Locking ASP.NET Health Monitoring Configuration

  • Article

ASP.NET health monitoring provides you with detailed run-time information about ASP.NET resources. You can configure ASP.NET health monitoring using the configuration files associated with the Web application, the Web site, and the Web server. Configuration files located in subdirectories override and extend all configuration settings defined in parent configuration files.

In application hosting scenarios, you often want to lock some settings on a site to prevent modification. For example, you might want to lock the health monitoring settings for hosted applications to reduce the risk of accidental modifications to your Web application's configuration.

You can lock configuration settings by adding an allowOverride="false" attribute in a <location> tag. If this attribute is set, the configuration system will throw an error if a configuration file that is lower in the hierarchy attempts to override any configuration section defined in the <location> tag.

The following example configuration file locks the healthMonitoring section of an ASP.NET application named application1. The file could be stored at either the machine level or at the site level. You can lock elements with more granularity using the attributes lockItem, lockAttributes, lockElements, and so on. For more information, see General Attributes Inherited by Section Elements.

<configuration>
  <location path="application1" allowOverride="false">
    <system.web>
      <healthMonitoring
        enabled="true"
        heartBeatInterval="60">
        <bufferModes>
          <add name="Logging"
            maxBufferSize="1000"
            maxFlushSize="200"
            urgentFlushThreshold="800"
            regularFlushInterval="00:30:00"
            urgentFlushInterval="00:05:00"
            maxBufferThreads="1"
          />
        </bufferModes>
        <providers>
           <add name="EventLogProvider"
            type="System.Web.Management.EventLogWebEventProvider, System.Web, Version=%ASSEMBLY_VERSION%, Culture=neutral, PublicKeyToken=%MICROSOFT_PUBLICKEY%"
            buffer="true"
            bufferMode="Logging"
          />
        </providers>
        <eventMappings>
          <add name="All Errors"
            type="System.Web.Management.WebBaseErrorEvent, System.Web, Version=%ASSEMBLY_VERSION%, Culture=neutral, PublicKeyToken=%MICROSOFT_PUBLICKEY%" 
          />
        </eventMappings>
        <profiles>
          <add name="Default"
            minInstances="1"
            maxLimit="Infinite"
            minInterval="00:10:00"
          />
        </profiles>
        <rules>
          <add name="All Errors Default"
            eventName="All Errors"
            provider="EventLogProvider"
            profile="Default"
            minInterval="00:01:00" 
          />
        </rules>
      </healthMonitoring>
    </system.web>
  </location>
</configuration>

The configuration settings in the example would prevent modification of the healthMonitoring section at the application level for the ASP.NET application named application1. Any attempt to override the example configuration settings for application1 would generate a configuration system error.

Locking ASP.NET health monitoring configuration is one way to add security protection to your Web application. Additional health monitoring security protection includes encrypting sensitive values, protecting custom error details, and securing event logs. For more information, see Securing ASP.NET Health Monitoring.

See Also

Tasks

How to: Lock ASP.NET Configuration Settings

Concepts

Securing ASP.NET Health Monitoring
ASP.NET Configuration Overview

Other Resources

Configuring Applications