Application Security Testing: An Integral Part of DevOps
As a Web-hosting provider, I'm always trying to keep up with the latest technologies while simultaneously supporting older technologies. In the case of ASP.NET, the majority of my clients use 1.1, but some are starting to dabble in 2.0 as well. I've discovered that supporting both versions on the same Windows 2003 machine requires a few steps.
The first thing you need to do is install the .NET Framework 2.0 on your Web server. You can obtain the redistributable files from Microsoft's Web site for free. They currently have 32-bit and 64-bit versions available, as well as a separate version for the IA64 platform. Be sure to get the right one, based on the version (32-bit vs. 64-bit) of Windows 2003 you're running.
During the install, you'll have the option of switching any existing Web sites to the .NET Framework 2.0, which I would not recommend doing right away. Switching an ASP.NET 1.1 site to ASP.NET 2.0 will cause the site to run improperly, as the versions are quite different from each other.
Once you've installed the framework, open the Internet Services Manager in the Administrative Tools menu group. You need to complete the following three tasks to configure an application for the .NET Framework 2.0:
- Create a new application pool to isolate .NET Framework 2.0 applications from .NET Framework 1.1 applications. You can use the settings from the default application pool for starters. In my servers, the pools run under system authority because each Web site is isolated using separate security accounts. However, you may want to use a lower authority level.
- In the properties for a site running the .NET Framework 2.0, change the application pool to the new pool you created. Use the Home Directory tab of the properties dialog for the site you are changing.
- On the new ASP.NET tab, select 2.0. This will change all the extension mappings to use the 2.0 equivalents for processing .aspx and so forth. The ASP.NET tab is added to the Internet Services Manager when you install the .NET Framework 2.0 on your server. If you don't see that tab, try rebooting or re-installing the framework.
After you've done these steps, you may get the dreaded red Server Application Error message because .NET gets very fussy when you try to run both ASP.NET 1.1 and ASP.NET 2.0 sites in the same application pool. It typically will show this message if you've missed one of the steps above or if someone tries to load a site while you're making the setting changes. The easiest solution is to run iisreset from the command line.
About the Author
Eric Smith is the owner of Northstar Computer Systems, a Web-hosting company based in Indianapolis, Indiana. He is also a MCT and MCSD who has been developing with .NET since 2001. In addition, he has written or contributed to 12 books covering .NET, ASP, and Visual Basic.