Showing posts with label iis. Show all posts
Showing posts with label iis. Show all posts

Debugging Applications in IIS and Various Authentication Mode

We can easily debug any web application that is hosted on IIS by attaching worker process of that application to Visual Studio as shown below.
From Visual Studio IDE > Tools > Attach to Process Select the particular Process, then start debugging.

Then click on attach button

Now, enjoy debugging with Visual Studio.

Different Authentication Mode Available for IIS Remote Debugging

There are two authentication modes available in IIS for remote debugging:
  1. No-Authentication
  2. Windows Authentication

Windows Authentication

Msvsmon provide high level security with the windows authentication mode. The user who want to debug the application remotely he should be authenticated, means he should have sufficient permission to access the debugging facility from the remote system.


There is no security involved with this authentication mode. Anyone can debug remotely, if the authentication mode is set to "No-Authentication". As this debugging mode is not at all secure, so it should be used only on secure network.

IIS Allows Multiple User to Remote Debug Simultaneously

This is one of the most fantastic features of Msvsmon tool. Msvsmon debugging monitor tool allow multiple user to debug simultaneously. Each instance of the remote debugger has a unique server name. As I have already shown that server names are configurable, so we can give an instance of the remote debugger any server name. Now multiple user can able to access the same.

aspnet_regiis -i Command

The following command installs the ASP.NET version that is associated with the ASP.NET IIS registration tool and updates the script maps of all existing ASP.NET applications. Note that only applications that are currently mapped to an earlier version of ASP.NET are affected.

Default Location for IIS Log Files

The default location for IID log files varies from IIS versions. In IIS6 & IIS7 these are given below-
  1. For IIS7: %SystemDrive%\inetpub\logs\LogFiles
  2. For IIS6: %windir%\System32\LogFiles

Common Errors & Status Codes in IIS

Status Code
Client Error
I hope now you have a better understanding about Remote IIS Debugging. Your valuable feedback, question, or comments about this article are always welcome.

Understanding Web Garden and Web Farm in IIS

Web Garden

By default, each application pool runs with a single worker process (W3Wp.exe). When an application pool runs with multiple worker process, it is called web garden.

You can set multiple worker process for an application pool as shown in below steps.

Step 1:

Step 2:

Advantage of Web Garden:

A Web garden share the requests which comes for that application pool and if one worker process fails to process a request then another worker process can continue to process that request.

Limitation of Web Garden:

There are some limitations with Web Garden. When you use session mode to “In Proc" with your application, it will not work properly as expected; since session will be handled by different worker process. For avoiding this issue; you should use session mode "Out Proc" having "Session State Server" or "SQL-Server Session State".

Web Farm

When a web application is hosted on multiple web servers and access based on the load on servers, it is called Web Farm.

In web farm, a single application is hosted on multiple IIS server and these IIS servers are connected with the VIP (Virtual IP) with load balancer. Load balancer IPs is exposed to external world for accessing your web application. Hence, when a request comes to server from client, it first hits the load balancer, and then based on the traffic on each server; load balancer distributes the request to the corresponding web server.

Advantage of Web Garden:

  1. It provides high availability. If any of the web servers goes down then Load balancer redirects the incoming requests to other web servers in the web farm.
  2. It provides high performance response for client requests.

Limitation of Web Farm:

There are some limitations with Web Farm; also. When you use session mode to “In Proc" with your application, it will not work properly as expected; since session will be handled by different web servers. For avoiding this issue; you should use session mode "Out Proc" having "Session State Server" or "SQL-Server Session State".
What do you think?
I hope now you have better understanding about Web Garden and Web Farm in IIS. Your valuable feedback, question, or comments about this article are always welcome.

Internet Information Service Architecture

IIS Architecture

IIS has two main layers - Kernel Mode and User Mode. The Kernel Mode contains the HTTP.SYS and User Mode contains WAS and W3 service. The subsection of both are shown in fig.

The above diagrams shows the flow of an HTTP request in process. The request-processing flow is described as:
  1. An HTTP request first goes to HTTP.sys and now, HTTP.SYS is responsible for passing the request to a particular application pool.
  2. HTTP.sys contacts to WAS and WAS requests configuration information from the xml file.
  3. The configuration information is sent to WWW service receives.
  4. The WWW service uses the configuration information to configure HTTP.sys.
  5. Configured HTTP.sys contacts to WAS and now, WAS starts a worker process for the application pool to which the request was made.
  6. The worker process processes the request and returns a response to HTTP.sys. The request is passed through an ordered series of module in the processing pipeline.

