Not sure - exceptions should stay localized to Kestrel if you are running out of process. When things 'lock up' you should check if IIS itself is dead (or the application - does it still serve static pages) or whether it's indeed the Kestrel server that's crashed and somehow hung.

IIS is supposed to detect hung Kestrel instances and automatically restart them. Other than that you can only resort to using some sort of monitoring application. I have an old application West Wind Web Monitor that I use for this sort of thing - it runs on the live server, checks URLs and when they fail notify you and also have the option of running a script or executable that can restart IIS (ie. run IISRESET). It's pretty old and looks it, but I've been using it on my servers as long as I can remember and it works great.

Hi Rick

Not something directly related to this post. I'm running a dotnet core Web API in a production and I'm struggling a big problem with unhandled exceptions crashing the whole system. I'm trying to gather logs to try fixing those problems but in the same time I want my system automatically recover meanwhile. Only IIS restart helps for now which requires me watching the system 24x7. Is there any service you can help me with that does that automatically (watch system and restart when it fails) ?

Please note that I'm now migrating to In-Process model and I'm not sure if that helps.

Thanks

@Rick Strahl, the problem of the console logger implementation is that the BlockingCollection is limited to just 1024 items. When that limit is exceeded, the Add() calls will hang there and cause the slowdown.

I run a quick benchmark by logging 10k lines with and without the capacity set on the BlockingCollection. On my machine, the result is about 8 seconds with a capacity of 1024 and 30 milliseconds with a high/unlimited capacity. Memory usage seems to be only slightly higher.

@Dean - Linux hosting is a completely different beast, and frankly I don't know enough about that to even write about it. Basically you typically will use a separate front end Web Server like nginx or Apache that proxies back to Kestrel just like the IIS out of process hosting setup.

Kestrel most definitely works on Linux with .NET Core 2.2 but there may be security issues in directly exposing a port directly (just as there are on Windows). Again not qualified to help with that.

FWIW, if you look at the recent benchmarks for TechemPower it turns out that IIS is actually making a pretty good showing for performance and in some cases is faster than Linux when serving .NET Core code which I found surprising. While Linux can be cheaper, Windows is still a viable option if that's what you're familiar with, especially on Azure which actually defaults to Windows hosting for ASP.NET Core.

@Dean Not too sure if you can use In-Process on Linux server. I also curious about that configuration. But if you use it on Windows server, I can make sure it is working fine. I have tested to deploy it on asphostportal shared hosting plan. It work smoothly.

Hi Rick, excellent post as always. Having a problem with an inProcess .NetCore 2.2 app trying to call another .NetCore 2.2 webservice, both configured with Windows authentication and running on the same physical server. The call returns a 401 not authorized. Any thoughts?

@Menahem - thank you, but to be fair to the Microsoft Docs, they are documentation/reference material, rather than detailed articles, so while this in-depth content here is very useful it's also densely packed and has a lot more information than you need at a glance. Credit where Credit is due - the docs do a pretty good job for most topics to get you up and running. For more detail, you can search out articles like this that hit the edge cases and more nuanced scenarios.

@Rick this post is miles better than the info on MSDN/ms.docs, and they get paid to do it (maybe that`s the problem). Thank you for the double distilled much needed explanation on hosting Core.

@ConversionMan - thanks, I've updated the post to the latest styling.

Hey Rick. Thanks for another great post but I think your CSS for the code snippets is a little broken.

Anyway THANKS! I came here Googling for how exactly anonymous delegates are compiled to MSIL, and as a bonus I finally understood what Javascript "closures" are 😃)) (functions bundled bundled with the "surrounding" variables and states).

All, My current client is using the WIX Toolset to create a MSI for the installation of their product. Now I have the requirement to check if IIS-WebSockets are installed - if so, enable the installation of a specific website that makes use of it.

So, sofar I found the following options:

1. use a WIX RegistrySearch to find out if IIS-WebSockets are enable or not;
2. use a WIX FileSearch to find out if the websocket.dll exists on the target machine;
3. run a PowerShell script inside WIX (silent, no UI) that determines if the IIS-WebSockets component is installed and if it is enabled or not.

Notes on number 1: until now I have found a couple of Registry keys on the web that either simply do not exist on Windows 10, or do not seem to indicate whether the component is enabled or not, so it's not very useful. To give an example: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Notifications\OptionalFeatures\IIS-WebSockets (DWORD values stay 0 regardles of WebSocket Protocol enabled or disabled).

Notes on number 2: The dll may exists on the target machine or not, but that still does not give me any clue whether it is enabled or not. So also not very useful.

Notes on number 3: This may well give me the information I need, so it sounds like the perfect option, but then the installer gets dependent on whether the PowerShell utility is installed or not.

Question is: Can you or anybody give me any advice to what my best option is in this particular case? Thanks a lot in advance for any help you can offer! Regards, Pieter

@matt - you can use the JObject/JToken collection syntax to access values by name.

