Deployment of a Website on IIS
During last few days, I was deploying my application and I faced a lot of issues. I found deploying an application properly is as much as important as developing application. If application is not deployed properly, it can be very harmful to you application Here I want to share my learning to you all.
For deployment, first we need to understand IIS, it's request processing and then we'll go for deployment of the website and various configuration available in IIS, their key features, advantages and disadvantages etc..
IIS at root level, a Windows Service that is responsible for processing requests received on specific ports. For it, a service called the World Wide Web Publishing Service runs on the system. For deploying an application, we cerate a Virtual directory and the convert it into an application. Actually Virtual Directory is nothing more than a configuration entry in IIS for sharing a physical path for access through Web Server.
The complete configuration (with all its settings) is stored in a file, called a metabase, on local system. IIS metabase is a XML -based data store in IIS6.x and it can be configured through IIS management console.
Normally ,Web application are accessed and processed through browser. Browser sends the request to the Server (Here it is IIS) which actually process the request. The following are the steps that are done by IIS
- First, IIS examine the requested URL. It also check the port if it is not configured on default port 80,then url also requires port no.
- If we have a URL "http://webserver/store/books.aspx" then here web server shows the name of Virtual directory and books.aspx is the requested file.
- Every file extension is registered in IIS and connected with ISAPI extension and every file is connected to a DLL file.
- Every file extension is connected to ASP.NET runtime are connected with appropriate aspnet_isapi.dll ISAPI extension. these are automatically added at the time of installation. Using this different version of framework are managed (as, ASP.NET 1.0 1.1 and 2.0) and can be configured for every website.
- IIS 6 is split in several componants:In it a Kernel driver as the picture below is responsible for receiving HTTP requests from the clients then it forwards requests to any process that registers itself for specific URLs. i e any application that registers with the kernel mode driver can receive HTTP requests without running the whole server.
- IIS launches worker processes which provide mechanism of Isolation and each worker process runs one or more applications, either ASP.NET based or any other type
The web server is now split into several components.IIS 6.0 includes a kernel mode driver called HTTP.SYS,which is responsible for receiving HTTP requests from clients. And the kernel forword the requests to any process that registers itself to specific URLs.
All the reliability and security options are configured at the applications pool level.Therefore,when running ASP.NET on IIS6.0,the classic ASP.NET process model with the configuration of the <processModel> element in the machine.config is desabled ,cause all the options introduced for the <processModel> are configured for IIS6.0 worker process.
WAS monitors each workers process and if one fails it restarts it so that it application doesn't go down abruptly.
- We can define separate identity for each worker process ie it allows to configure additional isolation through permissions of the account that's configured for the worker process and these are configured through application pools in IIS management console i e every application pool has itself own worker process and every Virtual Directory can be be assigned to these application pools as I discuss in the last section.Each application pool can run as many application as needed.
- Application pools allows us to easily configure different web applications to run under different account with different resource usage limits and provide more web application isolation
Managing a virtual directory includes creating a virtual directory and its all settings. When IIS is installed a directory named "c:/Inetpub/wwwroot" is created automatically.Any files in this directory will appear as they're in the root of the web server.using the wwwroot directory fro creating a virtual directory makes a very poor organisation so try to avoid it.That's why I coosen the second option as below
- Go to run and type inetmgr and press enter. You will get IIS management console as below and do as the screen shot.
2. Click next.Set alias of your website as you want
3. Click Next and browse the physical path of your application.
4. Set Permissions as we have five options as
- Read: It is most basic and is mandatory to access the webpage of your application.
- Run Scripts: It is required for the aspx pages not for the static HTML pages because aspx pages need more permissions sp that they could conceivably perform operations.
- Execute: This allows the user to run an ordinary executable file or CGI application. This can be a security risk so allow when it is really needed.
- Write: It allows to add, modify or remove files from the web server. This should never be allowed.
- Browse: This allows one to retrieve a full list of files in the virtual directory even if the contents of the file are restricted.It is generally disabled.
5. Right Click on the Virtual Directory and go to properties and clock on create to set it as application
IIS made very easy to configure Virtual directory settings after creation of it. Just Right click on virtual directory and choose properties. And the property window will appear. Below I am trying to explore some most important settings.
