IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

IIS Hosting Europe - HostForLIFE :: Hosting ASP.NET Web API REST Service On IIS 10

clock August 5, 2022 07:35 by author Peter

To make any application accessible to the end-user, we need to host it on a server. So, in this article, we will learn how to host ASP.NET Web API REST Service in IIS 10. The following steps are required to host any application.

Step 1 Install IIS
Before hosting any application, make sure that IIS (Internet Information Services) is installed on your Hosting Server. If it is not installed or enabled, then follow the below steps.
    Click on Windows icon at the bottom left corner and find the "Control Panel" menu and click on it.
    In the "Control Panel", find the "Program and Features" option from the displayed list.
    This shows the list of installed programs. Find and click the "Turn Windows feature on or off" option from the left pane, as shown in the following image.

    Now, in the next popup, find Internet Information Services (IIS) and check on it.
    Click "Next" button and then "Finish". It takes a few minutes to install IIS.
    After installing IIS, restart your machine.

Note - I have Windows 10 OS and the above process is for Windows 10 PC. The steps might differ depending on your Operating System version.
Step 2 Install .NET Framework
Although Visual Studio is not required on your hosting Server, it must have .NET Framework installed, as per the .NET framework used to develop the application. If it is not installed, then please install the appropriate .NET Framework available on Microsoft official website.
I assume, you have installed the .NET framework on your Hosting Server.
Step 3 Move the published code on Hosting Server
Copy the "Published files" and paste those on respective Servers where you want to host the Web API REST Service. In our last article, we published Web API REST Service in the E drive of my Server, as shown in the following image .

Step 4 Open IIS Manager
Now, open the IIS Manager from Windows menu or in any other ways you have known.

The above image is of IIS 10 Manager of my Windows 10 machine. The view as well as options might be different on your machine depending on the OS version.

Step 5 Add Website
Right click on "Site" in IIS and click on add new website, as shown in the following screenshot.


After clicking on "Add Website" option, it displays the following configuration window.

I hope you understood the preceding configuration by highlighted text.
Step 6 Define Site Name & Application Pool
Define the site name which will be useful to uniquely identify the site within the IIS Server. After specifying the site name, choose the Application Pool from available pools. You can even create a custom application pool with any desired name. Currently, our IIS Manager has the following Application Pools.

Choose the application pool depending on your application configuration. In this article, we are going to choose DefaultAppPool.

Step 7 Browse and select Published Folder path
Now, choose the physical location of published code files by clicking on "Browse" button, as shown in the following image.

Now, click on "OK" button.
Step 8 Define IP address & Port
Choose one IP address from the list of available IP addresses and define the unique port number for the application, which will be unique within the defined IP address.

Step 9 Choose Protocol & Host name (optional )
Choose the protocol for your application i.e HTTP or HTTPS which requires port 443 to be open and choose the Host name which will be used publicly to access the application. After defining all the configurations, the web site configuration window will look like this.

Now, click on OK button. It will create and add the application in IIS.

Step 10 Browse the URL with REST Client
Browse the hosted application using REST client with base URL along with API, Controller name, and Action method name, with pattern defined in routing template inside the webapiconfig.cs file.
We can browse applications using the browser but then, we can only test the GET method. So, to test all types of Action Methods, we are using  advanced REST client which is a developer extension tool in Firefox browser.
Our hosted Web API REST Service includes these two methods, as given below.

    GetAllEmployees (GET )
    GetEmployeeById  (POST ) which takes id as input parameter

Browse GetAllEmployees method using Advanced REST client which has used HTTP GET verb.

The GetAllEmployees hosted Web API REST method is returning all the employee lists.
Now, browse GetEmployeeById method using Advanced REST client which uses HTTP POST verb and takes id as input parameter.

From the above desired output, it's clear that our Web API REST Service is hosted on IIS successfully.

    Download the Zip file of the Published code to learn and start quickly.
    This article is just guideline to show how to host Web API REST Service on IIS .
    Optimize the speed by setting debug as false etc., from web.config file as per your skills.
    In this article, the optimization is not covered in depth.
    Configure the authentication in IIS as per your REST Service .


I hope, this article is useful for all readers. If you have any suggestions, please mention them in the comments section.

