January 27, 2021
Hot Topics:

IIS 6.0 and ASP.NET, Part 1

  • By Thiru Thangarathinam
  • Send Email »
  • More Articles »

Installing IIS 6.0

Once you install Windows server 2003, by default, only the necessary components of the operating system will be installed, meaning that you need to explicitly install the required components such as IIS 6.0. You can install IIS 6.0 using either one of the following two options:

  • Configure your Server wizard—To configure your server as an application server, you use the Configure your Server Wizard that can be found in the Manage Your Server->Add or Remove Roles option.
  • Add/Remove Components option in Control Panel—Using this option, you can install the necessary components such as IIS 6.0, ASP.NET, COM+, and MSMQ. This option has an added advantage in that it gives more granular control over the specific sub-components that will be installed.

Creating a new ASP.NET Web Application in IIS 6.0

Now that you have installed IIS 6.0, let us go ahead and create a new ASP.NET application using Visual Studio.NET 2003. Open up Visual Studio.NET 2003, and select the File->New Project dialog box and specify information as shown in the following screenshot.

Click here for a larger image.

Once you click OK on the above screen, you will see the following message box that says ASP.NET applications are locked down in IIS.

Click here for a larger image.

In the case of IIS 5.0, once you install IIS, it is ready to serve up all static (such as HTML pages) as well as dynamic content (such as ASP pages). But now in IIS 6.0, installation alone is not enough. You need to explicitly configure IIS to allow specific types of applications such as ASP, ASP.NET, CGI, ISAPI, and so on to be created on the server. To enable ASP.NET Web applications, you need to use the new feature called Web Service Extensions in IIS Manager, which we will look at in the following section.

Enabling ASP.NET Applications in IIS

But, when you install IIS 6.0, it is installed in a highly secure and locked mode, meaning that IIS serves only static content, and dynamic content such as ASP, ASP.NET, and so on are not enabled. To enable dynamic content, you need to use what is known as Web Service Extensions and modify the settings in IIS Manager. A Web Service Extension is nothing but a specific type of handler that is used to handle requests for a specific type of dynamic content. For example, requests for ASP.NET pages are processed by a handler, ASPNET_ISAPI.dll. If you want to allow ASP.NET pages to be served up from your Web server, you need to explicitly allow this handler, using the Web Services Extension from IIS. Using the Web Service Extensions feature that is accessible through the IIS manager, Web site administrators can enable or disable IIS 6.0 functionality based on the individual needs of the organization. This functionality is globally enforced across the entire server. Apart from the graphical interface, IIS 6.0 also provides programmatic, command-line, and graphical interfaces for enabling Web service extensions. To enable Web service extensions, select Web Service Extensions node from the IIS Manager. This will result in all the Web service extensions being displayed in the listview on the right side of the screen.

Click here for a larger image.

To enable a specific Web service extension, select the Web service extension, right-click it and select Allow from the context menu. Once you enable the Web service extension, the value of the Status column in the listview changes to Allowed from Prohibited. Because we want to allow ASP.NET applications on the server, select the Web Service Extensions ASP.NET v1.1.4322 from the list, and right-click it to select Allow from the context menu. This is illustrated in the above screenshot. When you upgrade your ASP applications to run in IIS 6.0, you may need to evaluate what Web service extensions need to be enabled. Enabling all of the Web service extensions ensures the highest possible compatibility with your existing ASP and ASP.NET applications. However, enabling all of the Web service extensions creates a security risk because it increases the attack surface of IIS by enabling functionality that might be unnecessary for your server. When you right-click the Web Service Extensions node in the IIS manager, the context menu displays a number of options that allow you to perform this. This is shown in the following screenshot.

Click here for a larger image.

Now that you have enabled ASP.NET Web Service Extensions from IIS Manager, if you go back to Visual Studio.NET and create the ASP.NET Web Application project again, you will find that the project is created properly.

Page 2 of 3

This article was originally published on July 31, 2003

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date