, or URL, the configuration is stored in the same directory as the site, application, or directory. You do not need to use location tags.
Storing configuration settings in a parent configuration file is helpful when:
You want to store configuration settings in a configuration file that is accessible by only certain users or groups. For example, the ApplicationHost.config file is available only to the Administrator account and to the members of the Administrators group on a specific computer, as well as to domain administrators when a computer is part of a domain.
You want to configure a feature at the URL-level (also known as file-level).
Inheritance
Sites, applications, virtual directories, physical directories, and files inherit configuration settings from the server-level configuration files and from any parent configuration files. For example, an application inherits configuration settings from the server-level configuration files and from the site's root application Web.config file. The following table illustrates the configuration files in which you can store an object's configuration.
Note
Configuration sections must be delegated if configuration files other than server-level configuration files are used.
| Configuration Object | Server-Level Configuration Files | Parent-Level Configuration Files | Other Configuration Files | Comments |
|---|---|---|---|---|
Web server |
Machine.config Root Web.config ApplicationHost.config |
Not applicable |
Not applicable |
No location tags are needed. Server-level configuration can only exist in server-level configuration files. |
Site |
Machine.config Root Web.config ApplicationHost.config |
Not applicable |
Site's root application Web.config |
Use location tags to store site configuration in server-level configuration files. |
Application |
Machine.config Root Web.config ApplicationHost.config |
Site's root application Web.config |
Application's Web.config |
Use location tags to store application configuration in server-level configuration files or a parent configuration file. |
Virtual or Physical Directory |
Machine.config Root Web.config ApplicationHost.config |
Parent site's root application Web.config Parent application's Web.config |
Directory's Web.config file |
Use location tags to store directory configuration in server-level configuration files, or in a parent configuration file. |
URL (or file) |
Machine.config Root Web.config ApplicationHost.config |
Parent site's root application Web.config Parent application's Web.config Parent directory's Web.config |
Not applicable |
Use location tags to store URL-specific configuration in server-level and parent-level configuration files. |