<?xml version="1.0"?>
<!-- =====================================================================

  File:      Web.config for Adventure Works Cycles Storefront Sample
  Summary:   Web settings for the application
  Date:	     June 16, 2003

=====================================================================

  This file is part of the Microsoft SQL Server Code Samples.
  Copyright (C) Microsoft Corporation.  All rights reserved.

This source code is intended only as a supplement to Microsoft
Development Tools and/or on-line documentation.  See these other
materials for detailed information regarding Microsoft code samples.

THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.

======================================================= -->
<configuration>
	<!-- application specific settings -->
	<appSettings>
		<add key="ExtendedOrderProcessing" value="false"/>
	</appSettings>
	<system.diagnostics>
		<assert assertuienabled="false" logfilename=".\log.txt"/>
	</system.diagnostics>
	<!-- forms based authentication -->
	<system.web>
		<compilation debug="true">
			<compilers>
				<compiler language="c#" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=1.2.3400.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" extension=".cs" compilerOptions="/d:DEBUG;TRACE /incr+"/>
			</compilers>
				
	        <assemblies>
		    <add assembly="System.Web, Version=1.2.3400.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
		    </assemblies>
		</compilation>
		<!-- enable Forms authentication -->
		<authentication mode="Forms">
			<forms name="AdventureWorksStoreAuth" loginUrl="login.aspx" protection="All" path="/"/>
		</authentication>
		

		<!-- enable custom errors for the application -->
		<customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx"/>
		<!-- disable session state for application -->
		<sessionState mode="InProc"/>
		<trace enabled="true" requestLimit="40" localOnly="false"/>
	</system.web>
	<connectionStrings>
			<add name="OLTP"
			     connectionString="server=.;database=AdventureWorks;Integrated Security=SSPI" />
	</connectionStrings>

	<!-- set secure paths -->
	<location path="Checkout.aspx">
		<system.web>
			<authorization>
				<deny users="?"/>
			</authorization>
		</system.web>
	</location>
	<location path="OrderList.aspx">
		<system.web>
			<authorization>
				<deny users="?"/>
			</authorization>
		</system.web>
	</location>
	<location path="OrderDetails.aspx">
		<system.web>
			<authorization>
				<deny users="?"/>
			</authorization>
		</system.web>
	</location>
</configuration>