This question was asked so many times, and in this occasion I am going to share with you how to change application pool identities in IIS 8 using PowerShell, there are several ways to do so, and one of my favorite ways to get and change information about an application pool is through the IIS Provider that’s loaded when importing the WebAdministartion module.

You can get basic information about the pool using the Get-Item cmdlet.
PS> Get-Item -Path IIS:\AppPools\MyTest | format-List *

In that picture you can see that a list of application pool settings and information is displayed, but you will also see that some seem hidden from you. ProcessModel contains the identity information in a property named IdentityType The one we want for the application pool identity is ProcessModel. You can retrieve the information from ProcessModel by using the Get-ItemProperty cmdlet.

PS> Get-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel

ProcessModel contains the property IdentityType that holds the application pool identity. Now, if you are one of those hip PowerShell folks you know that you can get this information without reading a long list on the screen with the following:

PS> Get-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel | Select-object IdentityType

But this is IIS and things work better if you change how you operate just a little bit. So, instead of using Select-Object to grab the IdentityType, I’m going to accomplish that in a slightly different approach.  Notice the –Name parameter below:

PS> Get-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel.IdentityType

It’s a bit unusual, but this will make it much easier to change the IdentityType with the Set-ItemProperty cmdlet. Before I show you how to change the application pool identity, the values for the identity are Int32 (numbers). here are the identities and their corresponding numbers.

LocalSystem = 0
LocalService = 1
NetworkService = 2
SpecificUser = 3
ApplicationPoolIdentity = 4

So, to change the application pool identity using the Set-ItemProperty to something like “NetWorkService” would look like this:

PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name ProcessModel.IdentityType -value 2

Most of the time when an admin needs to change the application pool identity it’s because they want application pool isolation. This means changing the identity to a specific account and password.  Here is an example of how to do that:

PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name processmodel.identityType -Value 3
PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name processmodel.username -Value Administrator
PS> Set-ItemProperty -Path IIS:\AppPools\MyTest -Name processmodel.password -Value P@ssw0rd

While publishing Web API using Visual Studio, you may run into some errors. This article helps to provide the solution to the possible errors that will occur. When you publish the Web API from Visual Studio, the following error may possibly come up.

Output class library not set error while hosting web API
OutputPath property is not set for project 'Company.Directory.Web.csproj'. Please check to make sure that you have specified a valid combination of Configuration and Platform for this project. Configuration=Release Platform='AnyCPU'. You may be seeing this message because you are trying to build a project without a solution file, and have specified a non-default Configuration or Platform that doesn't exist for this project.

Solution

When you try to publish for the first time, one of the reasons for the above error to pop up is due to the incorrect settings in .csproj.user file of the solution.

Open the .csproj.user file in the solution and change the settings in the file.

Add the following code in the file.
    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' "> 
        <DebugSymbols>true</DebugSymbols> 
        <DebugType>full</DebugType> 
        <Optimize>false</Optimize> 
        <OutputPath>bin\</OutputPath> 
        <DefineConstants>DEBUG;TRACE</DefineConstants> 
        <ErrorReport>prompt</ErrorReport> 
        <WarningLevel>4</WarningLevel> 
    </PropertyGroup> 
    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "> 
        <DebugType>pdbonly</DebugType> 
        <Optimize>true</Optimize> 
        <OutputPath>bin\</OutputPath> 
        <DefineConstants>TRACE</DefineConstants> 
        <ErrorReport>prompt</ErrorReport> 
        <WarningLevel>4</WarningLevel> 
    </PropertyGroup> 
    <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Dev|AnyCPU'"> 
        <DebugSymbols>true</DebugSymbols> 
        <OutputPath>bin\</OutputPath> 
        <DefineConstants>DEBUG;TRACE</DefineConstants> 
        <DebugType>full</DebugType> 
        <PlatformTarget>AnyCPU</PlatformTarget> 
        <ErrorReport>prompt</ErrorReport> 
        <CodeAnalysisIgnoreBuiltInRuleSets>false</CodeAnalysisIgnoreBuiltInRuleSets> 
        <CodeAnalysisIgnoreBuiltInRules>false</CodeAnalysisIgnoreBuiltInRules> 
        <DeployIisAppPath>Port 80/directory/dev</DeployIisAppPath> 
    </PropertyGroup> 

Solution to 500.19 internal server error while hosting Web API

Solution

The above error will pop up when you do not have the permission to access the folder/web.config file.

•     In Windows Explorer, locate the web.config file that is associated with the Web site.
•     Right-click the web.config file
•     Click Properties.
•     Click the Security tab, and then click Edit.
•     Click Add.
•     In the Enter the object names to select box, IUSR, click Check Names, and then click OK.
•     Click to select the Read check box, and then click OK.
•     In the Web.config Properties dialog box, click OK.

Solution to 500.21 internal server error while hosting Web API

Solution

One of the reasons for the error 500.21 Internal Server Error to pop up, is when ASP.NET is not installed completely in your system.
    Run the command prompt as administrator.
    Type the line in the command prompt below any one.

