Professional Documents
Culture Documents
• Introduction
• What is Web Server ?
• Introduction to IIS
o Overview of IIS
o IIS Version in Different OS :
o How to Install IIS 6.0
• IIS 6.0 Process Model and Request Processing
• Deploying your web sites on IIS
o Creating virtual Directory
o Configure Virtual Directory
Virtual Directory
Documents
ASP.NET
Directory Security
Custom Errors
• Application Pool
o How To Create Application Pool ?
Create New Application Pool
Create From Existing Configuration File
o Configure Application Pool Properties
Recycling
What happened during Application Pool Recycling ?
Performance :
Health :
Identity
• Debugging Your Application That Hosted on IIS
• Summary
• My IIS Articles @ Code Project
• Reference and Further Study
• Points of Interest
• History
Introduction
In the past I have written a few articles for beginners and had got a very good
response from all readers. This time I have planned to write an article on IIS 6.0 and
Integration of IIS with ASP.NET. I have worked on IIS 5.1, IIS 6.0 and IIS 7.0.
Though the purpose of all IIS servers are the same they are very different on their
architecture and use. Don't worry, I am not going to explain the differences of
those three versions of IIS. The purpose of this article is completely different. While
answering in the ASP.NET forum, I have found many questions on Deploying Web
sites, the Security settings of IIS, different authentication types, Application Pool,
recycling of application etc. This is an "All in One" article for IIS. This will really
help beginners to know what IIS is, how to install IIS, how to deploy sites on IIS,
creation of Application pool, web garden, etc. This article is all about IIS 6.0. If
anybody is interested in IIS 7.0 please read the article Deploying ASP. Net Websites
on IIS 7.0 . Please give your valuable suggestions and feedback to improve this
article.
Visual Studio has its own ASP.NET Engine, which is responsible for running your web
application so you don't have any problems running an ASP.NET application from VS
IDE. Now when you want to host your site for others to access, the concept of "Web
Server" comes into the picture. A web server is responsible for all the requests that
are coming from clients and provides them a response. So when multiple users come
in, multiple requests will also come in and the web server will have a response for
each of them. IIS (Internet Information Server) is one of the most powerful web
servers from Microsoft that is used to host your ASP.NET web application. IIS has its
own ASP.NET Process to handle the ASP.NET request. If you look at the picture,
The First Client will make a request to the web server (IIS), the web server checks
the request and will pass the request to the ASP.NET Process (Don't get confused
here, I have explained the details), the ASP.NET process Engine will process the
request and pass the response to the client via the Web server. So one of the major
roles of IIS is handling each and every request. Don't worry, I explained each and
every thing in more detail later. So far, I hope it is clear why we are using a web
server.
Introduction to IIS
IIS 6.0 provides a redesigned World Wide Web Publishing Service architecture that
can help you achieve better performance, reliability, scalability, and security for your
Web sites. In this section I have described the overview of IIS and installation guide
of IIS 6.0 .
Overview of IIS
Internet Information Server is one of the most powerful web servers provided by
Microsoft that is able to host and run your web applications. IIS can support
following Protocol FTP, FTPS, SMTP, NNTP , HTTP/HTTPS. We can host our web
sites on IIS, we can use it as a FTP site also. For more information Click Here
Below are the list of IIS Version that support following Operating systems.
Installation of IIS is very similar to installing any other system applications from
control panel. We have to start navigation from Control Panel > Add/Remove
Programs, Then select the Add/Remove windows Component. Follow the
screen given below.
Fig: IIS Installation
Then Select "Application Server" from checkbox list. This will open an new
window, select IIS and click on OK.
Fig: IIS Installation selection
This will initiate the IIS installation. OS will show a continuous progress
bar during installation and will show up a final message after installation complete.
Fig: IIS Installation Progress
Note : During the installation period it may ask for some OS file. You need to
provide the path for that.
