You are on page 1of 39

Table of Contents

• Introduction
• What is Web Server ?
• Introduction to IIS
o Overview of IIS
o IIS Version in Different OS :
o How to Install IIS 6.0
• IIS 6.0 Process Model and Request Processing
• Deploying your web sites on IIS
o Creating virtual Directory
o Configure Virtual Directory
 Virtual Directory
 Documents
 ASP.NET
 Directory Security
 Custom Errors
• Application Pool
o How To Create Application Pool ?
 Create New Application Pool
 Create From Existing Configuration File
o Configure Application Pool Properties
 Recycling
 What happened during Application Pool Recycling ?
 Performance :
 Health :
 Identity
• Debugging Your Application That Hosted on IIS
• Summary
• My IIS Articles @ Code Project
• Reference and Further Study
• Points of Interest
• History

Introduction

In the past I have written a few articles for beginners and had got a very good
response from all readers. This time I have planned to write an article on IIS 6.0 and
Integration of IIS with ASP.NET. I have worked on IIS 5.1, IIS 6.0 and IIS 7.0.
Though the purpose of all IIS servers are the same they are very different on their
architecture and use. Don't worry, I am not going to explain the differences of
those three versions of IIS. The purpose of this article is completely different. While
answering in the ASP.NET forum, I have found many questions on Deploying Web
sites, the Security settings of IIS, different authentication types, Application Pool,
recycling of application etc. This is an "All in One" article for IIS. This will really
help beginners to know what IIS is, how to install IIS, how to deploy sites on IIS,
creation of Application pool, web garden, etc. This article is all about IIS 6.0. If
anybody is interested in IIS 7.0 please read the article Deploying ASP. Net Websites
on IIS 7.0 . Please give your valuable suggestions and feedback to improve this
article.

What is a Web Server ?

Visual Studio has its own ASP.NET Engine, which is responsible for running your web
application so you don't have any problems running an ASP.NET application from VS
IDE. Now when you want to host your site for others to access, the concept of "Web
Server" comes into the picture. A web server is responsible for all the requests that
are coming from clients and provides them a response. So when multiple users come
in, multiple requests will also come in and the web server will have a response for
each of them. IIS (Internet Information Server) is one of the most powerful web
servers from Microsoft that is used to host your ASP.NET web application. IIS has its
own ASP.NET Process to handle the ASP.NET request. If you look at the picture,

Fig: IIS Server Overview

The First Client will make a request to the web server (IIS), the web server checks
the request and will pass the request to the ASP.NET Process (Don't get confused
here, I have explained the details), the ASP.NET process Engine will process the
request and pass the response to the client via the Web server. So one of the major
roles of IIS is handling each and every request. Don't worry, I explained each and
every thing in more detail later. So far, I hope it is clear why we are using a web
server.
Introduction to IIS

IIS 6.0 provides a redesigned World Wide Web Publishing Service architecture that
can help you achieve better performance, reliability, scalability, and security for your
Web sites. In this section I have described the overview of IIS and installation guide
of IIS 6.0 .

Overview of IIS

Internet Information Server is one of the most powerful web servers provided by
Microsoft that is able to host and run your web applications. IIS can support
following Protocol FTP, FTPS, SMTP, NNTP , HTTP/HTTPS. We can host our web
sites on IIS, we can use it as a FTP site also. For more information Click Here

IIS Version in Different OS :

Below are the list of IIS Version that support following Operating systems.

Operating System IIS Version


Windows Server 2008 IIS 7.0
Windows Vista - Home Premium/ Ultimate IIS 7.0
Windows Server 2003 IIS 6.0
Windows XP Professional IIS 5.1
Windows 2000 Server IIS 5.0 IIS 5.0

How to Install IIS 6.0

Installation of IIS is very similar to installing any other system applications from
control panel. We have to start navigation from Control Panel > Add/Remove
Programs, Then select the Add/Remove windows Component. Follow the
screen given below.
Fig: IIS Installation

Then Select "Application Server" from checkbox list. This will open an new
window, select IIS and click on OK.
Fig: IIS Installation selection

This will initiate the IIS installation. OS will show a continuous progress
bar during installation and will show up a final message after installation complete.
Fig: IIS Installation Progress

Note : During the installation period it may ask for some OS file. You need to
provide the path for that.