    %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
    or
    %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -I

Solution to login for application pool access error is denied while hosting Web API

Solution

Create the application pool in IIS by selecting the .NET version which your project supports. When creating the site in the default application in IIS for Web API, select the application pool which you have created. The above error will pop up if the application pool which you have created has a built in account selected.

For reference - go to: "Advanced Setting->Process->Identity” of the application pool which you have created. Change the application pool identity to custom account and click on set button to provide the account credentials. Once you have set the setting, refresh/reset IIS to resolve the above error.

Access Denied Error while hosting Web API

Solution
The above error will pop up if the solution directory (folder) doesn’t have required permissions.
To resolve the issue follow the steps given in “500.19 : internal server error”.

This Script will help in checking the below basic functionalities of the Bulk Servers. It will do so during Migration, Patch and Monthly Restart activities
This Script is added with the below functionalities,

• IP Capture -- >Collects the DNSHostName,Description,DHCPEnabled,IPAddress,IpSubnet,DefaultIPGateway,MACAddress,DNSServerSearchOrder for all Enabled and IP Discovered NICs
• Services Status -- >It checks all the Services Automatic set and not Stopped services and provides the output.
• Server Status –- >Checks the Servers reachability and provides the output on screen
• Server Shutdown/Reboot -- >Checks the server status and perform Bulk Shutdown / Restart at once with Event Description Keyed.

  

Output Samples

European IIS 10 Hosting

We may get the following error after publishing a website on IIS.

Parser Error Message
"Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive."

To fix it, we need to follow the below troubleshooting steps.

1. Check on which .NET version the application is developed. Let's assume, it's .NET 4.0.
   
2. Open IIS Manager and find the Application Pool, on which your website is hosted.
   
3. Go to that Application Pool and check the .NET version and change it to 4.0 accordingly by clicking on Basic\Advanced Settings.
   If .NET 4.0 is not listed, go ahead and install it.
   
4. If it still won't show up, go to command prompt and fire the below command to find a list of ASP.NET versions installed:
   C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -lv
   In the output, if .NET 4.0 is not listed, register it by firing the below command:
   C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -I.
   
5. It should show up as .NET 4.0 in the .NET Framework Version dropdown for the application pool.

   

Here, we are going to connect with the Docker engine remotely using PowerShell. For this, we can either use our local machine or a VM. Before we proceed further, make sure that your Nano Server is up and running.

Step 1 Downloading the Docker Daemon and extracting them
Create a variable that references the zip file which is in the official docker website. This zip file will have the Docker engine data that is required to create the client and server. Open the PowerShell with administrator privileges and run the below given command.

This will assign the link to that variable named,

$package = "https://download.docker.com/components/engine/windows-server/cs-1.12/docker.zip"

The next step is to invoke a web request to get the link that has been referenced in the variable called. Then, the file will be stored in a temporary storage by getting downloaded from the Docker site. For this, we have to run the following command.
Invoke-WebRequest $package ` -OutFile "$env:TEMP\docker.zip" ` -UseBasicParsing

Now, we shall expand the downloaded zip file to the programming files of our machine. For this, run -
Expand-Archive -Path "$env:TEMP\docker.zip" `
-DestinationPath $env:ProgramFiles

The final step is to create an environment variable that will add the Docker directory to the path daemon. Run the command
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\Docker", [EnvironmentVariableTarget]::Machine)

Nano Server
Now, we have finished installing the Docker (client) and Dcokerd (engine) in "Program Files" folder. Check for these inside the Docker folder.

Step 2 Creating Environment variable to connect Docker easily
Here, Docker is client and Dockerd is engine. Now, we are going to configure an environment variable that will store the DNS name of our Nano Server and connect with it. For this, run the below command.
[Environment]::SetEnvironmentVariable("DOCKER_HOST","nanoserver007.southindia.cloudapp.azure.com",[EnvironmentVariableTarget]::Machine)

Note - Replace the DNS name with your Nano Server DNS or IP.

Now, open the new PowerShell console and run the command "docker version" . This will show you the client (Docker) and engine (Dockerd). This means we have created a connection in between these two services which we have actually downloaded from the Docker website.

In this article, we will learn the most useful and powerful command line tool, AppCmd, for publishing or hosting a website on IIS. Using the AppCmd tool, we can host static as well as a dynamic website (ASP.NET Webform, MVC, Dot Net Core etc) easily.

Description
I assume you are aware of (or have knowledge of) how to Host or Publish Website in IIS using inetmgr. This will help you understand AppCmd.exe.
AppCmd.exe is the command line tool for managing IIS 7 and above. It provides an easy way to manage a website without Graphical User Interface.

Some of the things you can do with AppCmd,

• Create and configure sites, apps, application pools, and virtual directories
• Start and stop sites, and recycle application pools
• Search, manipulate, export, and import IIS and ASP.NET configuration

How to Use AppCmd.exe
The AppCmd.exe command line is built on top of a set of top-level server management objects, such as Site and Application. These objects expose methods that can be used to perform various actions on those objects, and object instances expose properties that can be inspected and manipulated.

