Category nameļ¼šIIS

How-to enable large file uploads in IIS7

We have migrated from IIS6 to II7 and today we had some problems with large file uploads which we didn’t have with ASP.NET on IIS6. The web application was already configured to allow large file uploads:

<system.web>
    <httpRuntime maxRequestLength=”153600″ executionTimeout=”900″ />
</system.web>

So WTF is happening? Well IIS7 request filtering was kicking in and we needed to configure it and this can be done too in the web.config:

<system.webServer>
    <security>
        <requestFiltering>
                <requestLimits maxAllowedContentLength=”157286400″ />
             </requestFiltering>
    </security>
</system.webServer>

But this still didn’t work for us because the default permission in IIS7 is that applications are not allowed to alter this setting. Configuring the setting with appcmd on an elevated command prompt made it all work again:

appcmd set config "wms/wmsdev" -section:requestFiltering -requestLimits.maxAllowedContentLength:157286400

Be aware though that maxRequestLength is specified in kilobytes and maxAllowedContentLength in bytes.

Low privileges IIS Application Pools

When you want to create a new application pool you probably want to do this to create an application pool with least privileges for the application that you are going to run with it.

This article describes how to create a user account for use in an IIS application pool. This article is useful when you get one of the following messages:

  • The identity of application pool is invalid, so the World Wide Web Publishing Service can not create a worker process to serve the application pool. Therefore, the application pool has been disabled.
  • The identity of application pool, is invalid. If it remains invalid when the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.

User account

There are two accounts types:

  1. Domain accounts
    • Useful when you run a web application on server A but it needs to access resource on another server within the domain. This account type can be created with the active directory users and computers management console on one of the domain controllers in your domain.
  2. Local accounts
    • Useful when the application is only needs access to local files or/and accesses resources out-side of the domain with its own credentials.

Create the account

  1. Create a user account and store its (complex) password at a ‘well known’ but secure location.
  2. Remove it from the User group.
  3. Add the user account to the IIS_WPG (IIS Worker Process Group) group on the web server where you are going to run the web application.

Application pool

  1. Launch the IIS Manager
  2. Add an application pool
  3. Change the application pool and specify its identity by entering the newly created account.

File system

The application pool probably needs read and or write access to the file system at the location where the web application is deployed. Give the account read access to the root of the web application folder and only ‘modify’ rights to folders where it is actually needed. No need to use ‘Full control’ rights at all.

Incorrect ‘Google’ hits

At some sites people mention that the user account needs to be part of the ‘Act as part of the operating system’ policy but this is NOT necessary.

Finished

You can now test this new application pool with a (new) web application.

  • Recent Posts
  • Recent Comments
  • Archives
  • Categories
  • Meta