SYSK 187: The New Way to Get Configuration Settings

In ASP.NET 2.0, you can use the new class – WebConfigurationManager – to access machine and application information.  Better yet, there are a number of framework classes that allow for strongly-typed access of configuration section settings.  For example, to get the current trust level specified as:


  <trust level="Full" originUrl=""/>



you would execute something like this:

System.Web.Configuration.TrustSection section = System.Web.Configuration.WebConfigurationManager.GetWebApplicationSection("system.web/trust") as System.Web.Configuration.TrustSection;



Here is a list of all (?) classes representing configuration sections, in alphabetical order:

·          AnonymousIdentificationSection

·          AppSettingsSection

·          AuthenticationModulesSection

·          AuthenticationSection

·          AuthorizationSection

·          CacheSection

·          ClientSettingsSection

·          ClientTargetSection

·          CompilationSection

·          ConnectionManagementSection

·          ConnectionStringsSection

·          CustomErrorsSection

·          DefaultProxySection

·          DefaultSection

·          DefaultSettingsSection

·          DeploymentSection

·          DeviceFiltersSection

·          GlobalizationSection

·          HealthMonitoringSection

·          HostingEnvironmentSection

·          HttpCookiesSection

·          HttpHandlersSection

·          HttpModulesSection

·          HttpRuntimeSection

·          IdentitySection

·          IgnoreSection

·          ImageGenerationSection

·          MachineKeySection

·          MachineSettingsSection

·          MailSettingsSectionGroup

·          MembershipSection

·          NetSectionGroup

·          OutputCacheSection

·          OutputCacheSettingsSection

·          PagesSection

·          ProcessModelSection

·          ProfileSection

·          ProtectedConfigurationSection

·          RequestCachingSection

·          RoleManagerSection

·          SecurityPolicySection

·          SessionPageStateSection

·          SessionStateSection

·          SettingsSection

·          SiteCountersSection

·          SiteMapSection

·          SmtpMailSection

·          SmtpSection

·          SqlCacheDependencySection

·          TraceSection

·          TransactionsSectionGroup

·          TrustSection

·          UrlMappingsSection

·          WebControlsSection

·          WebPartsSection

·          WebRequestModulesSection

·          WindowsFormsSection

·          XhtmlConformanceSection


Comments (6)

  1. Kris says:

    Good to know this. Thanks for sharing.

  2. LiQ says:

    Hi Irena

    Great resource as usual.

    But could you please, oh please, tell us how to encrypt a section/string in the config-file. I can’t make this happen correctly, but I’ve seen some really simple code before.

    Thank you.

  3. irenake says:

    Are you working on a windows or web app?  Are you trying to encrypt an application/web config file or machine.config?  Without more specific information, all I can do is provide a generic answer, which follows:

    A command-line utility, aspnet_regiis.exe, allows you to encrypt certain portions of the Web.config, such as the <connectionStrings>, <compilation>, and <authentication> sections.

    You can also programatically encrypt configuration sections by using the System.Configuration.SectionInformation class:

    private void ProtectSection(string sectionName,

                               string provider)


       Configuration config =



       ConfigurationSection section =


       if (section != null &&







    private void UnProtectSection(string sectionName)


       Configuration config =



       ConfigurationSection section =


       if (section != null &&







  4. LiQ says:

    Thank you Irina. I meant Web-config, but I thought it was similar to encode the config in both WinApps and WebApps.

    One last question, where do I find out what string to put in the "string provider" in the ProtectSection-method?

    Thank you again

  5. irenake says:

    .NET has a couple of provider classes — DpapiProtectedConfigurationProvider and RsaProtectedConfigurationProvider.  So, you could use:  section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");

    See for a complete example.

  6. Larry says:

    This is all very amusing, but Microsoft has made it impossible to encrypt connection strings in the real world, if you’re on a shared host.

    The OpenWebConfiguration method requires full trust, and no shared host in their right mind is going to grant full trust.  That pretty much rules out 2.0 encryption altogether.

    As to the command line tool aspnet_regiis.exe, can anyone tell me how I’m supposed to run that on my shared host’s computer?  Further, the encryption process puts the keys in some obscure folder, one which I’m quite sure I don’t have access to on my host.

    Microsoft – you screwed up again!

Skip to main content