June 28, 2005
Scott Mitchell says the best new ASP.NET feature in VS.NET 2005 is the integrated webserver. I agree. No more ditzing around with annoying IIS dependencies and install issues: aspnet_regiis, anyone? Tight coupling of VS.NET to IIS is also number three in K Scott Allen's worst of the .NET 1.x years. Good riddance IIS, hello Son of Cassini!
Unfortunately, we're still stuck with VS.NET 2003 in the meantime, and Windows XP's IIS 5.1 is thoroughly crippled out of the box. It allows only one root website, and a maximum of ten concurrent connections to that website. Microsoft really, really doesn't want us hosting slashdot.org on our XP Pro box. These limits are so aggressive that they can get in the way of legitimate localhost development. But there are workarounds.
- Increase the 10 concurrent connection limit
Are you getting 403.9 "Access Forbidden: Too many users are connected" errors on an XP Pro website? You're limited by default to 10 concurrent connections by design, but this can be increased. First, make sure your default windows script host is set to the console (cscript.exe) one.
Next, let's increase the connection limit to 40.
C:\Inetpub\AdminScripts\adsutil set w3svc/MaxConnections 40
Note that this is a hard-coded limit; it can't be increased any further unless you like patching windows system files. You can, however, make the IIS connection timeout more aggressive so connections don't last as long.
- Run more than one root website
IIS 5.1 only allows one root website. This is fine if your websites run under subfolders:
But it's kind of a pain if your websites must run as root, or need to be tested when running as root:
In that case, you'd have to edit your hosts file, and switch the default home directory for the default website. But there's a better way. You can hack up multiple web sites in IIS 5.1 via command line tricks, or you can use this nifty little GUI utility which automates that for you. It works great-- you'll even see multiple websites show up in the IIS manager. But bear in mind that, unlike the server versions of IIS, only one website can be active at any given time.
Posted by Jeff Atwood
bank's web application was programmed to use root or admin level access for everything?
I guess I don't see a big disparity between testing with ASP.NET running as admin on localhost, then deploying to a server where ASP.NET runs as a less privileged account.
Note that I'm not ADVOCATING this per se, but if Cassini and the VS.NET 2005 embedded webserver implementations *require* admin as you say, I think it's a reasonable tradeoff to get rid of the IIS dependency which is an ongoing PITA.
I hear what you're saying, but is security really such a big deal for a web app that's going to run 100% server side? To me, that's more about validating input and making sure your host IIS/windows is hardened.
I think the "run as limited user" functionality in VS.NET 2005 is far more important and useful. As it stands in 2003, it's nearly impossible to test limited user rights (eg, limited framework permission) scenarios.
One tip. Don't forget to enable INTEGRATED AUTHENTICATION for any websites you're debugging at the root via VS.NET 2003. This is standard, of course, but for some reason, I was getting a really cryptic error when trying to do this via localhost, so it was hard to tell what was wrong.
Here's how I solved the problem.
Bought a workstation with 2 gigs of ram.
Installed VMWare Workstation.
Installed W2003 Server Enterprise in a virtual box. Put SQL Server Reporting Services in there, too. Found other uses for this, too, like having a place for VS Studio 2005 beta.
Even did this on my laptop (1.5 gig).
Correct link for XP Pro IIS Admin is:
That util also provide automatic setup of some asp scripts at your local web server and some other features.
Next version will support "hosts" file. :)
Even better: get rid of IIS and install Apache+mod_mono in Linux. That's what I use to run my blog directory and it works wonderfully!
XP Pro IIS admin with hosts file support has been just released.
you can check it here:
Major updates: Windows vista support, hosts file management, using hosts names in addition to localhost and port value other then 80 support on local websites.
when I go to enter the ---adsutil set w3svc/MaxConnections 40---,
I get an "error trying to get the object: w3svc". It worked fine on one xp system, but the one I really want it to work on gives the error. Anyone seen this?
Thank you very much for the tips.
I have applied the setting recomended above.
They work but i am still not satisfied because my client can only afford to run the production app on an XP license. I am so desperate that i am thinking of configuring multiple 3 or four XP boxes as web servers and assigning different web clients to different servers.
Cassini is a horrid way of doing any serious web development work.
It's great for a quick start server or for the hobbyist, but if you are billing someone for web development or building something for yourself that makes any use of user authentication, multiple sessions or requires high levels of availability then you're going to only hurt yourself persisting with Cassini.
it would be nice if the unix geeks could resist with switch to apache comments. you're not helping.
I'm not a unix geek, but I use Apache on a Windows XP box, and none of the limitations of IIS 5.1. :o)
But if you want ASP, you have to grab one of the ASP on Apache ports, though I've never used them (php for the win!), I've read that some of them work fine.
DUDE! The link on how to create new websites from the command line totally saved my bacon. THANKS!!!!
I wish people would stop promoting Cassini as a solution. It's utterly inappropriate for development. Cassini runs as an interactive user process not as a service under a specified service account. This makes building anything with security in mind very difficult and sometimes impossible. If you do attempt to build a secure application using Cassini you run the very great risk of writing extra code that is unnecessary for your production environment.
BTW, the minimal webserver included in VS 2005 runs into the same problems. Microsoft has not solved the problem of ASPNET development on XP Pro.
Would you be okay if you knew your bank's web application was programmed to use root or admin level access for everything? Security is very important for a server application.
Why not run Cassini through runas and attach-to-process for the security-sensitive test cases?
Seems like more of a solution than IIS5.1@localhost for development.
After entering adsutil set w3svc/MaxConnections 40 my iis install stops serving pages for anything other than Default Web Site. Has anyone else had this issue?
bizarre - it's started working again... I tried the dispnode.vbs script to take a look at the site I was attempting to configure and the server magically started working again. sorry for the false alarm.