Click here to Skip to main content
Click here to Skip to main content

Configuring IIS, ASP.NET, and SQL Server

, 29 Oct 2013 CPOL
Rate this:
Please Sign up or sign in to vote.
This article is an updated one discussing the configuration of IIS, ASP.NET and SQL Server.

Introduction 

A while back I wrote an article on how to set up and configure IIS 7.5 with ASP.NET. The purpose of this new article is to provide a much faster, accurate and effective way of configuring IIS to host ASP.NET, configuring SQL Server permissions at the same time. In this article I'm using Microsoft Windows 8.1, IIS 8.5, ASP.NET 2.0 and 4.0, and Microsoft SQL Server 2012. The same steps and rules applies to IIS 7.5 and 8.0 as well as Microsoft SQL Server 2008 and 2008 R2. Express editions are also welcome. If you are using a version prior to the ones mentioned, please adapt this article - I suggest you use Google as it will give you answers much faster. 

Visual Studio 2012 started introducing an express edition of IIS, but we are not using it in this article. I prefer to attach my websites to a full version of IIS which gives me better control over the site (even though VS debugging is not available). You can use this article as a starter guideline.

 Side Note: If you are using Windows Server editions, you may need to adapt this article (for instance when installing IIS, you will do it through the Server Manager instead of the Control Panel). Also, if you are using this guide for a production web server, you are doing so at your own risk! 

Installing IIS 

I will guide you through the installation of IIS. I have experienced situations where Windows will require the Installation Discs to perform the following steps, so please keep them handy. For Windows Server users, you will almost certainly need those discs and physical access to the server.

  1. Open Control Panel and then select Programs and Features.
  2. On the left-hand side, click on the last link labelled 'Turn Windows features on or off'.
  3. You will now be able to select features to add to your Windows installation. Ensure that the following are ticked (this image is in relation to Windows 8.1 features, please look for similar items if you are using a prior version of Windows):





     
  4.  Click OK. If your computer asks to restart, please do so as you will not be able to continue to the next steps until you have restarted. 

Configuring IIS 

Now that you have installed IIS, we need to configure it. You can leave it on the default settings, but for beginners it can be quite challenging. By using the following steps we will configure the NETWORK SERVICE account to serve as the primary account under which IIS applications will run.

  1. Open the Internet Information Services console. If you do not have a shortcut for it, open Administrative Tools and select Internet Information Services (or you can simply click Start -> Run -> inetmgr) 
  2. At this point you should have a fresh installation of IIS with all default options set. If you have an existing IIS installation, and following this article from this section, you might have to do the same task for all current attached applications and application pools. 
  3. Click on the web server right at the top in the tree view:
  4. In the control panel, double-click on the Authentication module in the IIS group:
  5. Right-click on Anonymous Authentication and select Edit... (also ensure that Anonymous Authentication is ENABLED). 
  6. Select Application Pool Identity and click OK.

     

You have now configured the web server to use the Application Pool Identity when executing application requests. Each new website/application you add will inherit this setting automatically thus reducing your workload when attaching new websites/applications. Next, we are going to configure the application pools' identity.

  1. Click on the Application Pools node in the tree view:
  2. By default, you should have 6 application pools ready for use. They are: .NET v2.0,  .NET v2.0 Classic, .NET v4.0, .NET v4.0 Classic, Default Application Pool, and Classic .NET App Pool. On Windows 8.1 you will also have two additional application pools i.e. .NET v4.5 and .NET v4.5 Classic. You can also create your own application pools as you wish.
  3. Right-click on the application pool you want to configure (if its a fresh IIS installation, do this for ALL application pools - time consuming I know) and select Advanced Settings.
  4. Scroll down to the Process Model grouping and click on the Identity property.
  5. Select Built-in Account and choose NETWORK SERVICE. You can now click OK and close. Repeat steps 4 + 5 for all additional application pools you want to configure. If you are running your applications in the Classic Pipeline Mode, you should also configure those. 
  6.  

You have now configured your application pools. You can go-ahead and close down the IIS Console. Next, we are going to configure permissions on the IIS root folder(s).

  1. Open up Windows Explorer. Browse to: C:\inetpub (if you have chosen to keep your websites in a different folder, you need to apply these steps to that folder(s)).
  2. Right-click on wwwroot and select Properties. Now select the Security tab. Click on the Edit button.
  3. Click on the Add button and type NETWORK SERVICE. Click Check Names to verify the account you have entered is valid (on certain Windows Server machines, especially if you are part of AD, the Network Service account seems to be unavailable. Please consult your System Administrator on setting up the correct account (if your SA  suggests a different account, you have to set that account as the Application Pool Identity instead of the NETWORK SERVICE account)).
  4. Select the appropriate permissions for the NETWORK SERVICE account (I suggest you tick Modify, Read and Execute, List Folder Contents and Write). Click Apply and OK.
  5. All folders within the root folder (wwwroot) will not have these permissions by default. So you need to enable child inheritance so that each file copied to the root folder automatically inherits the appropriate permissions. You can do this by editing the advanced security options.
  6. At the bottom of the Advanced Security Settings page, tick 'Replace all child object permission entries with inheritable permission entries from this object'. Click Apply, then click Yes in the warning message box.

