Is there a way to "insert" a new section into Web.Config using transforms?

Asked 17/5, 2014 at 9:45 Answered 18/5, 2014 at 0:57

Solved asp.net xslt web-config-transform xdt-transform

In my Web.Config I have the following

  <system.webServer>

    <modules>
       **some code**
    </modules>
    <handlers>
       **some code**    
    </handlers>

  </system.webServer>

How do I transform it so I can inject a new sub section for "security" into "system.webServer"? Everything I have tried and search on so far has failed.

What I desire is shown below:

  <system.webServer>

    <modules>
       **some code**
    </modules>
    <handlers>
       **some code**    
    </handlers>

    <security>
      <ipSecurity allowUnlisted="false" denyAction="NotFound">
        <add allowed="true" ipAddress="10.148.176.10" />
      </ipSecurity>
    </security>

  </system.webServer>

Napery answered 17/5, 2014 at 9:45 Comment(3)

As far as I know web.config is read only once on application start even if you could it does not mean it will take effect until app restarts. – Intercrop 17/5, 2014 at 9:57

Changing web.config will trigger an app restart. You could of course generate it from a transform during deployment, but it looks like the OP wants to use an IP address based on the server itself. That might be possible (depending on the hosting setup) though it has nothing to do with XSLT as such. – Unhesitating 17/5, 2014 at 18:16

@Unhesitating To clarify, I want to be able to add the <security> section during deployment by using transforms. Cheers Paul – Napery 17/5, 2014 at 21:26

Found the solution that worked. Within my Web.Azure.Config file I had to add the following:

  <system.webServer>
    <security xdt:Transform="Insert">
      <ipSecurity allowUnlisted="false" denyAction="NotFound">
        <add allowed="true" ipAddress="10.148.176.10" />
      </ipSecurity>
    </security>
  </system.webServer>

I tried this before posting the question but due to a typo in another part of Web.Config it was erroring.

Napery answered 17/5, 2014 at 21:44 Comment(2)

Just to be crystal clear, the important part is xdt:Transform="Insert". Whichever element has this attribute will get inserted into the output. Don't forget you can use "Preview Transform" in VS to quickly see if a transform has the effect you expect. – Byline 25/4, 2019 at 13:54

For anyone else struggling with testing XDT Transformations, the excellent Elmah Tools site has a tester here: elmah.io/tools/webconfig-transformation-tester – Macromolecule 9/3, 2023 at 16:38

It seems that the best solution for deployment would be to specify in the Web.Azure.Config, as you specified in your answer.

Just for fun, posting this XSLT solution that you could also use to either add the <security> element with the IP address if it did not exist, or invoke later to add additional entries. Set the IP address in the ipAddress parameter when executing. If no ipAddress is specified, it does nothing.

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:output omit-xml-declaration="yes" indent="yes"/>
    <xsl:param name="ipAddress"/>

   <xsl:template match="@*|node()">
       <xsl:copy>
           <xsl:apply-templates select="@*|node()"/>
       </xsl:copy>
   </xsl:template>

    <!--Create security/ipSecurity with specified IP address, 
        if specified in param-->
    <xsl:template match="system.webServer[not(security)]">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
            <xsl:if test="$ipAddress">
                <security>
                    <ipSecurity allowUnlisted="false" denyAction="NotFound">
                        <add allowed="true" ipAddress="{$ipAddress}" />
                    </ipSecurity>
                </security>
            </xsl:if>
        </xsl:copy>      
    </xsl:template>

    <!--Add an allowed IP address to existing security/ipSecurity entry, 
        if IP address is specified in param -->
    <xsl:template match="security/ipSecurity">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
            <xsl:if test="$ipAddress">
                <add allowed="true" ipAddress="{$ipAddress}" />
            </xsl:if>
        </xsl:copy>
    </xsl:template>
</xsl:stylesheet>

Vharat answered 18/5, 2014 at 0:57 Comment(0)

Recommended topics

Hot tags