Professional Documents
Culture Documents
Introduction To IIS: Heading0015
Introduction To IIS: Heading0015
Introduction To IIS: Heading0015
aspx#
heading0015
IIS
IIS (Internet Information Server) is one of the most powerful web servers from
Microsoft that is used to host your ASP.NET web application. IIS has its own ASP.NET
Process to handle the ASP.NET request.
Introduction to IIS
IIS 6.0 provides a redesigned World Wide Web Publishing Service architecture that can help you
achieve better performance, reliability, scalability, and security for your Web sites. In this section
I have described the overview of IIS and installation guide of IIS 6.0 .
Overview of IIS
Internet Information Server is one of the most powerful web servers provided by Microsoft that
is able to host and run your web applications. IIS can support following Protocol FTP, FTPS,
host our web sites on IIS, we can use it as a FTP site also.
IIS Version
IIS 7.0
IIS 7.0
IIS 6.0
IIS 5.1
IIS 5.0
Then Select "Application Server" from checkbox list. This will open an new window, select
IIS and click on OK.
Kernel Mode
o HTTP.SYS
User Mode
6.The HttpContext object represents the context of the currently active request, as it contains
references to objects you can access during the request lifetime, such as Request, Response,
Application, Server, and Cache.
7.The HttpRuntime creates a pool of HttpApplication objects.
8. The request passes through the HTTP Pipeline
9. HTTP Modules are executed against the request until the request hits the ASP.NET page HTTP
Handler
10.Once the request leaves the HTTP Pipeline, the Page life cycle starts
If you want to know the details of IIS Request processing, I will suggest that you please read the
article ASP.NET Internals: Request Architecture
Give the "Alias" name and proceed for "Next" . The alias name is your virtual directory name.
Now based on your requirements you can select the check boxes and click on "Next". Generally
we select only "Read" option.
Read: It is most basic and is mandatory to access the webpage of your application.
Run Scripts: It is required for the aspx pages not for the static HTML pages
because aspx pages need more permissions sp that they could conceivably perform
operations.
Execute: This allows the user to run an ordinary executable file or CGI application.
This can be a security risk so allow when it is really needed.
Write: It allows to add, modify or remove files from the web server. This should
never be allowed.
Browse: This allows one to retrieve a full list of files in the virtual directory even if
the contents of the file are restricted. It is generally disabled.
You are done ! Virtual directory has been created successfully. You
Click on "Finish" to close the window and move forward.
Virtual Directory
Documents
Documents
ASP.NET
Directory Security
Custom Errors
I have explained each of them step by step. Apart from them Virtual Directory having settings
like BITS Server Extension, HTTP Header etc. I didn't cover those in this article. Lets start with
"Virtual Directory" Tab.
Virtual Directory
This is the most important configuration section for virtual directory. To open this tab, we need
to select the newly created virtual directory.
Here we can change the Execution setting and Application pool name. Choosing "None" for
Execute Permission will restrict the access of web site. Now move to "Documents" Tab.
Documents
Documents tab is used to set the default page of your web application. We can add or remove
page name in this section. To configure we have to move to "Documents" Tab.
but if you define the home.aspx at documents section, you need to write only at address bar to
access the site.
Collapse
http:///mywebsite
ASP.NET
If IIS is registered with multiple .NET Framework version, the ASP.NET Version dropdown list
shows all of them. But based on the application, we need to change the Framework version.
E.g. : If our application developed in .NET 2.0, then the version should be 2.0.X.X .
Anonymous
Basic Authentication
Digest Authentication
Anonymous
Anonymous authentication means the site is accessible to all. This is the default authentication
mode for any site that is hosted on IIS, and it runs under the "IUSR_[ServerName]" account. We
can change it by clicking on "Browse" button.
Integrated Windows Authentication
This authentication mode is generally used for Intranet sites. Users are authenticated from the
Active Directory. Integrated Windows authentication is also known as NTLM authentication.
If browser settings automatically login for trusted sites for windows authentication then the site
will logged in automatically with the windows user credentials.
Basic Authentication
This is supported by all browsers and is a part of HTTP standard. This shows a Login dialog
control which accepts user name and password. The user id and password is passed to IIS to
authenticate the user from Windows credentials.
Digest Authentication
The disadvantages of Basic authentication mode is that it sends a password as plain text. Digest
authentication does almost the same thing as basic authentication but it sends the "Hash" of the
password rather than sending plain text.
Integrated Windows, Basic Authentication and Digest Authentication use active directory to
authenticate the user.
Note : There
are many things related with IIS and ASP.NET Security configuration. I am not
covering all these in detail. I am just giving a brief overview so that you are comfortable with all
this stuff.
For Configuring SSL, please read the reference link that I have provided in reference section.
Custom Errors
Custom error tab allows us to specify the error page that will be displayed for any specific type
of HTTP Error.
Application Pool
Application pool is the heart of an web site. An Application pool can contain multiple web sites.
Application pools are used to separate sets of IIS worker processes that share the same
configuration. Application pools enable us to isolate our web application for
better security, reliability, and availability. The worker process serves as the
process boundary that separates each application pool so that when one worker process or
application is having an issue or recycles, other applications or worker processes are not affected.
