Embed Size (px)
DESCRIPTION
test
Citation preview
Efficient Deployment & Efficient Deployment & Management of ASP.NET Management of ASP.NET 2.0 Applications on IIS 6.02.0 Applications on IIS 6.0
Efficient Deployment & Efficient Deployment & Management of ASP.NET Management of ASP.NET 2.0 Applications on IIS 6.02.0 Applications on IIS 6.0
Alexis EllerAlexis EllerProgram ManagerProgram ManagerInternet Information ServicesInternet Information ServicesMicrosoft CorporationMicrosoft Corporation
AgendaAgenda
What is ASP.NET?What is ASP.NET?
.NET Framework Concepts.NET Framework ConceptsGlobal Assembly Cache (GAC)Global Assembly Cache (GAC)
Configuration LayoutConfiguration Layout
Code Access Security (CAS)Code Access Security (CAS)
VersioningVersioning
Deployment & ManagementDeployment & Management
Running x64 on ASP.NET 2.0 solutionsRunning x64 on ASP.NET 2.0 solutions
Summary / Q&ASummary / Q&A
What is ASP.NET?What is ASP.NET?
Part of the .NET FrameworkPart of the .NET FrameworkIIS 6.0: v2.0, v1.1 in Worker Process Isolation IIS 6.0: v2.0, v1.1 in Worker Process Isolation ModeMode
IIS 6.0: v1.0 in IIS 5.0 Compatibility ModeIIS 6.0: v1.0 in IIS 5.0 Compatibility Mode
IIS 5.0: only run one version at a timeIIS 5.0: only run one version at a time
Builds significantly on the power of ASPBuilds significantly on the power of ASP
ASP.NET is “managed” code - the .NET ASP.NET is “managed” code - the .NET Framework manages memory, not the Framework manages memory, not the application (reduces the risk of memory application (reduces the risk of memory leaks)leaks)
.NET Framework Concepts.NET Framework ConceptsGlobal Assembly Cache (GAC)Global Assembly Cache (GAC)
““Registry” for .NET assembliesRegistry” for .NET assemblies
Add an assembly to the GAC:Add an assembly to the GAC:Generate a strong name, assembly: 1) name, 2) version, Generate a strong name, assembly: 1) name, 2) version, 3) 64 bit public key hash - 3) 64 bit public key hash - sn.exesn.exe,, 4) culture4) culture
Add to the GAC - Add to the GAC - gacutil.exegacutil.exe,, .NET Configuration x.x .NET Configuration x.x (MMC Snap-in)(MMC Snap-in)
Viewing the contents of the GAC:Viewing the contents of the GAC:gacutil /lgacutil /l
start explorer %windir%\assemblystart explorer %windir%\assembly
.NET Configuration x.x (MMC Snap-in).NET Configuration x.x (MMC Snap-in)
Cannot XCOPY deploy GAC’ed assembliesCannot XCOPY deploy GAC’ed assemblies
SecuritySecurity: all GAC’ed assemblies (for ASP.NET : all GAC’ed assemblies (for ASP.NET apps):apps):
Run as Full TrustRun as Full Trust
Are accessible to all ASP.NET appsAre accessible to all ASP.NET apps
Adding an assembly to the GACAdding an assembly to the GAC
.NET Framework Concepts.NET Framework ConceptsConfiguration LayoutConfiguration Layout
root configuration filesroot configuration files
machine.configmachine.config
root web.configroot web.config web.configweb.config
.NET .NET Framework Framework
ASP.NEASP.NETT
ASP.NET + ASP.NET + .NET .NET
FrameworkFramework
web.config filesweb.config files
Inheritance…Inheritance…
.NET Framework Concepts.NET Framework ConceptsCode Access Security (CAS)Code Access Security (CAS)
Constrains managed code, including ASP.NETConstrains managed code, including ASP.NETDo you trust your content providers?Do you trust your content providers?
Do you trust that your applications can’t be Do you trust that your applications can’t be exploited?exploited?
