In this section, we saw how to manage configuration for a specific ASP.NET application. The configuration defaults are found within Machine.Config and Machine.Config.Default. When it comes time for the ASP.NET runtime to apply configuration settings to a specific application, ASP.NET looks for overridden configuration settings within an XML file named Web.Config.
The Web.Config file configuring a specific application lives in that application's virtual directory. If you're happy with the way Microsoft set up Web application settings using Machine.Config, you don't need to change anything in Web.Config. However, the default settings (using defaults such as inproc session state Windows authentication) aren't useful for a production Web site.
To change these settings, you may edit the Web.Config file directly (as you had to do in the days of ASP.NET 1.x). However, ASP.NET 2.0 includes new configuration tools that make configuring your site a very straightforward proposition.
We'll encounter ASP.NET configuration many more times in forthcoming chapters. In fact, we'll visit configuration heavily in the next chapter on ASP.NET security.