Role of HTTP.sys in IIS

HTTP.SYS is the part of kernel mode of IIS. Every client request is passes through the kernel mode, Http.sys then makes a queue for each and individual application pool based on the request. Whenever we create any application pool IIS automatically registers the pool with HTTP.sys to identify the particular during request processing. It provides the following services in IIS:
  1. Routing HTTP requests to the correct request queue.
  2. Caching of responses in kernel mode.
  3. Performing all text-based logging for the WWW service.
  4. Implementing quality of service functionality, which includes connection limits, connection timeouts, queue-length limits, and bandwidth throttling.

ISAPI Filter

ISAPI filters are DLL files that can be used to modify and enhance the functionality provided by IIS. ISAPI filters always run on an IIS server, filtering every request until they find one they need to process.
ISAPI filters can be registered with IIS to modify the behavior of a server. It can perform the following tasks:
  1. Change request data (URLs or headers) sent by the client
  2. Control which physical file gets mapped to the URL
  3. Control the user name and password used with anonymous or basic authentication
  4. Modify or analyze a request after authentication is complete
  5. Modify a response going back to the client
  6. Run processing when a request is complete
  7. Run processing when a connection with the client is closed
  8. Perform special logging or traffic analysis.
  9. Handle encryption and compression.

Different Security Settings Available in IIS

IIS provides a variety of authentication schemes:
  1. Anonymous (enabled by default)
  2. Basic
  3. Digest
  4. Integrated Windows authentication (enabled by default)
  5. Client Certificate Mapping

Set the Session Time Out in IIS

Follow the steps as shown in below diagram.

Step 1:

Set Time Out in IIS Step1

Step 2:


What do you think?
I hope now you have better understanding about IIS architecture. Your valuable feedback, question, or comments about this article are always welcome.

Application Pool in Internet Information Service (IIS)

Application Pool in IIS

An Internet Information Services (IIS) application pool is a set of URLs that is routed to one or more worker processes. Application pools responsible for to isolate one or more applications into their own process. For example you have two different website like website-A and website-B and want to deploy on same server, then application pool isolate your website means website-A run on one application pool and website-B run on another application pool.

It provides a convenient way to administer a set of web sites and applications and their corresponding worker processes. Process boundaries separate each worker process; therefore, a web site or application in one application pool will not be affected by application issues in other application pools. Application pools significantly increase both the reliability and manageability of a Web infrastructure.

Create Application Pool in IIS

You can also create your own application pool with custom settings.

Key Points About Application Pool

  1. Provides isolation between different web applications.
  2. Every web application has individual worker process.
  3. Improve manageability of web application.
  4. Provides better performance.

Configuring the Application Pool

For configuring the application pool, you need to configure the following properties in application pool.
  1. Recycling
  2. Performance
  3. Health
  4. Identity

Application Pool Recycling

Recycling application pools option is available in IIS6, IIS7.x and IIS8. This is a process for recycling the work process (w3wp.exe) and the memory used by the web application. It’s good practice to recycle the worker process periodically since it keeps application running smoothly.

IIS 7.5 Setting for Application Pool recycling:



How Recycling Process initiates:

You need not to worry about the application performance while recycling process. This process is transparent from client. When IIS conduct recycling, it invokes a new worker process first, and then shut down the old worker process. In this way application request will be handle by the new worker process without downtime. This process is required high-availability of IIS.

Advantages of using IIS recycling feature

  1. All the clients can connect to IIS server, and every requests will be handled without downtime.
  2. There is no connection loss.
  3. It is a faster operation than IISRESET to initialize system resource (memory).


IIS RESET command stops all IIS services with its components. In fact, it does not kill any worker processes, and running components. Like any windows services, the command just sends a message – “Stop running as soon as possible” – to shutdown IIS services gracefully.

Disadvantage of IIS Reset

  1. HTTP.SYS will lose existing client-connections after running IISRESET.
  2. All incoming requests will need to establish new connections again.
  3. Web browsers can’t connect the IIS server during restarting IIS means all requests will be missed.
  4. A worker process can’t keep any data – cached objects & binaries

Different Type of Application Pool Available in IIS 7.0 and IIS 7.5

There are two types’ .NET integration modes for ASP.NET application, that identified that how IIS processes an incoming request to the sites, applications and web services that run in that application pool.

Integrated Mode

Integrated mode makes ASP.NET an integral part of IIS. Now the IIS server functionality is split into more than 40 modules that break the IIS and ASP.NET functionality into pieces. Modules such as StaticFileModule, BasicAuthenticationModule, FormsAuthentication, Session, Profile and RoleManager are part of the IIS pipeline. FormsAuthentication, Session, Profile and RoleManager were previously part of ASP.NET and didn't have anything to do with IIS.