Control access to: file system, registry, Control access to: file system, registry, printersprinters
ASP.NET Trust LevelsASP.NET Trust LevelsFull, High, Medium, Low, Minimal Full, High, Medium, Low, Minimal (can define custom)(can define custom)
Defined by policy files: Defined by policy files: %windir%\Microsoft.NET\%windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\web*trust.configFramework\v2.0.50727\CONFIG\web*trust.config
Full Full trust by defaulttrust by default
GAC’ed assemblies run as Full trust alwaysGAC’ed assemblies run as Full trust always
.NET Framework Concepts.NET Framework ConceptsASP.NET Medium TrustASP.NET Medium Trust
Access SQL ServerAccess SQL Server
Send e-mail via SMTPSend e-mail via SMTP
Access certain Access certain common environment common environment variablesvariables
Access files within the Access files within the application's directoryapplication's directory
Access files outside Access files outside the application's the application's directorydirectory
Use reflectionUse reflection
Use socketsUse sockets
Access unmanaged Access unmanaged codecode
How to Use Medium Trust in ASP.NET 2.0: How to Use Medium Trust in ASP.NET 2.0: http://msdn.microsoft.com/library/default.asp?url=/library/en-uhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000020.asps/dnpag2/html/PAGHT000020.asp
Setting and customizing ASP.NET Trust Levels
Setting and customizing ASP.NET Trust Levels
ASP.NET Request ProcessingASP.NET Request ProcessingIIS maps request to IIS maps request to ASP.NET, forwards to ASP.NET, forwards to aspnet_isapi.dllaspnet_isapi.dll
ASP.NET ISAPI creates ASP.NET ISAPI creates appdomainappdomain
Send ResponseLog Compres
s
NTLM Basic
Determine
Handler
CGI
Static File
ISAPI
AuthenticationAnon
…
…
AuthenticationForm
sWindo
ws
Map Handl
er
ASPX
Trace
……
…
aspnet_isapi.daspnet_isapi.dllll
Deployment and ManagementDeployment and ManagementGetting started...Getting started...
Manual:Manual:MMC snap-in (in IIS Manager)MMC snap-in (in IIS Manager)
aspnet_regiis.exe command line toolaspnet_regiis.exe command line tool
Edit web.config files using Notepad or Visual Edit web.config files using Notepad or Visual StudioStudio
Automated:Automated:Call aspnet_regiis.exe in a batch fileCall aspnet_regiis.exe in a batch file
Program against the ASP.NET configuration API Program against the ASP.NET configuration API (System.Configuration)(System.Configuration)
Deployment and ManagementDeployment and Managementaspnet_regiis.exeaspnet_regiis.exe
Provides more functionality than MMC Provides more functionality than MMC snap-insnap-in
Enumerate all ASP.NET script map settings Enumerate all ASP.NET script map settings
Install / uninstall ASP.NETInstall / uninstall ASP.NET
Enable / disable ASP.NET ISAPI extensionEnable / disable ASP.NET ISAPI extension
Unique version in each framework Unique version in each framework directory:directory: C:\Windows\Microsoft.NET\Framework64\v2.0.50727C:\Windows\Microsoft.NET\Framework64\v2.0.50727
Use in batch files for deployment / Use in batch files for deployment / managementmanagement
Combine with other utilities to create batch files Combine with other utilities to create batch files for deploying applications, content and for deploying applications, content and configurationsconfigurations
Deployment and ManagementDeployment and Managementaspnet_regiis.exe (2)aspnet_regiis.exe (2)
Combine aspnet_regiis.exe with other Combine aspnet_regiis.exe with other utilities for automating deploymentutilities for automating deployment
Adsutil.vbs to create application poolAdsutil.vbs to create application pooladsutil.vbs CREATE W3SVC/AppPools/BusyPool adsutil.vbs CREATE W3SVC/AppPools/BusyPool "IIsApplicationPool" "IIsApplicationPool"
IISweb.vbs to create the Web site in app pool IISweb.vbs to create the Web site in app pool IISweb.vs /create C:\MySource "MySite" /ap IISweb.vs /create C:\MySource "MySite" /ap BusyPool /dontstart BusyPool /dontstart