AppCmd.exe is located in the %systemroot%\system32\inetsrv\ directory. Because it is not a path of the PATH automatically, you need to use the full path to the executable when executing commands like in %systemroot%\system32\inetsrv\AppCmd.exe list sites. Alternatively, you can manually add the inetsrv directory to the path on your machine so that you can access AppCmd.exe directly from any location.

Note
Run Command Prompt as Administrator to using AppCmd.
In this article, we learn basic command to host websites.

List all available commands and actions in AppCmd
AppCmd
AppCmd /?

From the above screenshot, it is clear that Command Prompt is run as administrator and run AppCmd which return list of supported Command.
List all hosted or published websites in IIS.
    AppCmd List Site

In the above screenshot, I have run List Site command which returns all published site with bindings and state of site e.g. Started or Stop.

Create the website using AppCMD
    APPCMD add site /name:WebByAppCMD /bindings:"http/*:94:" /physicalPath:"C:\Users\Mepani\Desktop\2018 Article\Kendo Grid" -virtualDirectoryDefaults.userName:USERNAME -virtualDirectoryDefaults.password:PASSWORD

For any website hosting we require information as above like Site Name, Bindings (Protocal, hostname), Physical Path, Credential for access or permission to folder path.
Sometimes, if you don't provide access/permission to a physical path then you might be getting Access denied error.
View Newly Hosted or published website
    appcmd.exe list site "WEbByAppCMD"

Start and stop hosted or publish a website
    appcmd.exe start site "WEbByAppCMD"
    appcmd.exe stop site "WEbByAppCMD"

Delete or remove published or hosted website from IIS
    appcmd.exe delete site "WEbByAppCMD"

App CMD Create website
In the above screenshot, we have covered all the above site commands except delete. Possible issue or challenges might be faced during command line website hosting niclude,

• Site name already created
• Port is already in use
• Bad Request -Invalid hostname

Hope you enjoyed this and learned a new way to host or publish a website using AppCmd.

The discussion is specific to IIS 7 and later versions. Let's start with version IIS 7.0. It has a built-in feature that is able to filter HTTP requests. If a request is found to have contents which are unacceptable to process the request, then it will block such request there, before proceeding to process a request by a web application. This feature is useful as a mitigation technique, for such SQL Injection vulnerabilities.

Prerequisite
At first, verify the IIS version that you are using currently. If you are using earlier than IIS 7.0, then update with the latest version before applying the following configuration.

Configuring the Request Filter
To create a global filtering rule for SQL Injection, we should follow the below steps:

Step 1
Open the run window by pressing keyboard key Windows key + R and copy and paste the following code
%systemroot%\system32\inetsrv\config\applicationhost.config
 
It will open the applicationhost.config file.

Step 2
In the applicationhost.config file, identify <requestFiltering> section. Under this section, configure for the reserve keywords or reserved special characters, like DELETE, CREATE, UPDATE, INSERT, --,',/* etc. in <denyStrings> section.
Configure the file extensions for which IIS server needs to be validated. The sample code is shown below:

Step 3

Now, to save the file, go to the File menu and choose Save option.

How  does the above configuration behave in the IIS server?

With the above configuration settings, first of all, IIS will look at each incoming request for pages with .html, .aspx, or .asp extensions, to search for specific strings in the request's Query String. If the IIS server finds the specified strings, then IIS will block the request and return a 404: Not Found page to the client.
 
If you want to add a new file extension or change the existing file extensions in applicationhost.config file, you can add/remove the required file extensions in file Extension tags which lies in the <appliesTo> section. Whatever strings you are placing in the <denyStrings> section, the IIS looks for those strings. If it finds those, then it will block the request and return 404 error page to the client. You can add a new string, remove the existing string,  or change the existing string, in the <denyStrings> section.

In fact, in IIS server, you may have hosted many web applications which are running in parallel.
 
Let's say, for one of the web applications, you don't want to deny any string for the incoming request. How will you handle such  a scenario?
 
It is very simple. Create a rule in your application's config file, for which, you want to allow all such strings. If you create a rule in the application's config file, it will override the applicationhost.config file's rule. For instance, if you want to allow the string "end" for only a few applications,  and for the rest of the applications, you want to deny such a string, then follow the below steps:

Step 1: Remove the <add string="end" /> entry from applicationhost.config file.

Step 2: Add the below code into the application's config file where you want to restrict the string "end":

Make a note --  the name for the filteringRule tag must and should be unique and it should not conflict with a name which is in the applicationhost.config file or/and the same name with any other web.config files in the path. And, it is also possible to limit the scope of filtering rules using location tags.

Procedure to check logs for SQL Injection attempts

You can check the SQL injection attempt logs in IIS W3SVC logs section. filteringRule rejects such SQL injection attempts and responds with a 404 status and with a substatus 19. You have to check these logs periodically to make sure that your rule is blocking such SQL Injections for the legitimate requests.

After the configuration changes made in the applicationhost file, if you give the followingURL request in your browser, the following output will show:

http://localhost/OWASP.UI/UnvalidatedRedirectsForwards/ValidatedRedirectsForwards.aspx?returnUrl=http://www.flipkart.com/--

Output

HostForLIFE.eu IIS 10 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.