Managing Application Configuration
Configuration data is data that controls the program's logic instead of data that controls the business or user logic. An example of configuration data is a connection string to a database. Storage options that SharePoint provides for other types of data are also available for configuration data. The following tables outline the available storage options for configuration data.
Storage mechanism |
Web.config |
Advantages |
APIs such as the ConfigurationSection class and SPWebConfigModification class are already designed to hold modifications that are made to the Web.config file. There are some configurations such as HTTPModules, FBA membership and Role providers that have to go in web.config |
Disadvantages |
Additional work required to deploy changes across a server farm. |
Tools |
None. |
Security model |
It requires administrator privileges. |
Issues with serialization |
The configuration data must be serializable. |
Hierarchical (can store at different levels) |
No. Only at the Web application level. |
Storage mechanism |
Hierarchical object store (HOS) (SPPersistedObject) |
Advantages |
Classes that derive from SPPersistedObject can persist strongly typed data. |
Disadvantages |
There is no UI. You must derive from SPPersistedObject for each entity to be stored and manage these entities. For example, If you need an entity for each SPWeb in your application, you will need to potentially maintain a tree of SPPersistedObject entities in parallel with the tree of SPWebs. |
Tools |
See the "Manage Hierarchical Object Store" feature at https://www.codeplex.com/features. This feature only stores values in the Web application. You can build a hierarchy of persisted objects but these objects don’t necessarily map to SPSites and SPWebs. |
Security model |
Users need administrator privileges to access the related SharePoint object (such as SPFarm or SPWebApplication). |
Issues with serialization |
The objects are strongly typed. This means that there is less concern about accidently persisting an unserializable object. |
Hierarchical (can store at different levels) |
Yes, but only SPFarm and SPWebApplication are SPPersistedObjects; therefore, they can be parents to other SPPersistedObjects. Other persisted objects will need to build off trees rooted to SPFarm or SPWebApplication. |
Storage mechanism |
Property bag |
Advantages |
It is probably the most light-weight and easy to use of all the configuration storage options. You can create a _layouts page for your own settings, which has the benefit of making your solution feel much more integrated. |
Disadvantages |
There is no standard user interface available. |
Tools |
See the SharePoint Property Bags Settings tool at https://www.codeplex.com/pbs. |
Security model |
Users need the appropriate access to the related SharePoint object (such as the SPFarm, SPWebApplication, or the SPWeb). You can only write into SPWebApplication property bags when your code runs under the security context of the central administration application pool or farm administrator (an account that has enough privileges to the config database). However, you can read from such property bags regardless of its application pool security context. |
Issues with serialization |
Persisting non-serializable objects can cause corrupted data. |
Hierarchical (can store at different levels) |
Yes. This option provides storage at all levels, from a server farm to a list. |
Storage mechanism |
Lists |
Advantages |
There is a SharePoint UI for editing lists. Optionally, you can apply permissions to specific items in the list. It already has workflows and event handlers. These allow you to program actions that should occur when the configuration changes. Also, lists have auditing and alerts when settings change. |
Disadvantages |
This option is not advisable for farm-level or Web application-level configuration data. This is because it can require cross-site list queries. It is also inappropriate for sensitive data that end users should not see or modify, such as connection strings. You can secure read-access permissions to the list, but this complicates the ability to query the list programmatically. |
Tools |
See the SharePoint Config Store tool at https://www.codeplex.com/SPConfigStore. |
Security model |
Access depends on the access control lists on the list. |
Issues with serialization |
No problem if the data can be persisted in the list. |
Hierarchical (can store at different levels) |
Yes. This option can be used at the farm, site collection, and Web levels. |