Location ="inherited:/LM/W3SVC/AppPools/StateServerAppPool"
AdminACL="49634462f0000000a4000000400b1237aecdc1b1c110e38d00"
AllowKeepAlive="TRUE"
AnonymousUserName="IUSR_LocalSystem"
AnonymousUserPass="496344627000000024d680000000076c20200000000"
AppAllowClientDebug="FALSE"
AppAllowDebugging="FALSE"
AppPoolId="DefaultAppPool"
AppPoolIdentityType="2"
AppPoolQueueLength="1000"
AspAllowOutOfProcComponents="TRUE"
AspAllowSessionState="TRUE"
AspAppServiceFlags="0"
AspBufferingLimit="4194304"
AspBufferingOn="TRUE"
AspCalcLineNumber="TRUE"
AspCodepage="0"pre>
Now we can create a new application pool for this configuration file. While creating a new
application pool we have to select the "Application Pool ( From File )" option as shown in
the below figure.
Recycling
Performance
Health
Identity
Worker process recycling is the replacing of the instance of the application in memory. IIS 6.0
can automatically recycle worker processes by restarting the worker process that are assigned to
an application pool and associated with websites. This improve the web sites performance and
keep web sites up and running smoothly.
In Minutes
Number of Request
At given time
We can set a specific time period after which worker process will be recycle . IIS will take care
of all the current running request.
Recycle Worker Process (Number of Request) :
We can configure Application with specific given number of request. Once IIS reached to that
limit, worker process will recycled automatically.
Recycle Worker Process (In Minutes) :
If we want to recycle the worker process at any given time of period, we can also do that
configuration on IIS. We can also set multiple time for that.
Server Memory is a big concern for an web application. So some time we may need to clean up
the worker process based on the memory consume by it. There are two types of settings that we
can configure in application pool to recycle the worker process based of memory consumption.
These are,
By default Each Application Pool runs with a Single Worker Process (W3Wp.exe). We can assign
multiple Worker Process With a Single Application Pool. An Application Poll with
multiple Worker process called Web Gardens. Many worker processes with same
Application Pool can sometimes provide better throughput performance and application response
time. And Each Worker Process Should have there own Thread and Own Memory space.
Enable Pinging
Enable Pinging
This property specifies whether the WWW Publishing Service should periodically monitor the
health of a worker process. Checking this option indicates to the WWW service to monitor the
worker processes to ensure that worker process are running and healthy. By default it sets to 30s.
This is also needed to check the service is staying ideal or not. If it is ideal it can be shutdown
until next request to come. Windows Activation Process maintain all this stuff.
When enabling Rapid Fail Protection the application pool is shut down if there are a specified
number of worker process crashes within a specified time period . When this happens the WWW
Publishing Service puts all applications in the application pool "out of service".
Failure Count
The default value for failure count is 5 minutes. This property specifies the maximum number of
failures allowed within the number of minutes specified by the "Time period" property, before
the application pool is shut down by Rapid Fail Protection. Means If the number of failure is
more than the specified with the given time application pool should be puts on "out of service
mode"
Time period
This property specifies the number of minutes before the failure count for a process is reset. By
default is sets to 5 minutes.
Startup time limit
Start up time limit property specifies the amount of time that the WWW Publishing Service
should wait for a worker process to finish starting up and reporting to the WWW Service. By
general it means time taken to start a Worker process .
Shutdown time limit
This is the shutdown time for an worker process. This is the time required to execute the all old
running worker process request before it shut down during the recycle time.
Identity
This is the last and final setting for an Application Pool. Application pool having 3 types of
identity. "Network Service" is the default Identify. "defaultappPool" is also runs under the
"Network Service" Identity. Below are the listed Application pool identity with description.
Identity
Description
LocalSystem is a built-in account that has administrative privileges
on the server. It can access both local and remote resources. For any
LocalSystem
kind accessing of server files or resources we have to set the Identity
of application pool to Local System.
LocalServices Built-in account has privileges of an authenticated
LocalServices
local user account. It does not have any network access permission
This is the default Identity of Application Pool NetworkServices has
NetworkServices
privileges of authenticated local user account.
Navigating to Identity tab will show following screen.
When a web application runs under visual studio - ASP.NET Engine integrated with visual
studio takes care of all the executions. And this engine has sufficient rights so that it can write
data on your disk. But when you host the site on IIS, as I have already mention it runs under the
"Network Services" Identity. Which is having very minimum rights on your system. The user
can only have the read access of the site. So for resolving the file upload issue you need to
change the Identity of application pool from "Network Service" to "Local System". Local
System identity means client can have write access on your hard drive. This will resolve your
issue of file uploading on server.
A :
You can also resolve this issue by giving Write access permission to the file destination folder for
"Everyone".
ASP.NET runs within a process known as the ASP.NET worker process. All ASP.NET
functionality runs within the scope of this process.
A regular Web server contains only a single ASP.NET worker process. This is different from both
Web farms and Web gardens:
In a Web farm, Network Load Balancing determines the ASP.NET worker process
selected.
Process model settings are exposed in the root configuration file for the computer,
Machine.config. The configuration section is named <processModel> Element and is
shown in the following example. On computers running Windows 2000 and Windows
XP, the process model is enabled by default (enable="true").