Application specific configuration information should be stored in web.config files, or in files specified by the web.config file. Common types of information that are stored in web.config files are:

·          Application wide error messages

·          Enabling/Disabling debugging

·          Application level tracing

·          Configuring session state

·          Custom settings (database information, connectors, etc)

This type of configuration data should be items that are common across the entire application and users. Updates to web.config should be minimized to prevent instability in production systems. It is noted that tracking of different versions on the web.config file will be necessary due to configuration changes between various development and production environments: alpha, beta, cert, prod.

There are two methods for maintaining user specific configuration information. One method is to store user specific information is web.config files. An alternative to this is to store user specific information in a database, and have it retrieved by the application at runtime. Both methods are supported. However, the recommended method is to store user data in a database.

Storing user information in web.config files is one method to store and retrieve configuration settings for users. There are inherent problems with this model however. From a support perspective, a new configuration file and release information must be updated every time a user is added, removed, or modified. The web.config file must also be replaced on all servers running the application. Updating several machines leads to the potential of a server not being at the same levels as those of other servers. In addition to this, on a loss of hardware, there is the potential that when a machine is rebuilt, it will not have the latest configuration files.

Utilizing a database for user data is the recommended method for storing user related configuration information. There are a number of benefits to managing configuration information within a database instead of utilizing xml configuration files. The primary benefit is in maintaining application and user integrity. By removing user information from the web.config file, upgrades and modifications can be made to the application without the possibility of omitting a users’s information, having a user’s information be configured with out of date configuration data, or data from another development region. Another benefit to a remote centralized repository is that a change made in one location can be automatically picked up by all applications in the cluster. This will ensure that all applications are using the same configuration information for various users.