Classic Mode

Classic mode models the IIS 6.0 model in which ASP.NET is an ISAPI add-on to IIS. This mode is available for backward compatibility but lacks many of the features in the new integrated mode. In Classic mode, IIS has its own pipeline that can only be extended by creating an ISAPI extension, which has a well-deserved reputation for being difficult to develop. ASP.NET is run as an ISAPI extension that is just one part of the IIS pipeline.
What do you think?
I hope now you have better understanding about Application Pool in IIS. Your valuable feedback, question, or comments about this article are always welcome.

Understanding Internet Information Service

IIS stands for Internet Information Service. IIS is a web server developed by Microsoft and used to host the Web application. It has its own ASP.NET Process Engine to handle the request. So, when a request comes from client to server, IIS takes that request and process it and send the response back to clients.

Web Server

Web Server is used for hosting the web application on a centralized location and can be accessed from many locations. It is responsible for handling all the requests that are coming from clients, it processes them and provides the responses.
IIS supports many system services that use the most common Internet protocols including HTTP, FTP, NTTP and SMTP.

Check IIS Installation

There are following two ways for finding IIS on your machine.
  1. First Way to open IIS:

    Go to run and type inetmgr command and press enter, it opens IIS configuration manager if it is installed to your machine.
  2. Second way to open IIS:

    Go to control panel and then Administrative Tools; where you will find the shortcut for IIS as shown in below fig.

Brief History of IIS

Almost every version of IIS was released either alongside or with a version of Microsoft Windows:
  1. IIS 1.0

    IIS 1.0 was initially released as a free add-on for Windows NT 3.51.
  2. IIS 2.0

    IIS 2.0 was included with Windows NT 4.0.
  3. IIS 3.0

    IIS 3.0 was included with Service Pack 2 of Windows NT 4.0, introduced the Active Server Pages dynamic scripting environment.
  4. IIS 4.0

    IIS 4.0 was released as part of an "Option Pack" for Windows NT 4.0.
  5. IIS 5.0

    IIS 5.0 shipped with Windows 2000 and introduced additional authentication methods, management enhancements including a new MMC-based administration application, support for the WebDAV protocol, and enhancements to ASP. IIS 5.0 also dropped support for the Gopher protocol.
  6. IIS 5.1

    IIS 5.1 was shipped with Windows XP Professional, and was nearly identical to IIS 5.0 on Windows 2000.
  7. IIS 6.0

    IIS 6.0 was included with Windows Server 2003 and Windows XP Professional x64 Edition, added support for IPv6 and included a new worker process model that increased security as well as reliability.
  8. IIS 7.0

    IIS 7.0 was a complete redesign and rewrite of IIS, and was shipped with Windows Vista and Windows Server 2008. IIS 7.0 included a new modular design that allowed for a reduced attack surface and increased performance. It also introduced a hierarchical configuration system allowing for simpler site deploys, a new Windows Forms-based management application, new command-line management options and increased support for the .NET Framework. IIS 7.0 on Vista does not limit the number of allowed connections as IIS on XP did, but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued, which hampers performance, but they are not rejected as with XP.
  9. IIS 7.5

    IIS 7.5 was included in Windows 7 (but it must be turned on in the side panel of Programs and Features) and Windows Server 2008 R2. IIS 7.5 improved WebDAV and FTP modules as well as command-line administration in PowerShell. It also introduced the best practices analyzer tool and process isolation for application pools.
  10. IIS 8.0

    IIS 8.0 is only available in Windows Server 2012 and Windows 8. IIS 8.0 includes Application Initialization, centralized SSL certificate support, and multicore scaling on NUMA hardware, among other new features.
  11. IIS 8.5

    IIS 8.5 is included in Windows Server 2012 R2 and Windows 8.1. This version includes Idle worker-Process page-out, Dynamic Site Activation, Enhanced Logging, ETW logging, and Automatic Certificate Rebind.
  12. IIS 10.0

    IIS 10 is included in Windows Server 2016 and Windows 10. This version includes support for HTTP 2

Role of IIS:

IIS committed to all features as a Web Server. If you are a Microsoft web developer, then you know that Microsoft Visual Studio has inbuilt ASP.NET engine which capable to run ASP.NET web application from just click on Run button of Visual Studio. This scenario is well situated for local environment but not outside means no other person can access your developed web application. In this situation, IIS works for you.
IIS provides a well designed and tested WWW architecture that can help you achieve better performance, reliability, scalability, and security for our web sites.
What do you think?
I hope now you have a better understanding about IIS. Your valuable feedback, question, or comments about this article are always welcome.