How do you use the approach with dynamic when the JSON element is not a valid C# symbol? I have a bunch of code that was using dynamics, but then the format was changed such that some elements are now named things like "j=<".

@Abdou - nice hack!

my workaround and have the same effect as backdrop

.modal-backdrop { /* bug fix - no overlay */ display: none; }

.modal-dialog { box-shadow: 0px 0px 00px 1500px #00000085; }

A bit late in the game but I want to leave my experience with CORS and .Net Core in combination with IIS/IIS Express.

So the behaviour I got was that the OPTIONS call performed by Firefox (in my case) returned without any Access-Control-* headers. And thus the browser rejected to perform the CORS request. I'm running .net Core (3.0 preview8) on an IIS Express instance with windows authentication.

The thing is that when you enable windows authentication in your IIS setup any options call get bounced because the browser (in my case Firefox) does not add the authentication header to the request.

The quickest way to get this to work is to allow anonymous access to your site. Or setup IIS to accept anonymous calls when the OPTION verb is used

Hi, Rick, First I really appreciate your detailed instruction on how to get text/plain posted to mvc route, which resolves half of my issue. But my second half of the puzzle is that I need to use Route("") for my Controller to get the posted text from the root path /. When I deploy the app to AWS Lambda I always get a response {"message": "Missing Authentication Token"} when I tested with Postman but I did get correct response on AWS API Gateway. I wonder if you have come across anything like this before.

Thanks again for sharing this article.

@Fallon - yes I struggle with DI a lot to this day. It's great when you use use it within a framework that supports like MVC and the Web bits. Even then there are lots of sticking points - for example, try retrieving route data as part of a middleware component... it's a hierarchy of pain you have to set up to make that work when a simple object property on a well exposed object would do the trick.

It's also difficult if you're dealing with IMHO badly designed components like Entity Framework Core which provide ONLY DI based configuration. The hoops (and overhead) you have to jump through for making DI work if you want to use it outside of a framework that supports DI is crazy.

So yes, I have my reservations too. It's elegant until it's not. A lot of this feels like over-engineering applications to the point of obfuscation where it actually becomes much harder to reason about how something works because of all the layers of indirection.

But alas - progress...

You said, "I've been a late starter with Dependency Injection and I still don't think naturally about it".

I'm in the same boat! The service locator pattern feels more natural to me, but I'm open to learning how this works, but most tutorials leave me cold, or more likely, I'm just not focusing as much as I should.

I can use it in controllers, etc, but using it outside of MS provided cases, generally leads to frustration, so I sympathize 😃

BTW, LOVE your markdown editor!!!

Once again, a blog post by Rick Strahl's saves my day! Thanks for documenting this.

Hi,

We have following in our code and it was working fine when testing locally. But now we have added a new field in header which is resulting in error 'Access to XMLHttpRequest at from origin 'http://localhost:8181' has been blocked by CORS policy: Request header field is not allowed by Access-Control-Allow-Headers in preflight response.'

                allowedDomains = new[] { "http://localhost:4200", "http://localhost:3000", "http://localhost:4000", "http://localhost:8181" };

                options.AddPolicy("CorsPolicy",
                builder => builder
                .WithOrigins(allowedDomains)
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials());

Any idea what may need to change now?

Thanks for this article, but i'm getting bizarre behavior on this. Unless I set a breakpoint in the debugger, my static Current is null. IF I set a breakpoint in the debugger on the Controller constructor, and just press run again, the Current static is properly set! So, unless I set a breakpoint and hit it, the code throws a null reference exception (VERY bizarre).

Why would you have to set a breakpoint for code to work or not? LOL

Even further, when I set a breakpoint in the AppConfig constructor, it never hits (even though the AppConfig object WAS created on binding!)...

using System; namespace SimpleRESTServer.Models { public class AppConfig { public static AppConfig _current;

    public AppConfig()
    {
        _current = this;
    }

    public string DBConnectionString { get; set; }
    //public string Email { get; set; }
    //public string SMTPPort { get; set; }
}

}

and startup.cs: // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        services.Configure<AppConfig>(Configuration.GetSection("AppConfig"));

...

and

PersonController.cs: private readonly IOptions _appConfig;

    public PersonController(IOptions<AppConfig> cfg)
    {
        _appConfig = cfg; // <-- I MUST SET A BREAKPOINT HERE for the _current static to be set properly! (bizarre)
    }

If you just run without setting and hitting a breakpoint in the debugger on that line, the program (API) NEVER initializes _current. If you just set a breakpoint, hit it, and continue, _current is set just fine. Me thinks this is some kind of bug in the core?

@Michael - nice

I found this article useful, but I already had another method of achieving the same result.