IIS Hosting Europe - HostForLIFE :: Host And Publish .NET Core 6 Web API Application On IIS Server

clock July 4, 2022 09:35 by author Peter

We are going to discuss how to host and publish .NET Core 6 Web API on IIS Server

Basically, Internet Information Service (IIS) is the flexible and general-purpose web server provided by Microsoft that will be run on Windows and used to serve requested files.

Required Tools

    IIS Manager
    .NET Core SDK 6
    Visual Studio 2022

Let’s start,

Step 1
Create a new .NET Core Web API Project

Step 2
Configure your new project

Step 3
Provide additional information like .NET Framework Version, Open API, and HTTPS

Step 4
Project Structure

Step 5
Create the Product Controller and add one endpoint inside that class and also check other files which are created by default

using Microsoft.AspNetCore.Mvc;
namespace WebAPI.Controllers {
    public class ProductsController: ControllerBase {
        public IDictionary < int, string > Get() {
            IDictionary < int, string > list = new Dictionary < int, string > ();
            list.Add(1, "IPhone");
            list.Add(2, "Laptop");
            list.Add(3, "Samsung TV");
            return list;

Program.cs file
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment() || app.Environment.IsProduction()) {

Here also you can see we configure the HTTP request pipeline for both Development and Production Environment.

WebAPI.csproj file
<Project Sdk="Microsoft.NET.Sdk.Web">
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />

launchSetting.json file
  "$schema": "https://json.schemastore.org/launchsettings.json",
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:11254",
      "sslPort": 44315
  "profiles": {
    "WebAPI": {
      "commandName": "Project",
      "dotnetRunMessages": true,
      "launchBrowser": true,
      "launchUrl": "swagger",
      "applicationUrl": "https://localhost:7047;http://localhost:5047",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "launchUrl": "swagger",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"

Step 6
Run your application and use hit the API endpoint using swagger UI

Step 7
Check your all IIS Services are running on your system properly or not. If not then open the control panel and go to the program and features and click on Turn Windows Feature on or off


Apply the changes as I showed you in the above image and click on apply and then restart your computer

Step 8
After restarting your computer will see IIS Manager in the search box and open it.

Now, check your running IIS using localhost in the browser

Step 9
Install ASP.NET Core 6.9 Runtime – Windows Hosting Bundle Installer

Step 10
Now, we are going to publish our application for that, right-click on WebAPI Project and click on publish

As you see it will take the default path, so change that path to c:\inetpub\wwwroot\publish after creating publish folder over there

Step 11
Here you can see all the configurations related to publishing like path and some environmental variables and later on click on publish

Step 12
Open IIS Manager and create a new Web Application after right click on the sites

Step 13
Click on Web API and on the right side you can see the browse option so click on that and open the application inside the browser

Step 14
In the browser when you hit the Web API endpoint using Swagger then will see the following list of products as an output

In this article, we discussed .NET Core 6 Web API hosting and publish related things using IIS and things related to that step-by-step. I hope you understand all things.
Happy Coding!

IIS Hosting Europe - HostForLIFE :: Deploy ASP.NET Core API application In IIS

clock March 29, 2022 09:04 by author Peter

ASP.NET Core is a cross platform and open source framework which is used to build  modern web apps, API services and many more. In this article we are going to see how to deploy the ASP.NET Core API application in IIS.


    Visual Studio 2019

Creating an application
Open Visual Studio 2019 -> Click on create new project from the start up screen.

Click on ASP.NET Core Web application template -> give the project name, in my case I named it as AspCoreHosting -> click on create.
Choose API template, as shown in below figure.

Now run the application from visual studio and test the API in POSTMAN as shown in the below figure.

Deploy the application to IIS
Let’s create a package of the application, right click on the project and select publish, as shown in the below figure.

Choose IIS, FTP, etc option from publish target list and choose the publish method as file system, and click on save.

Open IIS, right click on application pools -> Add app pool -> Choose the .NET CLR Version as No Manager Code and name the app pool. in my case I named it as .NET Core V2.2 with pipeline mode as Integrated.

Creating a new application pool for .NET Core is optional
Right click on sites -> Add site ->Give the Site name -> select the Application pool as .NET Core V2.2 -> choose the package path -> and give a port number as shown in the below figure.