Aspnet_regiis.exe to install ASP.NET 2.0 change Aspnet_regiis.exe to install ASP.NET 2.0 change the IIS scriptmap to 2.0the IIS scriptmap to 2.0C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\apsnet_regiis.exe –enable -ir C:\WINDOWS\apsnet_regiis.exe –enable -ir C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.NET\Framework\v2.0.50727\apsnet_regiis.exe –s W3SVC/<metabase path>apsnet_regiis.exe –s W3SVC/<metabase path>
.NET Framework Versioning.NET Framework Versioning
Can run one version per application poolCan run one version per application pool
Each framework version has it’s own version of Each framework version has it’s own version of aspnet_regiis.exeaspnet_regiis.exe
Different IIS scriptmap behavior depending on Different IIS scriptmap behavior depending on existing ASP.NETexisting ASP.NET
Initial ASP.NET Initial ASP.NET ConfigurationConfiguration
Scriptmap BehaviorScriptmap Behavior Location of Location of Aspnet_regiss.exeAspnet_regiss.exe
ASP.NET not ASP.NET not previously installedpreviously installed
IIS Scriptmap defaults to IIS Scriptmap defaults to 2.02.0
C:\WINDOWS\Microsoft.NET\C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727Framework\v2.0.50727
ASP.NET 1.1 ASP.NET 1.1 previously installedpreviously installed
Existing scriptmaps Existing scriptmaps unchangedunchanged
IIS Scriptmap continues IIS Scriptmap continues to default to 1.1to default to 1.1
C:\WINDOWS\Microsoft.NET\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322Framework\v1.1.4322
C:\WINDOWS\Microsoft.NET\C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727Framework\v2.0.50727
Running ASP.NET 1.1 and 2.0 Side-by-SideRunning ASP.NET 1.1 and 2.0 Side-by-Side
Deployment and ManagementDeployment and ManagementASP.NET 2.0 MMC Snap-InASP.NET 2.0 MMC Snap-In
Overview of the ASP.NET user interfaceOverview of the ASP.NET user interface
Configuration tabsConfiguration tabs
Understanding the behavior of the MMC Understanding the behavior of the MMC snap-insnap-in
Deployment and ManagementDeployment and ManagementOverview of ASP.NET MMC Snap-inOverview of ASP.NET MMC Snap-in
ASP.NET configuration is:ASP.NET configuration is:hierarchical and distributedhierarchical and distributed
complex enough to warrant a user interfacecomplex enough to warrant a user interface
The ASP.NET MMC Snap-in uses Microsoft® The ASP.NET MMC Snap-in uses Microsoft® Internet Information Services (IIS) Internet Information Services (IIS) Manager’s extensibility Manager’s extensibility
Deployment and ManagementDeployment and ManagementOverview of ASP.NET MMC Snap-inOverview of ASP.NET MMC Snap-in
Prevents typo’s, Prevents typo’s, incorrect XML tagsincorrect XML tags
Manages versioning Manages versioning informationinformation
Indicates file and Indicates file and virtual pathvirtual path
Indicates the date file Indicates the date file last modifiedlast modified
Deployment and ManagementDeployment and ManagementConfiguration TabsConfiguration Tabs
General General Connection strings, Application dataConnection strings, Application data
Custom ErrorsCustom ErrorsAuthorizationAuthorizationAuthenticationAuthentication
Authentication settingsAuthentication settingsMembership providerMembership providerRole Manager provider and enable/disableRole Manager provider and enable/disable
ApplicationApplicationCompilation, Globalization, IdentityCompilation, Globalization, Identity
State ManagementState ManagementSession State settingsSession State settings
LocationsLocationsUser-defined settings entered as <location> tags in User-defined settings entered as <location> tags in configurationconfiguration
Deployment and ManagementDeployment and ManagementConfiguration Tab - GeneralConfiguration Tab - General
What can be modified?What can be modified?Database ConnectionsDatabase Connections
Application SettingsApplication Settings
Which web.config file is edited? Depends Which web.config file is edited? Depends on the object selected in IIS Manager... on the object selected in IIS Manager...