File Mappings: As earlier, IIS forwards requests for aspx pages to the ASP ISAPI extension and sends requests for ASP.NET pages to the ASP.NET ISAPI extensions. And IIS decides the ISAPI extension based on the filename extension of the requested URL and these mappings can be done per virtual directory basis. To view it, click Configuration button on the Virtual Directory tab in the properties of a Virtual Directory.
||These are ASP.NET WebPages
||These are ASP.NET user controls. It can't be accessed directly, to access it it must be hosted on ASP.net pages.
||These are ASP.NET web services, which is used for exposing functionality to other applications over HTTP.
||These are for Glo9bal application file which is used for global events like when user starts the application.
||These are HTTPHandlers,which allow to process requests without using the full-fledged ASP.NET web-page model.
||These are used for the trace.axd application extension, which allows to trace messages while debugging
||.rem and .soap
||These extn identify that IIS is hosting an object that can be called by .NET Remoting
||These files are used by ASP.NET, but that can't be directly called by clientsAlthow,ASP.NET registers them so that it can explicitly prevent users from accessing these files, regardless of the IIS security settings.
Normally, if we have multiple versions of ASP.NET installed at one point of time, one may want to configure the mappings deffrently in different directories.
Documents: This tab allows one to specify the default documents for a Virtual Directory. Like if user just type "http://MyServer/MyApplication" then IIS simply redirect to the user to that default page. If none page is found, IIS will return the HTTP 404 (page not found error). To see and set the default page, in the properties of the Virtual Directories, Click on the documents tab
Custom Errors: This tab allows us to specify an error page that'll be displayed for specific type of HTTP errors (see below picture) .One can use ASP.NET configuration to replace HTTP errors or application errors with custom messages. This only work if the web request makes it to ASP.NET service.
As a default installation, one application pool called DefaultAppPool is created. This runs as a Network Service, every web application runs on default website uses this default pool.
First let us try to know, when we need different application pool as we have already an application pool as DefaultAppPool .Mainly there are three reasons
- Stability problems: If on a server there are multiple application are running, If all are on same pool then if this pool have any problem the all the application using this pool are going to affected.
- Memory Leaks: If there is resource intensive application an old application running on a application pool with a memory leak is perfect candidate for regular recycling. In this case, applications running on different application pool, will not get affected.
- Security: Security configuration is another main reason for having multiple application pool. Let us ,we want an application that will be able to write some logs on the client computer, then we should have an application pool which should run on LocalSystem's account other might be doesn't need the same so they can on different accounts.
- Administration: This is also one of the reasons for having separate pools .Might be on a server, there are multiple sites hosted for saparate parties then it doesn't allow to access the resources of another pools.
Note: Recycling an application pool (worker process) means stoppinng the old worker proceses which have already take lots of resources and start new instance of it for the application pool.
To create the application pool follow the below steps ( Please keep in mind that IIS should be installed on the machine)
- Go to run -> type inetmgr then click ok. You will get the following window.
Here you have two options
- First, if you want to use default settings (use it when you want to create it with new settings)
- Second, If you want to have a new pool with just same settings as some another pool then you can can select this one and change the template pool from the dropdown (It'll save your time from doing the same settings again)
4. You can configure the application pool by right click on the pool created and select properties
5. You can configure the identity of every application pool by selecting Identity tab from the property window of application pool as above window
Here in the dropdown ,one has three options:
Network Service: This account is restricted account with least privileges in the three.This is mainly used for applications that require access to network and need to be accessed from other machines in the network.
Local Service: This account is having more restricted than Network service and mainly to be used for services that don,t require additional network access.
Local system: Generally this account is not recommended to use, because it is most powerful account of the system. It can perform any action on the local system. so the basic motto , one should provide that much of privilege that the application needed so it can't be hacked easily.
you can also configure it as selecting your own user account by specifying the the Windows user name and password for this account.
Right Click on the application and go to Virtual directory tab
change the application pool and click on apply button.
Deploying is nothing more than copying the published code of the application to target machine and configure the environment as needed. this is true for simple application but for application using database or access other resources, one need to perform additional steps.
- Copy required file to target machine: Check whether all assemblies are in place. If not use install it using gacutil.exe.
- Create and configure the Database
- Add IIS file mappings as per requirement
- Update web.config for any application settings or connection strings etc.
- Rest settings can be done as per requirement as we discussed above like application pool etc.
Hope you all like this article. Please do post your comments it'll help me a lot to improve this article as well as my upcoming articles.