Run the web site

Oops we got a configuration error. The problem is, to run the .NET Core application in IIS we need to install “dot net core windows hosting bundle”. Just download and install it using the below link.


Once it is installed, test the API using POSTMAN tool

Yes, now the application is up and running in IIS
We have seen how to deploy the ASP.NET Core API application in IIS by installing the dot net core windows hosting bundle.

IIS Hosting Europe - HostForLIFE :: Error Occurred in Deployment Step Recycle IIS Application Pool

clock March 25, 2022 09:01 by author Peter

This article describes what to do about a specific error that could occurr in the deployment step of recycling an IIS application pool.

An error has occurred in the deployment step of "Recycle IIS Application Pool': The communication object, System.ServiceModel.InstanceContext, cannot be used for communication because it has been Aborted.

Simple way to let the Deploy occur
1. Click "Start" -> "Run...".

2. Type "iisreset" as in the following:

3. Wait untill IIS stops then starts again as in the following:

4. Right-click on your SharePoint project then click "Deploy" as in the following:

5. Deploy will now succeed.

6. If you are still seeing "Error occurred in deployment step 'Recycle IIS Application Pool'" then please restart your SharePoint Server Front Web application.

IIS Hosting Europe - HostForLIFE :: Configure And Host On IIS For .Net Core/.Net 5+ Web Application In Windows 10

clock March 14, 2022 07:38 by author Peter

What is ISS?
Internet Information Services (IIS) is web server from Microsoft that runs on Windows systems to serve requested HTML pages or files.

Enable ISS
By default, ISS is disabled in windows, so to use it, first needs to be enabled. To enable and use IIS, Administrator Rights are required.

For .net core application hosting we need to install net core host bundle. Click here for the download link.

After the installation we need to enable IIS by following the next steps:

  • Open Control Panel
  • Select Programs and features
  • Select Turn Windows features on or off

Select Internet Information Services and Hostable Web core. Press ok. It will take some minutes to load everything.

After ISS is enabled, go to search bar in windows and type IIS, and open Internet Information Services Manager
That’s it, you have successfully enabled ISS on your machine.

An application to run on ISS needs to be published. Publishing in visual Studio for IIS is very easy by using the following steps:

  • Right click on your project
  • Select Publish
  • Select Folder option. With this you will select where the application will be published

Select the path

Press Finish

  • Press publish button
  • Done, your application is not published on the desired path

Host application
In order to host an application on ISS, a website and an application pool needs to be created.

Create Website

  • From left area Select Sites
  • Right click -> Add Website
  • Configure the Site
  • Site name: your desired site name

            Physical Path: the location of the folder for the published location
            Biding, select your IP address, this will be your site address
            Change port from 80 to something else, example 90

  • Press ok

Application pool

  1. From left area Select Application Pools
  2. Select Default application pool
  3. On the Right select Basic Settings
  4. At .NET CLR version select no managed code (specific for .net core applications)
  5. Press ok

Now you have a hosted application in IIS.

IIS Hosting Europe - HostForLIFE :: How to Restart a Remote Server Using Command Prompt

clock October 21, 2021 08:39 by author Peter

Sometimes the servers are remotely located and doesn’t respond, so you need to restart them. We can restart the remote server forcefully, but the user should be a server administrator or a member of the server administration to be able to Launch the command prompt (as an administrator) and run the below command. The user should have administrator permissions on the server.

Command: c:\windows\system32\shutdown /r /f /t 0 /m \\<Server Name> /c “<Description>”

/r Shutdown and restart the computer.
/f Force running applications to close without forewarning users.
/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-600, with a default of 30.
/m \\computer Specify the target computer.
/c "comment" Comment on the reason for the restart or shutdown.

Once again, you enter the above command and you will get a message that the system shutdown processing

IIS Hosting Europe - HostForLIFE :: Set Default Browser To Microsoft Edge Using PowerShell

clock October 18, 2021 07:41 by author Peter

This article will cover the steps to set the Microsoft EDGE as Default Browser using PowerShell if the current browser is Internet Explorer.

Need for the change
In 2021, Microsoft stops support for Internet Explorer for most Azure and Office 365 applications, forcing all the windows customers to use other Browsers or Microsoft EDGE as the Default browser to get web application support.