You have now successfully configured all permissions required to access your website through IIS.

Configuring SQL Server Permissions 

If your website is data-enabled, and you are using Microsoft SQL Server as your database provider, you need to configure permissions to allow IIS to communicate with SQL Server. There are two methods to do this, depending on how much control you want to give the NETWORK SERVICE account.

For the purpose of this article I am using Microsoft SQL Server 2012 Enterprise, but the same methods apply to Microsoft SQL Server 2008 and 2008 R2 editions. If you are using an earlier edition, please use Google to search for the related functions described in this article. 

I will provide both methods in this article, please use the one that will work best for you.

Method A: Server-Wide Privileges 

Using this method you will automatically grant server-wide permissions to the NETWORK SERVICE account for all databases attached to the related instance. 

  1. Open SQL Server Management Studio and login.
  2. Expand the Security section and right-click on Logins. Select New Login from the context menu.
  3. Click the Search button next to 'Login Name' and type in NETWORK SERVICE. Again, click Check Names and then OK.
  4. Select the Server Roles section.
  5. By default, public will be automatically checked. Check sysadmin.
  6. Click OK to accept the new login details. 

Using Method A, you only need to follow the steps above once. All new databases attached, and the existing ones, will automatically receive the new permissions. You can now go-ahead and test your website.

Method B: Database Specific Privileges  

Using this method you will grant database specific privileges to the NETWORK SERVICE account for the database attached to the related instance. 

  1. Open SQL Server Management Studio and login.
  2. Expand the Security section and right-click on Logins. Select New Login from the context menu.
  3.  

  4. Click the Search button next to 'Login Name' and type in NETWORK SERVICE. Again, click Check Names and then OK.
  5. Select the User Mapping section and select all the databases you want to grant access. Under the 'Default Schema' column, click on the ... button.
  6. Click on Object Types..., scroll down and select Schemas
  7. Enter dbo, click Check Names and then OK
  8. In the Database Role Membership section, select db_datareader and db_datawriter. public should be selected by default. Continue to do this for all databases you want the NETWORK SERVICE to access/control. When you are done, click OK.

Once you have completed the steps above, you need to "activate" these permissions on each database that you have selected in step 7 above. So, for each database do the following:

  1. In SQL Server Management Studio, expand the Databases section, then expand the database you want to "activate" permissions for. Expand the Security section, then expand Users
  2. Right-click on NT AUTHORITY\NETWORK SERVICE and select Properties
  3. By default, the Securables section will be opened. If not, click on Securables
  4. Because you are setting up this permission for the very first time, you will not have any records in this section. So, click Search
  5. Click OK in the dialog that just opened.
     
  6. Click Object Types, scroll down in the list and select Schemas. Once you have done that, enter dbo, click Check Names and then OK.  
  7. In the permissions section, grant the new login all the permissions required. I suggest you select the following items: Alter, Control, Delete, Execute, Insert, Select, References, and Update. 
  8. Click OK.

Repeat the steps above for each database you need to grant access for. Once you have completed all those steps, your website should be configured with the appropriate permissions. 

History  

  • 28/10/2013: Better, effective and more detailed instructions on configuring IIS. Included IIS 8.0 and 8.5.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Juan Steyn
Software Developer (Senior) Flux Innovate
South Africa South Africa
I provide software and website development services to international and local businesses. My solutions include retail and custom (per client specification) desktop solutions (executables, windows services, and web services (xml and WCF) with web integration as well as web applications (custom-built content management systems) that allows management of the website as well as perform daily duties using an all-in-one online system. We also provide Metro applications developed specifically for Windows 8 utilising the latest in technology including the Microsoft .NET Framework version 4.5.
Follow on   Twitter   LinkedIn

Comments and Discussions

 
QuestionApplication Error PinmemberMember 860771017-Sep-14 10:07 
QuestionWindows Authentication PinmemberPipQueen31-Aug-14 12:00 
QuestionNice article. Pinmemberfirasfaris29-Aug-14 12:11 
QuestionMy Vote of 4 Pinprofessionalsibeesh18-Jul-14 6:42 
GeneralThanks PinmemberMember 1083326420-May-14 21:24 
QuestionThanks Pinmemberragu6615-May-14 23:31 
QuestionGreat article, thanks PinmemberFernando A. Gomez F.27-Apr-14 16:52 
GeneralComment PinmemberMember 1059830218-Feb-14 22:08 
QuestionElevated perms PinmemberEH0011-Feb-14 12:13 
QuestionWeb Authentication Change PinmemberMember 1029200720-Nov-13 1:08 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.141223.1 | Last Updated 29 Oct 2013
Article Copyright 2013 by Juan Steyn
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid