I configured my IIS website to be always up and to initialize it after pool recycle. But I'm not sure how it works. This is .NET 6 MVC app.
All instructions say that I need to install Application Initialization role, but "Preload enabled" setting was available for my website even before installing this role. I set it to true but it didn't seem to work. I installed Application Initialization and it started working.
So the first question is what does "Preload enabled" setting do when you don't have Application Initialization installed?
I assume that with above settings IIS is making a request to my Home page. But I'm not sure I will have this page in final version of application.
The second question is, if I remove Home page will auto preloading stop working? If yes, then I need to use applicationInitialization settings in config file and configure it like this?
<add initializationPage="/CustomWarmupPage" hostName="myhost" />
So the first question is what does "Preload enabled" setting do when
you don't have Application Initialization installed?
Starting with IIS 8, application initialization is part of the IIS feature set. For IIS 7 and 7.5, it is available as a separate download through the Web Platform Installer. Application initialization with IIS 8 is an optional installation component in Windows or Windows Server Role Manager.
To support application initialization on your Web server, you must install the Application Initialization role or feature. If application initialization is not installed, the "Preload enabled" setting will have no effect.
The second question is, if I remove Home page will auto preloading
stop working? If yes, then I need to use applicationInitialization
settings in config file and configure it like this?
<add initializationPage="/CustomWarmupPage" hostName="myhost" />
The way this module works is that you introduce a path, and when your ApplicationPool runs, it sends a request to the registered path. System startup should not be delayed until the first request is sent to the program. To do this, you must enter the following command in the system.webServer tag of the web.config file,like:
<applicationInitialization doAppInitAfterRestart="true"
skipManagedModules="true" >
<add initializationPage="/default.aspx" />
</applicationInitialization>
Using the above command, we specify that after the ApplcationPool starts, it will send a "/default.aspx" request to the path entered in the initializationPage parameter, which is the initial setup of the service. Then you need to set the Application Pool Start Mode value to AlyawsRunning and the WebSite PreLoad Enebled value to true to do this automatically. This will always send a request to warm up the app when the app starts or restarts.
I have installed Application Initialization, set the website's application pool Start Mode to "Always Running", and set Preload Enabled = "True" in the advanced settings of the website.
However, if I recycle the application pool manually and wait 10 seconds, when I then reload the website, I still have to wait another 10 seconds for the website to warm up. This indicates that the website is not starting.
Looking at task manager, I can see that the application pool is running the whole time - even after a recycle. However, the memory usage is very low until I make my own request to the website.
One thing I have noticed is that I do not have a "Start Automatically" setting in the advanced settings of my website as per this link:
https://blogs.msdn.microsoft.com/vijaysk/2012/10/11/iis-8-whats-new-website-settings/
How can I get my application to auto-start?
It turned out to be a whole load of settings which all had to be correct. You go through all of the steps to install the relevant components and make the various config changes as per this link: http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-application-initialization
The key part which was missing for me was an instruction in the Web.config as below. I had it going to just "/Login" which is a valid route, but as soon as I switched it to "/[Controller]/[Action]" it worked.
The advantage of this route is that you can create a custom action which will also hit the database (initialising Entity Framework), and perform any other slow initialisation you wish. For me, I just read a record out of a DB table, so I get ASP.NET auto-starting, and also save the few seconds it takes to warm up EF too :)
<system.webServer>
<applicationInitialization doAppInitAfterRestart="true" skipManagedModules="false">
<add initializationPage="/Login/WarmUp" />
</applicationInitialization>
</system.webServer>
Try Application Initialization setup:
I had similar issues and tried very hard with IIS 8.5 Windows Server 2012 R2. Everything in the IIS was set correctly after referring to so many sites however had missed the Application Initialization setup. Refer to the below link, Setup section.
https://www.iis.net/configreference/system.webserver/applicationinitialization
There are multiple .config locations where these settings can be set.
Machine applicationHost.config (c:\windows\system32\inetsrv\Config)
Website web.config (c:\inetpub\wwwroot for Default Web Site)
Application web.config
I tried all but was only successful in configuring 3, the application web.config.
My specific use case was calling a GET method on a WCF service.
The steps for application initialization are found in the other answers too. Here is one that was most helpful. IIS 8.0 Application Initialization
Install the Windows feature Application Initialization (Web-AppInit)
Set the IIS app pool Start mode = AlwaysRunning
Set the IIS application Preload Enabled = true
Add to the application web.config
<system.webServer>
<applicationInitialization doAppInitAfterRestart="true" skipManagedModules="true">
<add initializationPage="/Service.svc/Method/Parameter" />
</applicationInitialization>
</system.webServer>
Recycle app pool
Check that the app initialized.
The thing I would like to point out is that the initialization page is relative to the application NOT to the root of the website/domain so if my absolute path is
domain.com/path1/path2/Service.svc
I would not include /path1/path2 in the initializationPage parameter.
These articles are very good:
Use IIS Application Initialization for keeping ASP.NET Apps alive
IIS 8.0 Application Initialization
However in my case there was a problem with installing the Application Initialization Role.
Check your IIS App's Modules listing. Ensure ApplicationInitializationModule is present.
I needed to uninstall/re-install this module.
I have no idea what happened as this appeared to work at first, then weeks later during development it stopped. No amount of tinkering/rework fixed it and I started to suspect I never actually saw this working.
Issue resolved upon uninstall/re-install Applicaion Initialization Module role.
If anyone's wondering what to do in MVC when you have multiple areas to initialise, you need to put the area at the start, all within the root web.config file. I was stuck for a while trying to put it in the area's web.config. Also it's perfectly compatible with hybrid applications.
<add initializationPage="/NotMVC.aspx" />
<add initializationPage="/Area1/Controller/Action" />
<add initializationPage="/Area2/Controller/Action" />
I am currently editing a project that was opened from a source control at my business. When trying to debug locally I get the error
Validating Web Site
: Build (web): The pre-application start initialization method Start
on type System.Web.WebPages.Deployment.PreApplicationStartCode threw
an exception with the following error message: Access to the path
'C:\Users\gary\Documents\Visual Studio 2010\WebSites\DOISAdminPortal\'
is denied..
Ive done some research and a lot of people say to delete the
add key="webpages:Enabled" value="true"
from the web.config file. It was never included in the config file so that shouldn't be the issue.
Anyone have any suggestions??
The files which were contained in the VS 2010 folder needed to be given permissions to the iis express user iis_iusrs. once this was done I was able to access all files in the directory and was able to debug the page.
Short Answer: Try turning off impersonation for local testing.
For my case, our web.config had the following line:
<identity impersonate="true" userName="DOMAIN2\admin" password="12345"/>
under the </system.web> section.
This impersonated identity functioned on the production server, but when running it on my local, the user admin from domain DOMAIN2 did not have the same privileges because my local machine was on a different domain say DOMAIN3 and did not by default give DOMAIN2\admin any rights on the system.
One way I circumvented the issue is by turning off impersonation like follows:
<identity impersonate="false" userName="DOMAIN2\admin" password="12345"/>
I suppose this defaulted my settings to use the rights from the currently logged in user.
So I've created a new ASP.NET MVC project using the intranet template. web.config contains the appropriate values (e.g. <authentication mode="windows"/>).
If I fire up the web app using the VS webserver, it all looks fine - the page shows my Windows domain and username and all. However, this works in Opera and Safari as well as IE and FF, which says to me it's not using Windows auth at all (since to the best of my knowledge this doesn't work in any browser except IE/FF).
Next step is to get it working through local IIS. I create a hosts file entry pointing www.mysite.mydomain to 127.0.0.1. So in IIS I create website with a binding to www.mysite.mydomain and enable Windows authentication and disable anonymous authentication.
I have set up IE and FF to enable Windows auth as follows:
IE
Add URL to intranet group
Ensure Windows auth is enabled in the advanced settings
FF
Put 'www.mysite.mydomain' into network.automatic-ntlm-auth.trusted-uris config setting.
But when I dial up www.mysite.mydomain in IE / FF I get a login prompt. Interestingly, even when I type in my Windows login here, it still fails and shows me the login prompt again.
We don't have active directory here but my understanding is that it should work fine with a local account.
I can't think of anything else I need to do. Any suggestions?
Edit: we've recently switched to using Active Directory and the problem remains.
Edit: when I cancel the login prompt, I get taken to an 'IIS 7.5 Detailed Error' page with the following information:
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.**
You have to whitelist a domain specified in the hosts file in order for windows authentication to work:
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Right-click Parameters, click New, and then click DWORD (32-bit) Value.