Microsoft also provided the documentation to set Microsoft EDGE as default using GPO by configuring DefaultAssociationsConfiguration. Here is the link to change the default browser for all users.

I thought of a solution that only changes the default browser if the current default is Internet Explorer, not changing anything for the user with Chrome or Firefox. I use simple PowerShell If condition to achieve the solution.

It's a simple three-step process.

    First, create the default associations configuration file as per the Microsoft document and store that to Network Share with access to all users.
    Second, use the PowerShell command to capture the current default browser.
    Third, use the if condition in PowerShell to match & create the registry key for DefaultAssociationsConfiguration.

I use the Microsoft document from the link to create an XML file that sets Microsoft Edge as the default application for specific protocols.

<?xml version="1.0" encoding="UTF-8"?>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".html"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".htm"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="http"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="https"/>

Store the XML to Network Share e.g. \\NetworkShare\EDGE\defaultapplication.XML

The next step is to capture the default browser details from the system using PowerShell.

To do that, we will check the registry value of ProgId at HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice.

$Path = (Get-ItemProperty HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice -Name ProgId).ProgId

The table shows the meaning of each value,

Value Data Browser
IE.HTTP Internet Explorer
ChromeHTML Chrome
FirefoxHTML-308046B0AF4A39CB Firefox

The next step is to create registry value DefaultAssociationsConfiguration at HKLM:\SOFTWARE\Policies\Microsoft\Windows\System and set the value data to the XML file on Network Share (\\NetworkShare\EDGE\defaultapplication.XML) using PowerShell.

$RegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System'
$Name = "DefaultAssociationsConfiguration"
$value = '\\NetworkShare\EDGE\defaultapplication.XML'

New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType String -Force | Out-Null

Now merge both the PowerShell command and use the IF condition to match the value to IE.HTTP. This way, the script will only create the Registry value if the condition match else it exits the script.
$Path = (Get-ItemProperty HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice -Name ProgId).ProgId
$RegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System'
$Name = "DefaultAssociationsConfiguration"
$value = '\\NetworkShare\EDGE\defaultapplication.XML'
$result = "IE.HTTP"
IF($Path - eq $result) {
    New - ItemProperty - Path $registryPath - Name $name - Value $value - PropertyType String - Force | Out - Null

At the next reboot, the system will update Microsoft EDGE as a default browser.

This small PowerShell script will allow the System admins to change the default browser from Internet Explorer to Microsoft Edge without bothering Chrome and Firefox users.

Feel free to change the $result value in the command to use this script with any browser.

The administrator can use this script as a Logon script using GPO or Task Sequence in SCCM to push this configuration.

We have used the Basic PowerShell command to verify the default browser and change to Microsoft EDGE if the current default is Internet Explorer.

IIS Hosting Europe - HostForLIFE :: GZip Compression on IIS

clock October 1, 2021 07:48 by author Peter

IIS 7.x improves internal compression functionality dramatically making it much easier than previous versions to take advantage of compression that's built-in to the Web server. IIS 7.x also supports dynamic compression which allows automatic compression of content created in your own applications (ASP.NET or otherwise!). The scheme is based on content-type sniffing and so it works with any kind of Web application framework.

There are two approaches available here:
- Static Compression
Compresses static content from the hard disk. IIS can cache this content by compressing the file once and storing the compressed file on disk and serving the compressed alias whenever static content is requested and it hasn't changed. The overhead for this is minimal and should be aggressively enabled.

- Dynamic Compression
Works against application generated output from applications like your ASP.NET apps. Unlike static content, dynamic content must be compressed every time a page that requests it regenerates its content. As such dynamic compression has a much bigger impact than static caching. Before you read this tutorial, I would recommend you to read this documentation how to setup dynamic compression in IIS 7.

How Compression is configured:
Compression in IIS 7.x  is configured with two .config file elements in the <system.WebServer> space. The elements can be set anywhere in the IIS/ASP.NET configuration pipeline all the way from ApplicationHost.config down to the local web.config file. The following is from the the default setting in ApplicationHost.config (in the %windir%\System32\inetsrv\config forlder) on IIS 7.5 with a couple of small adjustments (added json output and enabled dynamic compression):
<?xml version="1.0" encoding="UTF-8"?>

    <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
      <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" staticCompressionLevel="9" />
        <add mimeType="text/*" enabled="true" />
        <add mimeType="message/*" enabled="true" />
        <add mimeType="application/x-javascript" enabled="true" />
        <add mimeType="application/json" enabled="true" />
        <add mimeType="*/*" enabled="false" />
        <add mimeType="text/*" enabled="true" />
        <add mimeType="message/*" enabled="true" />
        <add mimeType="application/x-javascript" enabled="true" />
        <add mimeType="application/atom+xml" enabled="true" />
        <add mimeType="application/xaml+xml" enabled="true" />
        <add mimeType="*/*" enabled="false" />

    <urlCompression doStaticCompression="true" doDynamicCompression="true" />   


What is httpCompression and How it works?
Basically httpCompression configures what types to compress and how to compress them. It specifies the DLL that handles gzip encoding and the types of documents that are to be compressed. Types are set up based on mime-types which looks at returned Content-Type headers in HTTP responses. For example, I added the application/json to mime type to my dynamic compression types above to allow that content to be compressed as well since I have quite a bit of AJAX content that gets sent to the client.

How to Enables and Disables Compression
The urlCompression element is a quick way to turn compression on and off. By default static compression is enabled server wide, and dynamic compression is disabled server wide. This might be a bit confusing because the httpCompression element also has a doDynamicCompression attribute which is set to true by default, but the urlCompression attribute by the same name actually overrides it.

The urlCompression element only has three attributes: doStaticCompression, doDynamicCompression and dynamicCompressionBeforeCache. The doCompression attributes are the final determining factor whether compression is enabled, so it's a good idea to be explcit! The default for doDynamicCompression='false”, but doStaticCompression="true"!

How Static Compression Works
Static compression works against static content loaded from files on disk. Because this content is static and not bound to change frequently – such as .js, .css and static HTML content – it's fairly easy for IIS to compress and then cache the compressed content. The way this works is that IIS compresses the files into a special folder on the server's hard disk and then reads the content from this location if already compressed content is requested and the underlying file resource has not changed. The semantics of serving an already compressed file are very efficient – IIS still checks for file changes, but otherwise just serves the already compressed file from the compression folder.

Because static compression is very efficient in IIS 7 it's enabled by default server wide and there probably is no reason to ever change that setting. Dynamic compression however, since it's more resource intensive, is turned off by default. If you want to enable dynamic compression there are a few quirks you have to deal with, namely that enabling it in ApplicationHost.config doesn't work. Setting:
<urlCompression doDynamicCompression="true" />

in applicationhost.config appears to have no effect and I had to move this element into my local web.config to make dynamic compression work. This is actually a smart choice because you're not likely to want dynamic compression in every application on a server. Rather dynamic compression should be applied selectively where it makes sense. However, nowhere is it documented that the setting in applicationhost.config doesn't work (or more likely is overridden somewhere and disabled lower in the configuration hierarchy).

So: remember to set doDynamicCompression=”true” in web.config!!!

Dynamic Compression
By default dynamic compression is disabled and that's actually quite sensible – you should use dynamic compression very carefully and think about what content you want to compress. In most applications it wouldn't make sense to compress *all* generated content as it would generate a significant amount of overhead.

There are also a few settings you can tweak to minimize the overhead of dynamic compression. Specifically the httpCompression key has a couple of CPU related keys that can help minimize the impact of Dynamic Compression on a busy server:

By default these are set to 90 and 50 which means that when the CPU hits 90% compression will be disabled until CPU utilization drops back down to 50%. Again this is actually quite sensible as it utilizes CPU power from compression when available and falling off when the threshold has been hit. It's a good way some of that extra CPU power on your big servers to use when utilization is low. Again these settings are something you likely have to play with. I would probably set the upper limit a little lower than 90% maybe around 70% to make this a feature that kicks in only if there's lots of power to spare. I'm not really sure how accurate these CPU readings that IIS uses are as Cpu usage on Web Servers can spike drastically even during low loads. Don't trust settings – do some load testing or monitor your server in a live environment to see what values make sense for your environment.