After successful installation of IIS, Go to Start > Run > Inetmgr to launch IIS.

The below screen will appear, which ensures that IIS has been successfully installed
in your system.
Fig: IIS installed successfully

IIS 6.0 Process Model and Request Processing

Before starting with a virtual directory and Application pool and all other stuff, lets
have a quick look into the IIS 6.0 Process module and the way of IIS
request processing. This topic itself a huge one. Here I am just giving you the
overview of IIS 6.0 Process model and request processing.

We can divide the whole architecture into two layers.

• Kernel Mode
o HTTP.SYS
• User Mode
o Web Admin Service
o Virtual Directory
o Application Pool
Fig: IIS 6.0 Process Module

As per the above diagram IIS has two modes, Kernel and User. HTTP.SYS is the
heart of kernel mode which accepts raw request from client and passed it to
particular application pool. Below are a few steps of IIS Request processing.

1. Client Request for a page from browser by hitting the site URL.

2. Request comes to kernel level. HTTP.SYS catches the requests and creates
a separate queue for each and every application pool.

Note : Whenever we create any application pool IIS automatically registers the
pool with HTTP.SYS to identify the particular during request processing.

Then HTTP.SYS forwards the request to Application Pool

3. Request comes to application pool means worker process(w3wp.exe) start action


by loading ISAPI Filter.

4. Based on the requested resource, w3wp.exe loads "aspnet_isapi.dll" for aspx


page and starts an HTTPRuntime, which is the entry point of an application.

5.Then the HttpRuntime.ProcessRequest method signals the start of the


processing.
6.The HttpContext object represents the context of the currently active request,
as it contains references to objects you can access during the request lifetime, such
as Request, Response,Application, Server, and Cache.

7.The HttpRuntime creates a pool of HttpApplication objects.

8. The request passes through the HTTP Pipeline

9. HTTP Modules are executed against the request until the request hits
the ASP.NET page HTTP Handler

10.Once the request leaves the HTTP Pipeline, the Page life cycle starts

If you want to know the details of IIS Request processing, I will suggest that
you please read the article ASP.NET Internals: Request Architecture

Deploying your web sites on IIS

In this section I have discussed how to host a site on IIS, how to create virtual
directory, configure Virtual directory etc. Let's start with Virtual directory creation.

Creating Virtual Directory

There are various way to host a web application on IIS. Visual Studio has some
inbuilt features to host and create virtual directory on IIS directly. Here is one of my
article on hosting site on IIS from Visual studio. But in this section I have discussed
the basic steps for creating virtual directory.

First of all Right Click on Default web sites > New > Virtual Directory .
Fig: Virtual Directory Creation

By Selecting "Virtual Directory..." Virtual directory creation wizard will start.


Click on "Next"

Fig: Virtual Directory Creation


Give the "Alias" name and proceed for "Next" . The alias name is your virtual
directory name.

Fig: Virtual Directory Creation

As its name implies, "virtual directory", does not contain any physical file. We
need to define the physical file path that it will refer. We have to browse the
physical path over here.
Fig: Virtual Directory Creation

Now based on your requirements you can select the check boxes and click on
"Next". Generally we select only "Read" option.

Fig: Virtual Directory Creation : Permission settings

Below is the list of permissions that we can refer.

• Read: It is most basic and is mandatory to access the webpage of your


application.
• Run Scripts: It is required for the aspx pages not for the static HTML pages
because aspx pages need more permissions sp that they could conceivably
perform operations.
• Execute: This allows the user to run an ordinary executable file or CGI
application. This can be a security risk so allow when it is really needed.
• Write: It allows to add, modify or remove files from the web server. This
should never be allowed.
• Browse: This allows one to retrieve a full list of files in the virtual directory
even if the contents of the file are restricted. It is generally disabled.