After successful installation of IIS, Go to Start > Run > Inetmgr to launch IIS.
The below screen will appear, which ensures that IIS has been successfully installed
in your system.
Fig: IIS installed successfully
Before starting with a virtual directory and Application pool and all other stuff, lets
have a quick look into the IIS 6.0 Process module and the way of IIS
request processing. This topic itself a huge one. Here I am just giving you the
overview of IIS 6.0 Process model and request processing.
• Kernel Mode
o HTTP.SYS
• User Mode
o Web Admin Service
o Virtual Directory
o Application Pool
Fig: IIS 6.0 Process Module
As per the above diagram IIS has two modes, Kernel and User. HTTP.SYS is the
heart of kernel mode which accepts raw request from client and passed it to
particular application pool. Below are a few steps of IIS Request processing.
1. Client Request for a page from browser by hitting the site URL.
2. Request comes to kernel level. HTTP.SYS catches the requests and creates
a separate queue for each and every application pool.
Note : Whenever we create any application pool IIS automatically registers the
pool with HTTP.SYS to identify the particular during request processing.
9. HTTP Modules are executed against the request until the request hits
the ASP.NET page HTTP Handler
10.Once the request leaves the HTTP Pipeline, the Page life cycle starts
If you want to know the details of IIS Request processing, I will suggest that
you please read the article ASP.NET Internals: Request Architecture
In this section I have discussed how to host a site on IIS, how to create virtual
directory, configure Virtual directory etc. Let's start with Virtual directory creation.
There are various way to host a web application on IIS. Visual Studio has some
inbuilt features to host and create virtual directory on IIS directly. Here is one of my
article on hosting site on IIS from Visual studio. But in this section I have discussed
the basic steps for creating virtual directory.
First of all Right Click on Default web sites > New > Virtual Directory .
Fig: Virtual Directory Creation
As its name implies, "virtual directory", does not contain any physical file. We
need to define the physical file path that it will refer. We have to browse the
physical path over here.
Fig: Virtual Directory Creation
Now based on your requirements you can select the check boxes and click on
"Next". Generally we select only "Read" option.
You are done ! Virtual directory has been created successfully. You will get the
final message. Click on "Finish" to close the window and move forward.
Fig: Virtual Directory Creation : Finish
There are some other alternative option that you can use for creating Virtual
Directory.
Below listed section are very important for configuration of any web application.
• Virtual Directory
• Documents
• Documents
• ASP.NET
• Directory Security
• Custom Errors
I have explained each of them step by step. Apart from them Virtual Directory
having settings like BITS Server Extension, HTTP Header etc. I didn't cover those in
this article. Lets start with "Virtual Directory" Tab.
Virtual Directory
This is the most important configuration section for virtual directory. To open this
tab, we need to select the newly created virtual directory.
Here we can change the local path (physical path ). Before looking into other stuff
first look into the "Application Settings" Section. It seems the Application
name is disabled. So first of all we need to click the "Create" button, which will
enable the rest of the thing. Check the below image.
Here we can change the Execution setting and Application pool name. Choosing
"None" for Execute Permission will restrict the access of web site. Now move to
"Documents" Tab.
Documents
Documents tab is used to set the default page of your web application. We can add
or remove page name in this section. To configure we have to move to "Documents"
Tab.
Collapse
http:///mywebsite/home.aspx
but if you define the home.aspx at documents section, you need to write only at
address bar to access the site.
Collapse
http:///mywebsite
ASP.NET
If IIS is registered with multiple .NET Framework version, the ASP.NET Version
dropdown list shows all of them. But based on the application, we need to change
the Framework version. E.g. : If our application developed in .NET 2.0, then the
version should be 2.0.X.X .
Directory Security
Directory security enables all kinds of security access of your web application. For
Directory we need to move to "Directory Security" Tab.
Click on the "Edit" button to modify the directory security settings. After clicking on
Edit button, the below screen will come up.
Fig: Directory Security Settings
• Anonymous
• Integrated Windows Authentication
• Basic Authentication
• Digest Authentication
Anonymous
Anonymous authentication means the site is accessible to all. This is the default
authentication mode for any site that is hosted on IIS, and it runs under
the "IUSR_[ServerName]" account. We can change it by clicking on "Browse"
button.
This authentication mode is generally used for Intranet sites. Users are authenticated
from the Active Directory. Integrated Windows authentication is also known as NTLM
authentication. If browser settings automatically login for trusted sites for
windows authentication then the site will logged in automatically with the windows
user credentials.
Basic Authentication
This is supported by all browsers and is a part of HTTP standard. This shows a Login
dialog control which accepts user name and password. The user id and password is
passed to IIS to authenticate the user from Windows credentials.
Digest Authentication
Note : There are many things related with IIS and ASP.NET Security configuration.
I am not covering all these in detail. I am just giving a brief overview so that you are
comfortable with all this stuff.
For Configuring SSL, please read the reference link that I have provided in reference
section.
Custom Errors
Custom error tab allows us to specify the error page that will be displayed for any
specific type of HTTP Error.
Fig: Directory Security Settings
We can also customize the setting at our application level by configuring the
web.config settings or we change the htm file path by just clicking on "Edit" button.
This is all about the basic overview of creation of virtual directories and setting up.
Hope you are now comfortable with all this stuff.
Application Pool
Application pool is the heart of an web site. An Application pool can contain multiple
web sites. Application pools are used to separate sets of IIS worker processes that
share the same configuration.Application pools enable us to isolate our
web application for better security, reliability, and
availability. The worker process serves as the process boundary that separates
each application pool so that when one worker process or application is having an
issue or recycles, other applications or worker processes are not affected.
Fig: Application Pool - IIS
In this section I have discussed about the creation of application pool, Application
pool settings, Assigning application pool to a web sites.
Application pool creation in IIS 6.0 is very simple task. There are two different way
by which we can create the application pool. There is an Predefine application pool
available in IIS 6.0, called "DefaultApplicationPool". Below are the two different way
to create application pool
The below screen will appear. Where we need to mention the Application Pool name.
When we create any new application pool, we can use the default application setting
for it. The selection of "Default Settings" means by default the application pool
setting will be the same as the IIS default settings. If we want to use the
configuration of existing Application pool, we need to select the section option "Use
existing application pool as template". Selecting this option will enable
the Application Pool name dropdown.
Fig: Application Pool Template Selection
If we select any existing application pool as template, the newly created application
pool should have the same configuration of the template application pool. This
reduce the time of Application pool configuration.
That is all about the creating a new application pool. Now lets have a look into
creation of application pool from existing XML Configuration file.
We can save the configuration of an Application pool into a XML File and we can
create a new application pool from that. This is very useful during
configuration of Application pool inWeb Farm where you have multiple
web servers and you need to configure the application pool for each and every
server. As you are running your web application on Load balancer you need to
unique configuration for all you application pool.
So first of all you need to save the Application pool configuration pool in a server.
Check the below image for details,
Fig: Application Pool Template Selection
During this operation we can set the password for that configuration file which will be
asked during the import of application pool on another server. When we click on the
"Save Configuration to a file", the below screen will appear.
Where we need to provide the Filename and location. If we want we can set
password to encrypt the XML file. Below is the some part of that XML.
Collapse
Location ="inherited:/LM/W3SVC/AppPools/StateServerAppPool"
AdminACL="49634462f0000000a4000000400b1237aecdc1b1c110e38d00"
AllowKeepAlive="TRUE"
AnonymousUserName="IUSR_LocalSystem"
AnonymousUserPass="496344627000000024d680000000076c20200000000"
AppAllowClientDebug="FALSE"
AppAllowDebugging="FALSE"
AppPoolId="DefaultAppPool"
AppPoolIdentityType="2"
AppPoolQueueLength="1000"
AspAllowOutOfProcComponents="TRUE"
AspAllowSessionState="TRUE"
AspAppServiceFlags="0"
AspBufferingLimit="4194304"
AspBufferingOn="TRUE"
AspCalcLineNumber="TRUE"
AspCodepage="0"pre>
Now we can create a new application pool for this configuration file. While creating a
new application pool we have to select the "Application Pool ( From File )"
option as shown in the below figure.
When we select this option a screen will come where we need to enter the the file
name and the password of that file.
Fig: Application Pool Creation From Configuration File
Select the file and click on the "Read File Button". This will show you the
imported application pool name. Click "Ok" to import the full configuration.
Here we need to mention the new application pool name or we can have another
option where we can replace any existing application pool. For moving ahead we
need to provide the password.
Fig: Password for Import Application Pool Configuration.
This is the last step for creating a new application pool from existing configuration
file.
This is one of the most important task for web server configuration and this is mainly
important when we are hosting on production server. As I have already discussed
the Application pool is the heart for any web application hosted on IIS, we need to
know the each and every configuration of Application Pool. For start configuration we
need to go to the properties of application pool.
• Recycling
• Performance
• Health
• Identity
Lets start with "Recycling" Of application Pool
Recycling
Recycling Application pool means recycle the Worker process (w3wp.exe) and the
memory used for the web application. Its very good practice to recycle the worker
process periodically . Which keep application running smooth. There are two types of
recycling related with Application pool
There are three types of settings are available for recycling worker process.
• In Minutes
• Number of Request
• At given time
We can configure Application with specific given number of request. Once IIS
reached to that limit, worker process will recycled automatically.
If we want to recycle the worker process at any given time of period, we can also do
that configuration on IIS. We can also set multiple time for that.
Server Memory is a big concern for an web application. So some time we may need
to clean up the worker process based on the memory consume by it. There are two
types of settings that we can configure in application pool to recycle the worker
process based of memory consumption. These are,
At any time if the worker process consume the specified memory ( at memory
recycling settings ) it will recycled automatically.
This is quite interesting question. Based on above settings, an application pool can
recycle any time. So what happened to all the users who are accessing the site on
that time ? We do not need to worry about that. This process is transparent from
client. When you recycle an application pool, HTTP.SYS holds onto the client
connection in kernel mode while the user mode worker process recycles. After
the process recycle, HTTP.SYS transparently routes the new requests to the new
worker process.
Performance :
Moving to the Performance tab in the Properties dialog box of the selected results
in the following output.
Fig: Application Pool Performance
Web Garden
By default Each Application Pool runs with a Single Worker Process (W3Wp.exe). We
can assign multiple Worker Process With a Single Application Pool. An Application
Poll with multiple Worker process called Web Gardens. Many worker
processes with same Application Pool can sometimes provide better throughput
performance and application response time. And Each Worker Process Should have
there own Thread and Own Memory space.
Fig: Web Garden ( Application Pool with Multiple worker process )
As Given in a Picture, in IIS Server there may be multiple Application pool and each
application pool having at least a single Worker Process. Web Garden should contain
multiple Worker process.
There are some Certain Restriction to use Web Garden with your web application. If
we use Session Mode to "in proc", our application will not work correctly because
session will be handled by different Worker Process. For Avoid this Type of problem
we should have to use Session Mode "out proc" and we can use "Session State
Server" or "SQL-Server Session State".
Main Advantage : The worker processes in a Web garden share the requests that
arrive for that particular application pool. If one worker process fails, another worker
process can continue to process requests.
Health :
Now move to the "Health" tab. When will select the "Health" tab it will show
following screen.