Finally for dynamic compression I tend to add one Mime type for JSON data, since a lot of my applications send large chunks of JSON data over the wire. You can do that with the application/json content type:
<add mimeType="application/json" enabled="true" />

In summary IIS 7 makes GZip easy finally, even if the configuration settings are a bit obtuse and the documentation is seriously lacking. But once you know the basic settings I've described here and the fact that you can override all of this in your local web.config it's pretty straight forward to configure GZip support and tweak it exactly to your needs.

Static compression is a total no brainer as it adds very little overhead compared to direct static file serving and provides solid compression. Dynamic Compression is a little more tricky as it does add some overhead to servers, so it probably will require some tweaking to get the right balance of CPU load vs. compression ratios. Looking at large sites like Amazon, Yahoo, NewEgg etc. – they all use

IIS Hosting Europe - HostForLIFE :: Internet & Web IP Address and Domain Restrictions in IIS 8

clock September 24, 2021 08:03 by author Peter

This article covers how to configure Dynamic IP Restrictions.

IP Address and Domain Restrictions is one of the great built-in features of IIS 8. Configuring this feature allows a website administrator to selectively permit or deny access to the web server, websites, folders or files that makes your server more secure. One can configure and set the limits based on specific IP address(es) or frequency of requests from a specific IP over a period of time. By default all the clients requesting the website are permitted all access unless specifically rejected.

This feature was available in previous versions of IIS where you can block one IP or range of IP addresses. The disadvantage in this was first you need to know the person doing suspicious activity on your website based on the tools like Log Parser for checking the site logs then you can just block that IP or range of IP addresses using Deny Rules. Most of professional attackers (hackers) will use a variety of IPs from proxy servers so by the time you've blocked a handful a new range could be starting up.

Installing IP Address and Domain Restrictions in IIS 8
This feature is not installed by default. One must install the feature from the Turn Windows features On and Off window.

For that use the following procedure:

Open the Control Panel.

Click on the Programs feature.

In that Click on Turn Windows features on or off under Programs and Features.

Install the required features.

Configuring IP address and Domain Restrictions in IIS Manager
Open the IIS Manager. (Click WIN+R, enter inetmgr in the dialog and click OK. Alternatively, search for IIS Manger in the Start window).

Click on the IP Address and Domain Restrictions feature in the feature pane under the IIS section.

Once you opened this feature, you will see a window as in the following image.

The Action Pane elements are the elements used for defining the rules for allowing or denying the specific IP address(es). Let's have a deeper look into each of these elements.

Edit Feature Settings

  • This action is used for specifying the default access to all unspecified clients in Add and Deny rules.
  • On clicking this action, it will open up a window as in the following image.


  • Select Allow in the Access for unspecified clients dropdown if you are to allow all clients by default else select Deny.
  • If you want to configure rules based on the client's DNS name then check the Enable Domain Name Restrictions checkbox. If you click on OK to save the settings when this checkbox was checked then it will show a warning (as in the following image) that states that doing DNS lookups is a potentially expensive operation. Click on Yes to enable DNS lookup restrictions.

  • If you want to enable the requests that come through a proxy server then check Enable Proxy Mode checkbox.
  • Choose the Default Deny Action Type for sending the response to clients when you are denied a request. It can be either Unauthorized (401), Forbidden (403), Not Found (404) or Abort the request.
  • Once you have selected your options click on OK to save the settings.

Add Allow/ Deny Entry

  • These two action types are used for defining the rule for allowing or blocking the specific IP address or range of IP addresses.
  • On clicking the action, it will open one window as provided in the following image.

  • To create a rule for a specific IP Address, select Specific IP Address and enter the client IP address in the provided TextBox.
  • To create a rule for a range of IP addresses, select IP address range and enter the subnet and subnet mask in the provided textboxes. For example, to permit access to all IP addresses in the range from to then enter the subnet as and subnet mask as the
  • If you have enabled Domain Name Restrictions in the feature settings, then you will be able to set restrictions based on DNS names else this option will not be available. To create a rule for a client domain name, then select Domain name and enter the DNS name.
  • After entering the details click on OK to add the rule.

Edit Dynamic Restriction Settings

  • This is the new feature that came with IIS 8.
  • On configuring this feature one can secure their web applications from automated attacks like Dictionary attacks.
  • This action allows to dynamically determine whether to block certain clients, based on number of concurrent requests at a time or number of requests over a period of time.
  • On clicking this action, it will open a window as provided in the following image.