However, I wanted to provide what I changed to make the script above 'less redundant'

# This script installs IIS and the features required to
# run West Wind Web Connection.
#
# * Make sure you run this script from a Powershell Admin Prompt!
# * Make sure Powershell Execution Policy is bypassed to run these scripts:
# * YOU MAY HAVE TO RUN THIS COMMAND PRIOR TO RUNNING THIS SCRIPT!

Set-ExecutionPolicy Bypass -Scope Process

# To list all Windows Features: dism /online /Get-Features
# Get-WindowsOptionalFeature -Online 
# LIST All IIS FEATURES: 
# Get-WindowsOptionalFeature -Online | where FeatureName -like 'IIS-*'

$List = @( )

$List += "WebServerRole"    , "WebServer"       , "CommonHTTPFeatures"     , 
         "HTTPErrors"       , "HTTTPRedirect"   , "ApplicationDevelopment" | % { "IIS-$_" }

$List += "NetFX4Extended-ASPNET45"

$List += "NetFXExtensibility45"     , "HealthAndDiagnostics"        , "HTTPLogging"            , 
         "LoggingLibraries"         , "RequestMonitor"              , "HTTPTracing"            ,
         "Security"                 , "RequestFilgering"            , "Performance"            , 
         "WebServerManagementTools" , "IIS6ManagementCompatibility" , "Metabase"               ,
         "ManagementConsole"        , "BasicAuthentication"         , "WindowsAuthentication"  , 
         "StaticContent"            , "DefaultDocument"             , "WebSockets"             ,
         "ApplicationInit"          , "ISAPIExtensions"             , "ISAPIFilter"            , 
         "HTTPCompressionStatic"    , "ASPNET45"                    | % { "IIS-$_" }

Get-WindowsOptionalFeature -Online | Select FeatureName , State | Sort FeatureName | % { 

    ForEach ( $i in $List ) 
    { 
        If ( $i -eq $_.FeatureName -and $_.State -ne "Enabled" ) 
        { 
            Enable-WindowsOptionalFeature -Online -FeatureName $i 
        }
    }
}

# If you need classic ASP (not recommended)
#Enable-WindowsOptionalFeature -Online -FeatureName IIS-ASP


# The following optional components require 
# Chocolatey OR Web Platform Installer to install


# Install UrlRewrite Module for Extensionless Urls (optional)
###  & "C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd-x64.exe" /install /Products:UrlRewrite2 /AcceptEULA /SuppressPostFinish
#choco install urlrewrite -y

# Install WebDeploy for Deploying to IIS (optional)
### & "C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd-x64.exe" /install /Products:WDeployNoSMO /AcceptEULA /SuppressPostFinish
# choco install webdeploy -y

# Disable Loopback Check on a Server - to get around no local Logins on Windows Server
# New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType dword

At any rate, I didn't change much beyond the main block, and when testing, it does appear to have an issue being able to pull from a management tool or parent feature, so I may get around to fleshing it out a bit more... I just liked what I saw, it's a lot like the version I put together ... (this script does far more than just setting up IIS... which is around the line '1882' mark )

https://github.com/mcc85s/PSD-Remaster/blob/master/Install/Provision-Hybrid.ps1

It's in a section where adding a BITS/IIS server is an option... bears a lot of similarities to what you have here, but, goes in far more depth.

Still, I learn things when I see how other people approach similar tasks. So, kudos for making this... and feel free to use anything you see from my end.

-MC

Thank you Rick! This article was a HUGE help. You confirmed several things I had suspected. The detailed explanation is really appreciated.

Hi Rick,

thank you for this post. I have to agree with Terry in that the Throttle function does not behave as described. Even with his fix, if the function is called very often in a very short timeframe or bad timing, no events at all will make it through because the timer will be killed by the next call.

Good article. It appears they tried to away with this hosting process in VS 2017

https://docs.microsoft.com/en-us/visualstudio/debugger/debugging-and-the-hosting-process?view=vs-2019

But, I'm noticing my bin/ folder still has the additional "vshost.exe" being created

Good article. It appears they tried to away with this hosting process in VS 2017

https://docs.microsoft.com/en-us/visualstudio/debugger/debugging-and-the-hosting-process?view=vs-2019

Hi. Why is the dotnet.exe needed for In-Process hosting? What is it doing? Our best guess is that it runs briefly to provider some glue between the worker process and the app code. But we can't ever see it doing anything and it certainly doesn't persist as a process. It is confusing to know that it is needed for in-process, but only actually runs (persistently) for out-of-process hosting.

This post is the cononical one on this topic, btw. Thanks!

Hi Rick, If I want to block any interceptor like Charles, Fiddler etc in WCF Rest api (wshttpbinding), How can i do that?

I've been suffering from this problem for a few days now. I've tried everything until I found this and other paper indicating the need to use the [EnableCors] annotation on the controller. Before doing that, I was still receiving the CORS error despite all my efforts. Thanks a lot.