You are done ! Virtual directory has been created successfully. You will get the
final message. Click on "Finish" to close the window and move forward.
Fig: Virtual Directory Creation : Finish

There are some other alternative option that you can use for creating Virtual
Directory.

1. Copy the physical directory to the wwwroot folder.

2. Physical Folder Properties > Web Sharing.

Configure Virtual Directory

Below listed section are very important for configuration of any web application.

• Virtual Directory
• Documents
• Documents
• ASP.NET
• Directory Security
• Custom Errors

I have explained each of them step by step. Apart from them Virtual Directory
having settings like BITS Server Extension, HTTP Header etc. I didn't cover those in
this article. Lets start with "Virtual Directory" Tab.
Virtual Directory

This is the most important configuration section for virtual directory. To open this
tab, we need to select the newly created virtual directory.

Fig: Virtual Directory Configuration

Right Click on it > Properties. Below screen will come up.


Fig: Virtual Directory Properties

Here we can change the local path (physical path ). Before looking into other stuff
first look into the "Application Settings" Section. It seems the Application
name is disabled. So first of all we need to click the "Create" button, which will
enable the rest of the thing. Check the below image.

Fig: Virtual Directory Creation

Here we can change the Execution setting and Application pool name. Choosing
"None" for Execute Permission will restrict the access of web site. Now move to
"Documents" Tab.

Documents

Documents tab is used to set the default page of your web application. We can add
or remove page name in this section. To configure we have to move to "Documents"
Tab.

Fig: Virtual Directory Creation


This is useful when you want to access site directly with the virtual directory name.
As for example, if your virtual directory name is "mywebsite" and your home page
name is "home.aspx". Then you have to access the page as follows,

Collapse
http:///mywebsite/home.aspx

but if you define the home.aspx at documents section, you need to write only at
address bar to access the site.

Collapse
http:///mywebsite

ASP.NET

If IIS is registered with multiple .NET Framework version, the ASP.NET Version
dropdown list shows all of them. But based on the application, we need to change
the Framework version. E.g. : If our application developed in .NET 2.0, then the
version should be 2.0.X.X .

Fig:ASP.NET Version Selection


Tips: If the .NET framework is already installed in your system when you are
installing IIS, then ASP.NET will not be registered with IIS. So if you host any
application on IIS it will not work. To Register your IIS with the ASP.NET version you
need to run the aspnet_regiis -i command from the command prompt. This will
automatically register the .NET Framework with your IIS.

For more Info : Please Read

Directory Security

Directory security enables all kinds of security access of your web application. For
Directory we need to move to "Directory Security" Tab.

Fig: Directory Security Settings

Click on the "Edit" button to modify the directory security settings. After clicking on
Edit button, the below screen will come up.
Fig: Directory Security Settings

Below are the commonly used IIS Security settings

• Anonymous
• Integrated Windows Authentication
• Basic Authentication
• Digest Authentication

Anonymous

Anonymous authentication means the site is accessible to all. This is the default
authentication mode for any site that is hosted on IIS, and it runs under
the "IUSR_[ServerName]" account. We can change it by clicking on "Browse"
button.

Integrated Windows Authentication

This authentication mode is generally used for Intranet sites. Users are authenticated
from the Active Directory. Integrated Windows authentication is also known as NTLM
authentication. If browser settings automatically login for trusted sites for
windows authentication then the site will logged in automatically with the windows
user credentials.

Basic Authentication

This is supported by all browsers and is a part of HTTP standard. This shows a Login
dialog control which accepts user name and password. The user id and password is
passed to IIS to authenticate the user from Windows credentials.

