Category: IIS

AppDomain recycles

Adding this for my own reference but if anyone else finds it useful then feel free to use it.

AppDomains – what are they?

An application domain is an application within a application pool; an application domain is loaded into the application pool when a user request triggers it. The application domain may load dlls, configuration files (.config), etc.

What causes an AppDomain to recycle then?

Application domains will recycle under the following conditions:

  1. Machine.config is touched or modified i.e. c:\windows\\framework[64]\v[1.1|2.0|3.0|3.5|4.0]\CONFIG\.
  2. The global web.config is touched or modified i.e. c:\windows\\framework[64]\v[1.1|2.0|3.0|3.5|4.0]\CONFIG\.
  3. The site local web.config is modified or touched (feature delegation can be a culprit here i.e. default docs, handler mappings); 
  4. Any application web.config is modified or touched.
  5. Any modifications to the App_[global_resources|local_resources|web_resources|data|code|browsers|themes] directories within the local site i.e. adding a file.
  6. Any modifications to the bin folder within the wwwroot i.e. adding a file.
  7. Adding folders within the application domain i.e. the root application could be wwwroot

NOTE: touching the file denotes opening it and making a change i.e. that could simply be adding a space to the end of the file.

Creating websites in IIS 7 / 7.5 using PowerShell

Script available in GitHub here –

The main reason I created this script was to speed up the time it took to create a website; from creating the folder structure, anonymous user account, assigning NTFS permissions and finally creating the IIS configuration.

The script end to end will:

  • Check whether IIS is installed
  • Check whether the web administration module is available
  • Prompt for a website / domain name, IP address, anonymous user account name and password and web root i.e. the drive letter where website folder structure should be created
  • Set the anonymous authentication mechanism of IIS to use the application pool identity
  • Create a anonymous user account for the site and application pool (there is the option to specify a pre-existing user account)
  • Create a folder structure
    • [drive letter]:\[domains]\
    • [drive letter]:\[domains]\[website name]
    • [drive letter]:\[domains]\[website name]\[wwwroot]
    • [drive letter]:\[domains]\[website name]\[logs]
  • Assign NTFS permissions to the folder structure created above
    • Set List contents on [drive letter]:\[domains]\[website name] for the anonymous user account
    • Set Read and Execute on [drive letter]:\[domains]\[website name]\wwwroot for the anonymous user account
  • Create an application pool within IIS
    • Configure the application pool process model identity
  • Create a website within IIS
    • Configure the website to use the application pool created above
    • Configure the website bindings (IP, Port and host header(s)
    • Confgure the website logging location

All the above steps are validated in some form by using

  • Regex
  • Web Administration snapin / module functionality
  • PowerShell cmdlets
  • Custom PowerShell functions

The following improvements are required: (In my opinion)

  • Resetting the root drive permissions (one time run) to remove all NTFS permissions except for Administrators and SYSTEM. Standalone PowerShell script here
  • Configure the W3C logging fields; i generally select date, time, client IP, Server IP, URI stem, URI query, protocol status, bytes sent, bytes received, user agent, cookie and referrer.

An alternative way to set the logging would be to execute this command from a command prompt:

appcmd.exe set config  -section:system.applicationHost/log /centralW3CLogFile.logExtFileFlags:”Date, Time, ClientIP, ServerIP, UriStem, UriQuery, HttpStatus, BytesSent, BytesRecv, UserAgent, Cookie, Referer”  /commit:apphost