Server (Web Sites)Server (Web Sites)
Web SiteWeb Site
Virtual Directory / FolderVirtual Directory / Folder
Deployment and ManagementDeployment and ManagementConfiguration Tab – Custom ErrorsConfiguration Tab – Custom Errors
What can be What can be modified?modified?
Enabling local or Enabling local or remote- only custom remote- only custom errorserrors
Redirect URLs for Redirect URLs for specific status codesspecific status codes
Default redirect URLDefault redirect URL
What cannot be What cannot be modified?modified?
IIS’s custom errors IIS’s custom errors configuration in the configuration in the metabasemetabase
Deployment and ManagementDeployment and ManagementConfiguration Tab – Auth’N and Auth’ZConfiguration Tab – Auth’N and Auth’Z
What can be modified?What can be modified?Authentication: Authentication:
Forms vs. WindowsForms vs. Windows
Forms authentication settingsForms authentication settings
Membership and Roles providersMembership and Roles providers
Authorization Rules: only apply to content Authorization Rules: only apply to content handled by the ASP.NET 2.0 ISAPIhandled by the ASP.NET 2.0 ISAPI
What cannot be modified?What cannot be modified?IIS Authentication: Anonymous, Basic, Integrated, IIS Authentication: Anonymous, Basic, Integrated, etc.etc.
IIS does access checks, not authorization rules per IIS does access checks, not authorization rules per URLURL
IIS 6.0 ships with Authorization Manager ISAPI IIS 6.0 ships with Authorization Manager ISAPI (urlauth.dll) - this is different than ASP.NET (urlauth.dll) - this is different than ASP.NET authorizationauthorization
Deployment and ManagementDeployment and ManagementConfiguration Tab – ApplicationConfiguration Tab – Application
What can be modified?What can be modified?Compilation and runtime settingsCompilation and runtime settings
Assign a theme to specific page or master pageAssign a theme to specific page or master page
Debugging optionsDebugging optionsUsed for development purposesUsed for development purposes
Should be used only in non-production environments Should be used only in non-production environments (performance considerations)(performance considerations)
Tip: Tip: <deployment retail="true|false" /><deployment retail="true|false" />
Globalization optionsGlobalization optionsSetting the Code Page, etc.Setting the Code Page, etc.
Identity settingsIdentity settingsUse IIS’s impersonated token -or- override with a Use IIS’s impersonated token -or- override with a specified user identityspecified user identity
Deployment and ManagementDeployment and ManagementConfiguration Tab – State ManagementConfiguration Tab – State Management
What can be modified?What can be modified?Enable ASP.NET Session State ServerEnable ASP.NET Session State Server
Enable ASP.NET Session State in SQL ServerEnable ASP.NET Session State in SQL Server
State management connection stringsState management connection strings
ASP.NET Session State Server vs. ASP.NET ASP.NET Session State Server vs. ASP.NET Session State in SQL ServerSession State in SQL Server
ASP.NET State Server stores state in a process ASP.NET State Server stores state in a process separate from the ASP.NET applicationseparate from the ASP.NET application
ASP.NET Session State in SQL Server stores ASP.NET Session State in SQL Server stores application\session data in SQLapplication\session data in SQL
Deployment and ManagementDeployment and ManagementConfiguration Tab – LocationsConfiguration Tab – Locations
What can be done with the Locations Tab?What can be done with the Locations Tab?Lockdown of features at a granular levelLockdown of features at a granular level
Examples:Examples:““AllowOverride=false” with a relative pathAllowOverride=false” with a relative path
Advanced concept - requires a thorough Advanced concept - requires a thorough understanding of configurationunderstanding of configuration
<configuration> <location path=“Default Web Site/App/Login.aspx” allowOverride=“false”> <authorization> ... </location><configuration>
Configuring Forms Auth in the ASP.NET MMC Snap-inConfiguring Forms Auth in the ASP.NET MMC Snap-in
Deployment and ManagementDeployment and ManagementUnderstanding the MMC Snap-in Understanding the MMC Snap-in BehaviourBehaviour
Multiple configuration editors (such as Multiple configuration editors (such as administrators and developers) can cause administrators and developers) can cause errors in the configuration fileserrors in the configuration files
Configuration errors in the files will cause errors Configuration errors in the files will cause errors in the user interfacein the user interface
User interface cannot read invalid configuration User interface cannot read invalid configuration filesfiles
Updates to web.config files reload the Updates to web.config files reload the application’s appdomain – loses in process application’s appdomain – loses in process session state, caches, etc.session state, caches, etc.