Digest Authentication

The disadvantages of Basic authentication mode is that it sends a password as plain


text. Digest authentication does almost the same thing as basic authentication but it
sends the "Hash" of the password rather than sending plain text.

Integrated Windows, Basic Authentication and Digest Authentication use active


directory to authenticate the user.

Note : There are many things related with IIS and ASP.NET Security configuration.
I am not covering all these in detail. I am just giving a brief overview so that you are
comfortable with all this stuff.

For Configuring SSL, please read the reference link that I have provided in reference
section.

Custom Errors

Custom error tab allows us to specify the error page that will be displayed for any
specific type of HTTP Error.
Fig: Directory Security Settings

We can also customize the setting at our application level by configuring the
web.config settings or we change the htm file path by just clicking on "Edit" button.

This is all about the basic overview of creation of virtual directories and setting up.
Hope you are now comfortable with all this stuff.

Application Pool

Application pool is the heart of an web site. An Application pool can contain multiple
web sites. Application pools are used to separate sets of IIS worker processes that
share the same configuration.Application pools enable us to isolate our
web application for better security, reliability, and
availability. The worker process serves as the process boundary that separates
each application pool so that when one worker process or application is having an
issue or recycles, other applications or worker processes are not affected.
Fig: Application Pool - IIS

Generally we do it on our production environment. The main advantages of using


application pool is the isolation of worker processes to differentiate sites and we can
customize the configuration for each application to achieve the certain level of
performance. The maximum number of application pool that is supported by IIS is
2000.

In this section I have discussed about the creation of application pool, Application
pool settings, Assigning application pool to a web sites.

How To Create Application Pool ?

Application pool creation in IIS 6.0 is very simple task. There are two different way
by which we can create the application pool. There is an Predefine application pool
available in IIS 6.0, called "DefaultApplicationPool". Below are the two different way
to create application pool

• Create New Application Pool


• Create From Existing Configuration File

Create New Application Pool


First of all we need to open IIS Configuration Manager. Then Right Click on
Application Pool and go to New > Application Pool.

Fig: Create New Application Pool

The below screen will appear. Where we need to mention the Application Pool name.

Fig: New Application Pool Name

When we create any new application pool, we can use the default application setting
for it. The selection of "Default Settings" means by default the application pool
setting will be the same as the IIS default settings. If we want to use the
configuration of existing Application pool, we need to select the section option "Use
existing application pool as template". Selecting this option will enable
the Application Pool name dropdown.
Fig: Application Pool Template Selection

If we select any existing application pool as template, the newly created application
pool should have the same configuration of the template application pool. This
reduce the time of Application pool configuration.

That is all about the creating a new application pool. Now lets have a look into
creation of application pool from existing XML Configuration file.

Create From Existing Configuration File

We can save the configuration of an Application pool into a XML File and we can
create a new application pool from that. This is very useful during
configuration of Application pool inWeb Farm where you have multiple
web servers and you need to configure the application pool for each and every
server. As you are running your web application on Load balancer you need to
unique configuration for all you application pool.

So first of all you need to save the Application pool configuration pool in a server.
Check the below image for details,
Fig: Application Pool Template Selection

During this operation we can set the password for that configuration file which will be
asked during the import of application pool on another server. When we click on the
"Save Configuration to a file", the below screen will appear.

Fig: Save Configuration as XML File

Where we need to provide the Filename and location. If we want we can set
password to encrypt the XML file. Below is the some part of that XML.

Collapse
Location ="inherited:/LM/W3SVC/AppPools/StateServerAppPool"
AdminACL="49634462f0000000a4000000400b1237aecdc1b1c110e38d00"
AllowKeepAlive="TRUE"
AnonymousUserName="IUSR_LocalSystem"
AnonymousUserPass="496344627000000024d680000000076c20200000000"
AppAllowClientDebug="FALSE"
AppAllowDebugging="FALSE"
AppPoolId="DefaultAppPool"
AppPoolIdentityType="2"
AppPoolQueueLength="1000"
AspAllowOutOfProcComponents="TRUE"
AspAllowSessionState="TRUE"
AspAppServiceFlags="0"
AspBufferingLimit="4194304"
AspBufferingOn="TRUE"
AspCalcLineNumber="TRUE"
AspCodepage="0"pre>

Now we can create a new application pool for this configuration file. While creating a
new application pool we have to select the "Application Pool ( From File )"
option as shown in the below figure.

Fig: Application Pool Creation From Configuration File

When we select this option a screen will come where we need to enter the the file
name and the password of that file.
Fig: Application Pool Creation From Configuration File

Select the file and click on the "Read File Button". This will show you the
imported application pool name. Click "Ok" to import the full configuration.

Fig: Application Pool Creation From Configuration File

Here we need to mention the new application pool name or we can have another
option where we can replace any existing application pool. For moving ahead we
need to provide the password.
Fig: Password for Import Application Pool Configuration.

This is the last step for creating a new application pool from existing configuration
file.

Configure Application Pool Properties

This is one of the most important task for web server configuration and this is mainly
important when we are hosting on production server. As I have already discussed
the Application pool is the heart for any web application hosted on IIS, we need to
know the each and every configuration of Application Pool. For start configuration we
need to go to the properties of application pool.

Fig: Application pool Properties

We need to configure the following things in Application pool.

• Recycling
• Performance
• Health
• Identity
Lets start with "Recycling" Of application Pool

Recycling

Recycling Application pool means recycle the Worker process (w3wp.exe) and the
memory used for the web application. Its very good practice to recycle the worker
process periodically . Which keep application running smooth. There are two types of
recycling related with Application pool

• Recycling Worker Process - Predefined Settings


• Recycling Worker Process - Based on Memory

Recycling Worker Process - Predefined Settings

Worker process recycling is the replacing of the instance of the application in


memory. IIS 6.0 can automatically recycle worker processes by restarting the worker
process that are assigned to an application pool and associated with websites. This
improve the web sites performance and keep web sites up and running smoothly.

Fig: Application pool Recycling- Worker Process.

There are three types of settings are available for recycling worker process.

• In Minutes
• Number of Request
• At given time

Recycle Worker Process (In Minutes) :


We can set a specific time period after which worker process will be recycle . IIS will
take care of all the current running request.

Recycle Worker Process (Number of Request) :

We can configure Application with specific given number of request. Once IIS
reached to that limit, worker process will recycled automatically.

Recycle Worker Process (In Minutes) :

If we want to recycle the worker process at any given time of period, we can also do
that configuration on IIS. We can also set multiple time for that.

Fig: Application pool Recycling- Worker Process : Time Setting.

Recycling Worker Process - Based on Memory

Server Memory is a big concern for an web application. So some time we may need
to clean up the worker process based on the memory consume by it. There are two
types of settings that we can configure in application pool to recycle the worker
process based of memory consumption. These are,

• Maximum Virtual Memory Used


• Maximum Used memory
Fig: Application pool Recycling- Worker Process.

At any time if the worker process consume the specified memory ( at memory
recycling settings ) it will recycled automatically.

What happened during Application Pool Recycling ?

This is quite interesting question. Based on above settings, an application pool can
recycle any time. So what happened to all the users who are accessing the site on
that time ? We do not need to worry about that. This process is transparent from
client. When you recycle an application pool, HTTP.SYS holds onto the client
connection in kernel mode while the user mode worker process recycles. After
the process recycle, HTTP.SYS transparently routes the new requests to the new
worker process.

Performance :

Moving to the Performance tab in the Properties dialog box of the selected results
in the following output.
Fig: Application Pool Performance

To improve the performance of web application we can setup the performance


settings for an application pool. We can set the shut down time of worker process
based on the ideal time. worker process will be shut down on given time period if it
seat ideal. When ever a new requests come it will live again. Another important
thing for improve the performance is "Web Garden".

Web Garden

Overview of web garden

By default Each Application Pool runs with a Single Worker Process (W3Wp.exe). We
can assign multiple Worker Process With a Single Application Pool. An Application
Poll with multiple Worker process called Web Gardens. Many worker
processes with same Application Pool can sometimes provide better throughput
performance and application response time. And Each Worker Process Should have
there own Thread and Own Memory space.
Fig: Web Garden ( Application Pool with Multiple worker process )

As Given in a Picture, in IIS Server there may be multiple Application pool and each
application pool having at least a single Worker Process. Web Garden should contain
multiple Worker process.

There are some Certain Restriction to use Web Garden with your web application. If
we use Session Mode to "in proc", our application will not work correctly because
session will be handled by different Worker Process. For Avoid this Type of problem
we should have to use Session Mode "out proc" and we can use "Session State
Server" or "SQL-Server Session State".

How to create web garden ?

We need to increase the number of worker process on performance tab.

Fig: Web Garden Creation

Main Advantage : The worker processes in a Web garden share the requests that
arrive for that particular application pool. If one worker process fails, another worker
process can continue to process requests.

Health :
Now move to the "Health" tab. When will select the "Health" tab it will show
following screen.

Fig: Health monitoring setting

IIS provides a couple of settings to improve the health of an application pool. There
are also a few settings for measuring the worker process health. These are:

• Enable Pinging
• Enable Rapid-fail protection
• Startup time limit
• Shutdown time limit

Enable Pinging

This property specifies whether the WWW Publishing Service should periodically
monitor the health of a worker process. Checking this option indicates to the WWW
service to monitor the worker processes to ensure that worker process are running
and healthy. By default it sets to 30s. This is also needed to check the service is
staying ideal or not. If it is ideal it can be shutdown until next request to come.
Windows Activation Process maintain all this stuff.
Enable Rapid-fail protection

When enabling Rapid Fail Protection the application pool is shut down if there are a
specified number of worker process crashes within a specified time period . When
this happens the WWW Publishing Service puts all applications in the application pool
"out of service".

Failure Count

The default value for failure count is 5 minutes. This property specifies the maximum
number of failures allowed within the number of minutes specified by the "Time
period" property, before the application pool is shut down by Rapid Fail Protection.
Means If the number of failure is more than the specified with the given time
application pool should be puts on "out of service mode"

Time period

This property specifies the number of minutes before the failure count for a process
is reset. By default is sets to 5 minutes.

Startup time limit

Start up time limit property specifies the amount of time that the WWW Publishing
Service should wait for a worker process to finish starting up and reporting to the
WWW Service. By general it means time taken to start a Worker process .

Shutdown time limit

This is the shutdown time for an worker process. This is the time required to execute
the all old running worker process request before it shut down during the recycle
time.

Identity

This is the last and final setting for an Application Pool. Application pool having 3
types of identity. "Network Service" is the default Identify. "defaultappPool" is
also runs under the "Network Service" Identity. Below are the listed Application
pool identity with description.

Identity Description
LocalSystem is a built-in account that has administrative
privileges on the server. It can access both local and
LocalSystem remote resources. For any kind accessing of server files or
resources we have to set the Identity of application pool to
Local System.
LocalServices Built-in account has privileges of an
LocalServices authenticated local user account. It does not have any
network access permission
This is the default Identity of Application Pool
NetworkServices NetworkServices has privileges of authenticated local user
account.

Navigating to Identity tab will show following screen.

Fig: Application Pool Identity Configuration

We can also configure the Application pool under some given user account. For that
we need to select the "Configurable" option on "identity" tab.

This is all about the application pool. Hope now you have a very good understanding
on what application pool is, how to create and configure application pool.

