i just have read an interesting article. Basically it says, you should fine-tune IIS settings for every application in 2 ways:
Well, i develop ASP.NET for some time now, even at work, and we never ever have done this on production environment afaik. I understand the theoretical advantages presented - minimizing "surface" of application (security), and improving performance. But I am really curious, if you do this in real life (real projects for your customers, not proof-of-concept projects). What are the downsides of this (maintanability maybe?). And most important question - is it worth it ? Is, for example, the performance gain even visible ?
In addition, if you consider this a good practice, please present some good and consistent way (or point me to tutorial), how exactly you do this process - how you decide what stay and what to remove.
For example, what is minimal but working set for ASP.NET MVC 3 application, which uses custom authentication (session based, not relying on Forms auth, Windows auth etc.), no webservices and similar features ?
EDIT
I have found this article : http://madskristensen.net/post/Remove-default-HTTP-modules-in-ASPNET.aspx
In it, Scott Guthrie says:
In general you can get some very small performance wins using this approach - although I'd probably recommend not doing it. The reason is that some features of ASP.NET (forms auth, roles, caching, etc) will of course stop working once you remove the modules they depend on. Trying to figure out why this has happened can often be confusing.
But still no measurments, practices (i am not really convinced by "you can be surprised later" argument :)
An ASP.NET HTTP handler is the process that runs in response to a request that is made to an ASP.NET Web application. The most common handler is an ASP.NET page handler that processes . aspx files. When users request an . aspx file, the request is processed by the page handler.
Modules are called before and after the handler executes. Modules enable developers to intercept, participate in, or modify each individual request. Modules implement the IHttpModule interface, which is located in the System. Web namespace.
IIS seems to be an application that listens for incoming connections, parses the data sent there as HTTP requests, and maps request urls to directories based on a site an application and a virtual directory , and then does something based on the file present (or not present) on that location.
<modules runAllManagedModulesForAllRequests="false">
<!-- disable authorization section -->
<remove name="UrlAuthorization" />
<!-- disable unused authentication schemes -->
<remove name="WindowsAuthentication" />
<remove name="PassportAuthentication" />
<!-- disable ACL file and directory check -->
<!-- <remove name="FileAuthorization" /> -->
<!-- We don't use ASP.NET Profiles -->
<remove name="Profile" />
<!-- We don't provide any WCF service -->
<remove name="ServiceModel" />
<!-- Remove modules not used by ASP.NET MVC + jQuery -->
<remove name="ScriptModule-4.0" />
</modules>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With