ASP.NET MVC
Export and Import Web Site and AppPools from IIS
One of common issues that developers ask me how can we export/import IIS Web Site and App Pool configuration when moving between servers or especially when migrating or re kicking a server to higher operating system.
This may sound easy and out of the box, but it is not. This is only possible using the command line execution but it will save a lot of time for development team from rebuilding the entire app pool settings.
Here are commands.
- To Export the App Pool configuration in IIS 7.0 and above
%windir%\system32\inetsrv\appcmd list apppool /config /xml > D:\<AppName>_apppools.xml
- To Export the Web Sites configuration in IIS 7.0 and above
%windir%\system32\inetsrv\appcmd list site /config /xml > D:\<AppName>_site.xml
- To Import the App Pool configuration in IIS 7.0 and above
%windir%\system32\inetsrv\appcmd add apppool /config /xml > D:\<AppName>_apppools.xml
- To Import the Web Sites configuration in IIS 7.0 and above
%windir%\system32\inetsrv\appcmd add site /config /xml > D:\<AppName>_site.xml
This export and import approach can be taken for deployment purposes in case you are using in DMZ environments where deploying using Web Deploy is not possible.
It is recommended to verify all the settings once the import is successfully. However the changes should very minimal and should save you lot of time.
asafaweb – Solving common occuring issues
One of activities that you should always do when building a new website is scan you site for vulnerabilities using the https://asafaweb.com/ .
This will scan your site for common issues like Headers exposed,Click jacking, Custom Errors redirection etc.Some of the common errors which get reported are as follows and their resolution is also given
1) Excessive headers: Warning
This is common error that is displayed especially if you are using IIS and ASP.NET. However this is easy to solve using the ASP.NET application’s web.config file changes
X-Powered-By: ASP.NET
a) In IIS, select the web site. Go to the Http Response Headers option in the Features View. Select X-Powered-By header, and remove it
If needed the same can be done in the web.config
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name=”X-Powered-By” />
</customHeaders>
</httpProtocol>
</system.webServer>
X-AspNet-Version: 4.0.30319
In the web.config file of the associated application, add the following section or modify the section to include enableVersionHeader=false in the http runtime
<system.web>
<httpRuntime targetFramework=”4.5″ enableVersionHeader=”false” />
</system.web>
2) Clicking Jacking : Warning
If this error is received, then add an entry in the web.config file under the customer header section
<customHeaders>
<add name=”X-Frame-Options” value=”SAMEORIGIN” />
</customHeaders>
3) Custom errors: Fail
If this error appears, then in the web.config file make sure the default redirect on error is set so that users are exposed to the actual stack trace. This is very similar to exception sheilding
<customErrors mode=”RemoteOnly” defaultRedirect=”~/DefaultErrorPage.aspx” />
4) Stack trace: Fail
Very similar to custom errors, in the set the custom errors mode to either RemoteOnly or On
<customErrors mode=”RemoteOnly”/>
5) Secure Cookies : Fail
Add the following entry in the web.config. Make sure that your site is enabled for https. If there any http then the session variables will not work.
<system.web><httpCookies requireSSL=”true” /></system.web>
Hope this helps. In case of any question, post questions in the comments section.
Web Api 2.0
I working on 3-tier solution using ASP.NET MVC for an internal business application. Came across an excellent poster highlighting the Web API 2.0 working model. Here it is
In the Zone 