While it's pretty cool that you can programmatically mess with web.config, I'm starting to feel that it's not entirely practical because of the security implications. NETWORK SERVICE needs permission to write to it, or you need to use impersonation. Regardless, this is not xcopy deployment.
If there's a simple, streamlined way to work around this problem, I'd love to hear about it.
4 Comments
I share your pain. From what I've read in the past, MS didn't design web.config to be writeable...it's supposed to be a read-only holding pen for configuration settings. If we have to jump through hoops to write to it, there is probably a reason why we shouldn't...plus bear in mind that if you write to it from asp.net it'll restart your application (which will lead to some perf degradation). While I don't have a solution for you for 1.x (aside from what you mentioned in your post), I do know that 2.0 specifically addresses this "problem." In the interim, roll your own xml file formats and write to them.
I don't see the API for configuration modification being used in every web application. Certain applications would use them for administrative purposes, but those changes would be rare. Any web application that needs it's web.config changed regularly is not one that was thought out.
Actually, I WAS talking about doing this in v2. I know it's not something that gets frequently used, but I'm trying to get the app I'm working on to be as idiot-proof as possible.
You are right, and you'll find out eventually you'll need write access in the directory and not just the web.config file. I don;t think it reflects poorly on the API, but does require some careful planning.
Jayson: one way to avoid the application restarts is to put the writiable portion of the config file in an external file and reference the file with the configSource attribute. (see http://odetocode.com/Articles/418.aspx).