  • If you want to restrict the client based on a number of concurrent requests, then check the Deny IP Address based on number of concurrent requests check boxand enter Maximum number of concurrent requests count in the provided TextBox.
  • If you want to restrict the client based on number of requests over a period of time, then check the provided checkbox and enter the details in the provided textboxes.
  • Check the Enable the Logging Only Mode checkbox if you want IIS to log requests that would be rejected.

View Ordered List

  • This action is used for changing the rule priority.
  • On clicking this action, you will be able to see the screen that is showing rules places in the order and with multiple action elements as provided in the following image.

  • Rules located at the top of the list have higher priority.
  • Use Move Up and Move Down actions to change the priority of the rules.
  • Once you are done with changing the order of the rules then click on View Unordered List to return to the screen that allows you to add and remove rules.


  • This action is used to remove the rules that are not required.
  • To view this action click on any of the rules in the feature pane and then click on Remove to remove the rule.
  • On clicking Remove, you will get a warning as in the following image. Click on Yes to remove the rule.

Feature pane elements that give the information about the rules are applicable to the current web site or virtual application.


  • This displays the type of rule. It contains the values, either Allow or Deny, that indicates whether the created rule is to allow or deny access to content.


  • This displays the specific IP address or range of IP addresses or domain name defined in the Add Allow/Deny Restriction Rule.

Entry Type

  • This displays whether the item is local or inherited. Local items are added in the current application level and inherited items are added from a parent application level.

IIS Hosting Europe - HostForLIFE :: Windows Authentication in MVC4 With IIS Express

clock September 21, 2021 07:02 by author Peter

MVC4 has gone through some major changes in Windows Authentication functionality with IIS Express. In this article you will learn how to enable Windows Authentication in MVC4 Web Application on IIS Express. Just use the following procedure.

On the Cassini web server it was quite difficult to test Windows Authentication. It also doesn't support SSL, URL Rewriting Rules and so on. With IIS Express as your development server you allows have full advantage of all web-server features (SSL, URL Rewrite Rules and so on). IIS is a full-fledged web-server, which means you'll get an experience closer to what it will work like when you deploy the application on a production server.

Use the following procedure to enable this in MVC4.

Step 1
Create an MVC Web Application, preferably using an Internet Application template or Intranet Application template.

Step 2
Open the Web.config file and make the following modifications:
    <authentication mode="Forms">  
      <forms loginUrl="~/Account/Login" timeout="2880" />  
    <authentication mode="Windows" />

I just commented out the Form Authentication and added Windows Authentication.

Step 3
By default MVC apps use Form Authentication and Simple Membership, so you need to make it "false" to run Windows Authentication.
      <add key="webpages:Version" value="" />  
      <add key="webpages:Enabled" value="false" />  
      <add key="PreserveLoginUrl" value="true" />  
      <add key="ClientValidationEnabled" value="true" />  
      <add key="UnobtrusiveJavaScriptEnabled" value="true" />  
      <add key="autoFormsAuthentication" value="false" />  
      <add key="enableSimpleMembership" value="false"/>  

Step 4
Select the project name in Solution Explorer and then in the Property Explorer, click to enable Windows Authentication.

These settings are called development server settings that work with IIS Express and they don't make any changes in the actual configuration settings.

Step 5
In the property explorer you can disable the Anonymous Authentication if you want your complete website for authenticated users on the development server.

Step 6
If you have already disabled the anonymous authentication as suggested in Step 5 above then you don't need to do/repeat this step.

If you don't then let's go and make a controller action for authorized users, as given below.

Alternatively, you can use an [Authorize] action filter with the controller directly instead of individual action methods to make every action method for authorized users.

Step 7
Notice that in the step above I'm using an [Authorize] action filter with an "About" action. So, when I hit the about view page, I'll be prompted to enter my Windows credentials.

When I entered my credentials and hit Login, I will see my Windows authentication working.

About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2016 Hosting, ASP.NET Core 2.2.1 Hosting, ASP.NET MVC 6 Hosting and SQL 2017 Hosting.

Tag cloud

Sign in