I have an asp.net WebApi application where I would like to move any configuration that is likely to change out of web.config into an external configuration file.
This will then allow an install update to overwrite the web.config so that it picks up any newer configuration added between version, but preserve other user settings which may vary between deployments.
I have successfully done this with a few sections, eg appSettings.
For appSettings, I have the folliwing in web.config...
<appSettings configSource="config\appSettings.config"/>
And then the external file has the various settings, eg ...
<?xml version="1.0" encoding="utf-8"?>
<appSettings>
<add key="IISSitePrefix" value="http" />
<!--- Set this to True to emit http request debug information to the Event log -->
<add key="EnableHttpDebugTracing" value="false" />
.... etc
I have been trying to do the same with the two configuration settings we need to change to toggle on/off windows authentication, as some deployments will use this, and others will use token based security. To do this I need to move the following out of web.config...
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
<system.web>
<authentication mode="Windows"/>
</system.web>
So for the first tag, I tried the following....
<authentication configSource="config\authentication.config"/>
with the contents of the external file being..
<?xml version="1.0" encoding="utf-8"?>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
However, when I run this, I get the following error...
The configuration section 'authentication' cannot be read because it is missing a section declaration
I get a similar result when I try the other section.
Does anyone know what this means, or even if it is possible to do the above?
Thanks in advance for any help
[EDIT 1]
After one of the comments I have realised, perhaps my configuration is not quite correct (it was some time ago I first looked at this, and am now revisiting)
Previously, to enable integrated (windows) authentication, I thought you needed two bits of configuration (system.web AND system.webserver)...
<system.web>
<authentication mode="Windows"/>
</system.web>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
BUT now looking at this post, it appears I only need the <system.webServer> and not <system.web> at all
I removed my <system.web> and I could indeed turn off the intergarted authentication using just the <system.webServer> section.
So, now, what I want to configure in the external file is just the following..
ie if possible I'd like to just move out the <security> section, and leave the rest of the <system.webServer> in web.config.
I tried the following ..
<system.webServer>
<security configSource ="config\authentication.config"/>
</system.webServer>
With the contents of authentication.config being...
<?xml version="1.0" encoding="utf-8"?>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
But now when I try to execute a route I get..
Unrecognized attribute 'configSource'
Config Source:
87:
88: <security configSource ="config\authentication.config"/>
89:
So my (modified) question becomes is there a way to move out the above section?