Type DisableStrictNameChecking and press ENTER.
Double-click the DisableStrictNameChecking registry value and type 1 in the Value data box, click OK
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Quit Registry Editor, and then restart the IISAdmin service.
NOTE:
The original Microsoft KB links on this answer were broken and have been removed.
This article provided the instructions for setting DisableStrictNameChecking.
I recently spent three days trying to solve the same problem and it drove me crazy. It was happening on a load-balanced setup where one of the servers was authenticating correctly while the other failed. Investigating the problem - and eventually solving it - it turned out to be unrelated to the load-balanced environment, it could happen with any server when authenticating using Windows Authentication and the server is called with a name other than the one recognized by Active Directory
1. Enable Kerberos logging
To correctly diagnose your issue, you will need to enable Kerberos logging on the machine hosting your IIS site. To do so, add the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Add Registry Value LogLevel with ValueType REG_DWORD and value
0x1.
Once you turn on logging, then you try to authenticate, you will get errors logged in your Windows Application Log. You can ignore the error KDC_ERR_PREAUTH_REQUIRED (this is just part of the handshake) but if you get the error KDC_ERR_C_PRINCIPAL_UNKNOWN that means your AD controller doesn't recognize your server therefore you need to follow the steps below.
2. KDC_ERR_C_PRINCIPAL_UNKNOWN
if you're getting KDC_ERR_C_PRINCIPAL_UNKNOWN, that means the name "mysite.mydomain.com" is different from how the AD recognizes your machine so it's unable to provide a valid kerberos ticket. In that case, you need to register a Service Principal Name (SPN) for " 'www.mysite.mydomain" on the AD.
On your AD controller, run this command - you will need Domain Admin privilege:
Setspn -A HTTP/mysite.mydomain YOUR_MACHINE_HOSTNAME
3. Use a custom identity for your Application pool
Finally, make you Application pool use a custom account that belongs to the Active Directory instead of using NetworkService. This can be done in advanced settings of your application pool.
and .. voila.
Notes: The problem could (unlikely) be related to having multiple SPNs registered to the same machine, in that case you will need to run a command to remove duplicate SPNs, but I doubt this is the case. Also try adding a different binding to your site (that doesn't use a custom name) something like htttp://localhost:custom_port_number and see if authentication works. If it works, this is an extra indication that you're suffering from the same problem I had.
Did you try putting the domain in front of the user name?
DOMAIN\username
If you don't have a domain account, try prefixing your username with the machine name:
MYCOMPUTER\myusername
You should check to see if you have Windows Authentication installed/enabled. That may sound weird but in IIS 7 you have to install and enable the various authentication methods. Check out http://support.microsoft.com/kb/942043/ for more info, see quoted section below.
Cause 1
The Web application is configured to use Integrated Windows
authentication. However, the Windows Authentication feature is not
turned on. Or, the Integrated Windows authentication native module
section of the ApplicationHost.config file or of the Web.config file
is not valid. To resolve this problem, see Resolution 1.
Original
Usually when you try to view an asp.net web page hosted on IIS and receive a login prompt it doesn't mean your credentials weren't received or that you aren't authenticated. What it means is that the account that your website is running under doesn't have the right permissions to work with the files.
In IIS 6 and 7 you can easily change the user account that your app pool runs under. Try changing the app pool identity to an account with more access specifically designed for this. Or if you want to stick with the existing account (IUSR_? Network Service?) you can grant that account more permissions on the directory where your website is stored.
This article is specifically targeted at BizTalk but has almost no references to it and focuses on troubleshooting permissions issues with IIS and app pools: http://msdn.microsoft.com/en-us/library/aa954062.aspx
Why local IIS? Can you use local IIS Express?
If so, try this. It seems that IIS Express by default has Windows Authentication set to false.
Change
<windowsAuthentication enabled="false">
to "true" in applicationhost.config file (under 'C:\Users[Profile]\Documents\IISExpress\config' folder). This works for me.
To ensure that IIS uses Windows Authentication, I think you should try to turn of other authtentication methods. If Anonymous Authentication is enabled, Windows authentication will not work. You can also read this Microsoft Support Article which describes IE and IIS requirements in details.