Running ASP.NET 2.0 on x64Running ASP.NET 2.0 on x64
ASP.NET 1.1 – Requires WOW64ASP.NET 1.1 – Requires WOW6432 bit IIS worker processes on 64 bit OS32 bit IIS worker processes on 64 bit OS
Virtual memory from 2 GB to 4 GBVirtual memory from 2 GB to 4 GBEnable, from %systemdrive%\Inetpub\Enable, from %systemdrive%\Inetpub\AdminScripts, run AdminScripts, run cscript.exe adsutil.vbs set cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 “true”W3SVC/AppPools/Enable32BitAppOnWin64 “true”
ASP.NET 2.0 – Runs native 64 bit or ASP.NET 2.0 – Runs native 64 bit or WOW64WOW64
Virtual memory practically unlimited in native Virtual memory practically unlimited in native 64 bit64 bit
MMC Snap-in not supported on x64MMC Snap-in not supported on x64
SummarySummaryGlobal Assembly Cache (GAC)Global Assembly Cache (GAC)
All GAC'ed assemblies run in Full trustAll GAC'ed assemblies run in Full trust
GAC'ed assemblies cannot be xcopy deployedGAC'ed assemblies cannot be xcopy deployed
ASP.NET Trust Levels (CAS Permission Sets)ASP.NET Trust Levels (CAS Permission Sets)Full trust is not secure enough, Medium is recommendedFull trust is not secure enough, Medium is recommended
Trust levels can be customizedTrust levels can be customized
aspnet_regiis.exe: automated deployment and aspnet_regiis.exe: automated deployment and managementmanagement
ASP.NET 2.0 MMC snap-in:ASP.NET 2.0 MMC snap-in:provides a safe way to edit configurationprovides a safe way to edit configuration
writes to hierarchical and distributed web.configwrites to hierarchical and distributed web.config
ASP.NET v1.1 and v2.0 run side by side on IIS 6.0ASP.NET v1.1 and v2.0 run side by side on IIS 6.0
[email protected]@microsoft.com
ResourcesResources
ASP.NET "Whidbey" Documentation Center ASP.NET "Whidbey" Documentation Center on MSDNon MSDN
http://msdn.microsoft.com/asp.net/whidbey/default.http://msdn.microsoft.com/asp.net/whidbey/default.aspxaspx
ASP.NET user interfaceASP.NET user interfacehttp://msdn.microsoft.com/asp.net/articles/ui/http://msdn.microsoft.com/asp.net/articles/ui/
ASP.NET 2.0 FundamentalsASP.NET 2.0 Fundamentalshttp://msdn.microsoft.com/asp.net/articles/fundamehttp://msdn.microsoft.com/asp.net/articles/fundamentals/ntals/
.NET Blog: When is ReflectionPermission .NET Blog: When is ReflectionPermission needed?needed?
http://blogs.msdn.com/shawnfa/archive/2005/03/08/http://blogs.msdn.com/shawnfa/archive/2005/03/08/389768.aspx389768.aspx
IIS Webcast Series: IIS Webcast Series: [email protected]@microsoft.com
http://www.iiswebcastseries.comhttp://www.iiswebcastseries.com