IIS provides a couple of settings to improve the health of an application pool. There
are also a few settings for measuring the worker process health. These are:
• Enable Pinging
• Enable Rapid-fail protection
• Startup time limit
• Shutdown time limit
Enable Pinging
This property specifies whether the WWW Publishing Service should periodically
monitor the health of a worker process. Checking this option indicates to the WWW
service to monitor the worker processes to ensure that worker process are running
and healthy. By default it sets to 30s. This is also needed to check the service is
staying ideal or not. If it is ideal it can be shutdown until next request to come.
Windows Activation Process maintain all this stuff.
Enable Rapid-fail protection
When enabling Rapid Fail Protection the application pool is shut down if there are a
specified number of worker process crashes within a specified time period . When
this happens the WWW Publishing Service puts all applications in the application pool
"out of service".
Failure Count
The default value for failure count is 5 minutes. This property specifies the maximum
number of failures allowed within the number of minutes specified by the "Time
period" property, before the application pool is shut down by Rapid Fail Protection.
Means If the number of failure is more than the specified with the given time
application pool should be puts on "out of service mode"
Time period
This property specifies the number of minutes before the failure count for a process
is reset. By default is sets to 5 minutes.
Start up time limit property specifies the amount of time that the WWW Publishing
Service should wait for a worker process to finish starting up and reporting to the
WWW Service. By general it means time taken to start a Worker process .
This is the shutdown time for an worker process. This is the time required to execute
the all old running worker process request before it shut down during the recycle
time.
Identity
This is the last and final setting for an Application Pool. Application pool having 3
types of identity. "Network Service" is the default Identify. "defaultappPool" is
also runs under the "Network Service" Identity. Below are the listed Application
pool identity with description.
Identity Description
LocalSystem is a built-in account that has administrative
privileges on the server. It can access both local and
LocalSystem remote resources. For any kind accessing of server files or
resources we have to set the Identity of application pool to
Local System.
LocalServices Built-in account has privileges of an
LocalServices authenticated local user account. It does not have any
network access permission
This is the default Identity of Application Pool
NetworkServices NetworkServices has privileges of authenticated local user
account.
We can also configure the Application pool under some given user account. For that
we need to select the "Configurable" option on "identity" tab.
This is all about the application pool. Hope now you have a very good understanding
on what application pool is, how to create and configure application pool.
Q : You are using file upload control in your web application and it is working fine
on Visual Studio but when you host the same code on IIS it is not working. This is
very common problem in web hosting when file upload is involved.
A : When a web application runs under visual studio - ASP.NET Engine integrated
with visual studio takes care of all the executions. And this engine has sufficient
rights so that it can write data on your disk. But when you host the site on IIS, as I
have already mention it runs under the "Network Services" Identity. Which is
having very minimum rights on your system. The user can only have the read access
of the site. So for resolving the file upload issue you need to change the Identity of
application pool from "Network Service" to "Local System". Local System
identity means client can have write access on your hard drive. This will resolve your
issue of file uploading on server.
You can also resolve this issue by giving Write access permission to the file
destination folder for "Everyone".
Note : If ASP.NET v 2.0.X.XXXX extension is prohibited over here, you will not
able to access the site which are running on .NET 2.0 .
I have already published two complete article on code project on above topic. Please
refer those hyperlink for details.
Summary
Below are the few articles on IIS that I have published at Code project.
2. Debug Your ASP.NET Application that Hosted on IIS : Process Attach and Identify
which process to attach.
Introduction
How many time, it has happened with you that when your client has
asked you to that end-user should not be allowed to go back to
previous page using browsers back button? But the actual problem is
we don't have any control on the browser's back button. The “Back”
browser button cannot be actually disabled by a web application as the
browser security will not allow this. But yes there are number of
workarounds using which we can achieve this functionality.
Solutions
Using JavaScript, we can forward the user to the same page if user
presses the back button of the browser. See the code below :
function GoBack()
{
window.history.forward();
}
</script>
<body onload="GoBack();">
This method will always redirect to the user on the current page itself.
Conclusion
Your comments are always appreciated. If you can find out better
solution then this please let me also know.