I got this error when I enabled Windows authentication. I wanted to authorize the user based on Windows login and there is no login page in my application.
I got the error fixed by adding the below in my Web config file.
Under the tag system.web, I changed authentication mode="None" to
authentication mode="Forms".
Under the tag appSettings, I added add key="owin:AutomaticAppStartup" value="false"
After reading the answer of Espen Burud, I solved my problem by changing in the root's web.config:
<allow users="*" />
to
<deny users="?" />
The page that needs Windows Authentication is not in the root, but in a sub directory with its own web.config with deny users ? but that did not make Windows Authentication working. Apparently, you need to deny users in the root for that to work.
The IIS config has Anonymous Authentication enabled; that did not matter. After the above change of web.config, Windows Authentication worked.
For Dot Net Core 2.2 and running on IIS, I was having issues with 401.2 Unauthorized when I would check the Enable Windows Authentication within my application. It was a exceedingly simple test website that did basically nothing, just to try and get windows authentication to work. I finally got the auth to work, and here's what you'll need:
Within Startup ConfigureServices:
services.AddAuthentication(IISDefaults.AuthenticationScheme);
Open the application's Properties, click Debug option on the left and make sure you check Enable Windows Authentication.
But here's the kicker that I had forgotten... Configure your system to have Windows Authentication installed on IIS. This was never setup on my machine, and regardless what I did, I would always get a 401 unauthorized error. After installing this (Win 10, IIS v10.0.18362.1) I now get a login prompt. This isn't exactly what I need at this point, but at least it's not the unauthorized error. Good luck and hopefully this helps.
I'm trying to access my TFS Server using SVNBridge so I can work disconnected. I tried using the server-based as well as client-based solution. I'm just getting internal server 500 errors returned. I'm not sure I'm connecting to the site correctly though.
Other posts I've read concerning SVNBridge seem to exclusively be about CodePlex and connecting to it through a CodePlex specific URL.
I'm trying to connect to my own TFS server and wondering how to properly format the URL. Do I need to do something special for that? I feel like I've tried everything. Anybody have any success doing such a thing?
So apprently the problem is related to TFS 2010 Beta 2. The issue is being tracked here:
http://svnbridge.codeplex.com/Thread/View.aspx?ThreadId=77164
Thanks.
Not sure if you are still looking for an answer but I just spent the better part of my weekend getting it to work, mostly through trial and error so here is what I learned.
You CANNOT download the zip files and get anything to work if you are using TFS-2010. Instead you MUST download the source code and compile the thing for yourself.
You have to do the build on a computer with IIS installed to use the website project as is. This is what I did rather than change the project to use the development web server.
If you don't have VS-2008 installed anymore you can just upgrade the whole solution to VS-2010 and everything will be fine. I even changed the target of the website project to the 4.0 Framework with minimal issues. I had to unload the TestsRequiredTfsClient project and the Tools.HttpSend project to get the rest of the projects to build.
After you have built the project you need to follow a couple of steps that are outlined on the SvnBidge home page in order to get the bits into the right location on the web server. Once that is complete then you need to tune up the web.config file.
Here are the appSettings that you need to change and the values you need to use:
<add key="LogPath" value="--directoryYouWantToKeepLogsIn--" />
<add key="DomainIncludesProjectName" value="False" />
<add key="TfsUrl" value="http://--tfsServerName--:8080/tfs/--projectCollection--" />
<add key="ReadAllUserDomain" value="--yourDomain--" />
<add key="ReadAllUserName" value="--domainUserName--" />
<add key="ReadAllUserPassword" value="--domainUserNamePassword--" />
If you decided to upgrade the website to the 4.0 Framework don't forget that you need to update the application pool to because it was probably created as 2.0.
After you are almost done now that the website is set up. You still need to install some performance counters from the SvnBridge.PerfCounter.Installer project. After complication just copy those bits over to the same server you just installed the website on and run the exe.
THIS DIDN'T WORK
Okay so last but not least is security. I don't use the Digest security because all of my users have a windows login so I left anonymous access enabled and then disabled all other forms of access except Windows Authentication.
Windows Authentication didn't work for all of the users, some of them were remote. After looking at the source code it became clear that Basic Authentication was the only choice that was going to work. I needed the users to log in as them selves and then have that username passed into TFS so that as the check-ins are done they can be recorded to the correct user.
RP