Q : You are using file upload control in your web application and it is working fine
on Visual Studio but when you host the same code on IIS it is not working. This is
very common problem in web hosting when file upload is involved.
A : When a web application runs under visual studio - ASP.NET Engine integrated
with visual studio takes care of all the executions. And this engine has sufficient
rights so that it can write data on your disk. But when you host the site on IIS, as I
have already mention it runs under the "Network Services" Identity. Which is
having very minimum rights on your system. The user can only have the read access
of the site. So for resolving the file upload issue you need to change the Identity of
application pool from "Network Service" to "Local System". Local System
identity means client can have write access on your hard drive. This will resolve your
issue of file uploading on server.

You can also resolve this issue by giving Write access permission to the file
destination folder for "Everyone".

Enabling Web Service Extension

IIS 6.0 provides certain type of configuration from where we


can enable/disable web service extension. If we want to prohibit/restrict any kind
of extension we need to select the extension and click on "Prohibit" button.

Fig: Web Service Extension Configuration

Note : If ASP.NET v 2.0.X.XXXX extension is prohibited over here, you will not
able to access the site which are running on .NET 2.0 .

Debugging Your Application That Hosted on IIS


If your site is hosted on IIS and we want to debug the site then main thing that we
need to attaching of worker process with Visual Studio. There are two possible
scenario for debugging from IIS.

1. Site is Hosted on Local IIS Server : Local IIS Debugging

2. Site is Hosted on Remote IIS Server : Remote IIS Debugging

I have already published two complete article on code project on above topic. Please
refer those hyperlink for details.

Summary

To summarize , this article is for the beginners who are trying to


learn something on IIS. This article gives a complete coverage of IIS, Hosting
sites on IIS, Application pool creation etc. I have also mentioned few tips which are
very commonly used in dealing with IIS. Hope this will help the beginners who are
struggling with site hosting on IIS and configure it. There are so many things
related with IIS and it is not possible to complete all of them in a single article. This
is just all in one overview. I hope that in the future I will publish a few more articles
on IIS in details. Please give your valuable feedback and suggestions in order to
improve the article. Thank you.

My IIS Articles @ Code Project

Below are the few articles on IIS that I have published at Code project.

1. Deploying ASP. Net Websites on IIS 7.0

2. Debug Your ASP.NET Application that Hosted on IIS : Process Attach and Identify
which process to attach.

3. Remote IIS Debugging : Debug your ASP.NET Application which is hosted on


"Remote IIS Server"

disable / Handle back button of the browser.

Introduction
How many time, it has happened with you that when your client has
asked you to that end-user should not be allowed to go back to
previous page using browsers back button? But the actual problem is
we don't have any control on the browser's back button. The “Back”
browser button cannot be actually disabled by a web application as the
browser security will not allow this. But yes there are number of
workarounds using which we can achieve this functionality.

Solutions
Using JavaScript, we can forward the user to the same page if user
presses the back button of the browser. See the code below :

<script type="text/javascript" language="javascript">

function GoBack()
{
window.history.forward();
}
</script>

Call this JavaScript function on the onload event of body tag.

<body onload="GoBack();">

This method will always redirect to the user on the current page itself.

For example, user is on page 1 and there is a link on Page 1 which


takes user to Page 2. Now when user clicks on the link, browser
redirects the control to Page 2. Now from page 2 if user press back
button of the browser then user will be redirect to the page 2 itself.

window.history contains the collection of the page visited by the user


for particular browser session. As an alternative of
window.history.forward(), one can also use window.history.go(+1). As
both are same.

But if we want to display web page expired warning on the click of


back button as we normally see in all banking sites? Actually what
happens is, when you press the back button, browser takes the page
from cache and display it on screen. So if we want to show web page
expired warning, we should not allow the browser to cache the page.
We can achieve this via ASP.NET.

protected void Page_Load(object sender, EventArgs e)


{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
}
This code will not allow page to be cached. But one problem with this
approach is that this will only work when there are some dynamic
content in the page. i.e. change any drop down box value and then try
to press back button.

Conclusion
Your comments are always appreciated. If you can find out better
solution then this please let me also know.