Uncrippling Windows XP's IIS 5.1

Scott Mitchell says the best new ASP.NET feature in VS.NET 2005 is the integrated webserver. I agree. No more ditzing around with annoying IIS dependencies and install issues: aspnet_regiis, anyone? Tight coupling of VS.NET to IIS is also number three in K Scott Allen's worst of the .NET 1.x years. Good riddance IIS, hello Son of Cassini!

This is a companion discussion topic for the original blog entry at: http://www.codinghorror.com/blog/2005/06/uncrippling-windows-xps-iis-51.html

There’s also a tool on codeproject to do it. Haven’t tested it but they reckon they based it on IISAdmin and made it better - http://www.codeproject.com/csharp/IIsAdminNet.asp

Or, iismultiplex, which someone recommends in a message on the IISAdminNet page - http://www.codeproject.com/csharp/IIsAdminNet.asp#xx1138522xx

Wish I had’ve seen these before i hand rolled my own bodgy hack solution :slight_smile:

bank’s web application was programmed to use root or admin level access for everything?

I guess I don’t see a big disparity between testing with ASP.NET running as admin on localhost, then deploying to a server where ASP.NET runs as a less privileged account.

Note that I’m not ADVOCATING this per se, but if Cassini and the VS.NET 2005 embedded webserver implementations require admin as you say, I think it’s a reasonable tradeoff to get rid of the IIS dependency which is an ongoing PITA.

I hear what you’re saying, but is security really such a big deal for a web app that’s going to run 100% server side? To me, that’s more about validating input and making sure your host IIS/windows is hardened.

I think the “run as limited user” functionality in VS.NET 2005 is far more important and useful. As it stands in 2003, it’s nearly impossible to test limited user rights (eg, limited framework permission) scenarios.

One tip. Don’t forget to enable INTEGRATED AUTHENTICATION for any websites you’re debugging at the root via VS.NET 2003. This is standard, of course, but for some reason, I was getting a really cryptic error when trying to do this via localhost, so it was hard to tell what was wrong.

Here’s how I solved the problem.

Bought a workstation with 2 gigs of ram.

Installed VMWare Workstation.

Installed W2003 Server Enterprise in a virtual box. Put SQL Server Reporting Services in there, too. Found other uses for this, too, like having a place for VS Studio 2005 beta.

Even did this on my laptop (1.5 gig).


There are several alternatives on the net for adding sites to IIS on XP, all seem preet much equal in features and all are free:

Having no preference I use the one I found first.

Correct link for XP Pro IIS Admin is:

That util also provide automatic setup of some asp scripts at your local web server and some other features.
Next version will support “hosts” file. :slight_smile:

Even better: get rid of IIS and install Apache+mod_mono in Linux. That’s what I use to run my blog directory and it works wonderfully!


XP Pro IIS admin with hosts file support has been just released.
you can check it here:

Major updates: Windows vista support, hosts file management, using hosts names in addition to localhost and port value other then 80 support on local websites.

when I go to enter the —adsutil set w3svc/MaxConnections 40—,
I get an “error trying to get the object: w3svc”. It worked fine on one xp system, but the one I really want it to work on gives the error. Anyone seen this?

Thank you very much for the tips.

I have applied the setting recomended above.
They work but i am still not satisfied because my client can only afford to run the production app on an XP license. I am so desperate that i am thinking of configuring multiple 3 or four XP boxes as web servers and assigning different web clients to different servers.

Cassini is a horrid way of doing any serious web development work.

It’s great for a quick start server or for the hobbyist, but if you are billing someone for web development or building something for yourself that makes any use of user authentication, multiple sessions or requires high levels of availability then you’re going to only hurt yourself persisting with Cassini.

or you could just use apache.

none of the limitations from iis


it would be nice if the unix geeks could resist with switch to apache comments. you’re not helping.

I’m not a unix geek, but I use Apache on a Windows XP box, and none of the limitations of IIS 5.1. :o)

But if you want ASP, you have to grab one of the ASP on Apache ports, though I’ve never used them (php for the win!), I’ve read that some of them work fine.

DUDE! The link on how to create new websites from the command line totally saved my bacon. THANKS!!!

I wish people would stop promoting Cassini as a solution. It’s utterly inappropriate for development. Cassini runs as an interactive user process not as a service under a specified service account. This makes building anything with security in mind very difficult and sometimes impossible. If you do attempt to build a secure application using Cassini you run the very great risk of writing extra code that is unnecessary for your production environment.

BTW, the minimal webserver included in VS 2005 runs into the same problems. Microsoft has not solved the problem of ASPNET development on XP Pro.

Would you be okay if you knew your bank’s web application was programmed to use root or admin level access for everything? Security is very important for a server application.