CTA Logo
What We Do

CTA Development › Topics


CTA Engineering



Case Studies

CTA Development



Solution Profiles

WaveCS Services

GSA Information

Labor Rates

Labor Categories



IIS v6.0 Overview

IIS 6 ships with Windows 2003 Server. It is available on the Enterprise, Standard and Web Server versions of Windows 2003. Unlike previous versions of Windows, it is not installed by default. In fact, for security reasons, even after installing IIS, it is initially configured in "locked" mode. This means that it only dispenses static pages. Any requests for dynamic pages (e.g. ASP, ASPX or CGI scripts) will result in a 404 error. To enable the various dynamic aspects of IIS 6, use Control Panel, Add Remove Programs, Add/Remove Windows Components.

IIS 6 now stores its configuration in XML configuration files. This makes the backup/rollback process much easier and also now allows easy changes through Notepad a reality. It is still backward compatible with IIS 5.0 ADSI API calls.

IIS 6 has a kernel-mode HTTP.SYS driver. Kernel mode means that is runs closer to the operating system and makes IIS less susceptible to HTTP denial-of-service attacks, improves performance and provides better quality of service support when hosting multiple web applications.

Perhaps the most significant enhancement is the something called Application Pools. Pooling means that a single process (think program or an executable) is used to execute multiple web applications. This is nice as it saves memory on the server and can speed up the code's execution, but if something unexpected happens (memory leak, denial-of-service attack, or certain types of unhandled exceptions), the whole process can crash, which causes it to be restarted. Any applications then running in the pool also get restarted. If your session state is stored "InProc", or In Process, which is the default in ASP.NET and the only choice for ASP, you will lose your session variables when your application is restarted.

ASP and most CGI applications running under IIS 5 had very little control over how application pooling worked. ASP.NET applications provided us much better pooling, but it was done inside the CLR (Common Language Runtime) within the .NET Framework. With IIS 6, the web server again gains control of the pooling. This gives administrators and developers more fine-tuned control over which ASP, CGI and ASP.NET applications can be pooled together (meaning they play well together), and which ones should be kept separate (meaning they don't). For backwards compatibility, you can also enable IIS 5.0 isolation-mode to retain the IIS 5 pooling behavior.

Due to the new pooling implementation, you'll see a new process called W3WP.EXE hosting your ASP and ASP.NET applications. This is the web worker process that is used to host each application pool and replaces the aspnet_wp.exe that was part of the .NET Framework. Using IIS 6, you have a great deal of flexibility as to how this process can be recycled (restarted) such as specifying the number of minutes, number of requests, amount of memory consumed, even specific times of the day. By default, IIS 6 will even "ping" the worker process periodically to make sure it is still alive. The goal here, of course, is to ensure IIS 6 delivers the most robust web application environment Microsoft has ever shipped.

One last point to make…as you might expect, the W3WP.EXE process does not run under the ASPNET local account. Instead, it runs under a special built-in group called Network Service. This becomes an issue for those who use Integrated Security when connecting from your ASP/ASP.NET application to SQL Server. In this case, make sure the Network Service built-in group has login and database user privileges to your SQL Server.