@Abhitalks - .NET Standard is only supported in the new .NET SDK projects. If you use classic projects there's no support for .NET Standard and I bet that's what the problem is. Using MVC with SDK projects maybe isn't the best idea though as there are some hassles you have to deal with. It's not designed for it but it works if you're willing to work around the quirks. Here is some good info: https://stackoverflow.com/a/49655107/11197

Still that's something you can do only on a per request basis, not globally - so it would require a module to look at every request to re-route the request handler. The original article's point was at dynamically adding a handler into the pipeline so it fired in the same way you can dynamically attach a module in your Application_Start() handler.

Thanks Rick for this post. I have been struggling with this for some time now. I created a .Net Standard Library targeting only .Net Standard 2.0. Now when I try to use this in my ASP.Net MVC app on Full Framework 4.8, the app breaks on everything MVC! Unless I add an assembly reference to netstandard in compilation node under system.web in web.config; it doesn't work! I was under the impression that a netstandard library would just work as-is anywhere it is supported, which should be true for 4.8?

Got it to work with just z-index. .modal-backdrop { z-index:9 !important; } And in the definition of the modal: style="z-index:10" It looks like any numbers will work as long as the backdrop z-index is less than the z-index of the modal.

same, but in one line:

var jsonFormatted = JsonConvert.SerializeObject(test, Formatting.Indented)

I suggest you to consider asynchronous logging. I made several benchmarks here, which shows, that in the most cases non-blocking tracing has the same speed with no-op log methods calls (e.g. just call method of Logger, which is disabled for now).

Mistakes were made.

Thanks Rick! I found your article after I noticed my 4.6.1 application was "magically" referencing a Net Standard assembly from one of our internal Nuget packages. We added NET461 to our TargetFrameworks and this resolved the issue for us.

This reminds me of compiling configuration into an assembly. Hopefully, the Nuget team will change the default to explicitly let you know what is going on.

@Clark - Custom converter or perhaps a custom model calculated property that performs that calculation based on a property change of the dependencies.

I think it's good practice to multi-target, but if you're going to do that I wouldn't target 4.7.2 (unless you actually need new features from that) but target 4.6 or even 4.5 to make your libraries usable by lower versions of .NET. That's where the value of multi-targeting lies because if you use 4.7.2 or later anyway then you can use the .NET Standard target and it works without further dependencies.

The reason to multi-target with full framework targets is two-fold:

• Support pre-4.7.2 versions
• Support .NET Framework only features not in Standard

The latter will be specific to the full framework targets, but sometimes that's useful. For example, Westwind.Utilities is an old lib so it has a few Windows specific utilities and those continue to work in the full framework target but not in .NET Standard so that multi-targeting may make sense even when using 4.7.2 or later.

Hello, still not real sure what is best for hosting .net core 2.2 on linux? Can one use the In-Process on linux? Kestral does not even seem to be working on linux with 2.2. Any help would be appreciated......Thanks,

Out of habit our team has been Multi-Targeting ALL of our newly created .NET standard class libraries. All of our .NET framework projects are .NET 4.7.2.

After reading (the first part) of this post, am I correct in thinking the Multi-Targeting is actually unnecessary (provides no benefit) in the above cases?

As a side note although these project types are compatible, the .NET 4.7.2 projects should be using PackageReference rather than packages.config - otherwise (like us) there will be a world of pain with transitive dependencies not pulling through from the .NET standard projects to the consuming .NET framework projects.

During our slow shift towards .NET standard we have faced compatibility issues (like above) where a fair amount of guess work and trial and error was used. Hence why we have just been assuming we need to multi-target AND shift to PackageReference.

I guess we will eventually need to go back and tidy up our .NET standard projects to not be multi targeted eventually..

A converter that would bind the Count(Where=> MyProperty1 > 21 && AnotherProperty = false)

so how would i be able to implement this ?

DateTimeOffset never appealed to me either but I think the main advantage is the arithmetic operations that DateTimeOffSet brings, can easily add/subtract DateTimeOffSet from different timezones. Whichever way you go (DateTime vs DateTimeOffSet) to have the perfect scenario you need to get the user TimeZone and convert. With DateTimeOffSet even if you don't implement TimeZone conversions, if you implement request localisation you get a pretty good package out of the box (UTC stored in db based on Accept-Language) and can add TimeZones for db save and display at a later stage

System.Web.Hosting.HostingEnvironment.InitiateShutdown()

Seems like a more modern & better alternative to UnloadAppDomain() (which force-terminates everything immediately)

@ThePukeOne - Translation: It'll never happen 😃

@TehWardy - As a protection strategy from malicious sites it's worthless. It only provides value to the host site from protecting itself and the client code from accessing resources it's not supposed to. It's a very limited security feature and I agree - it's mostly worthless in that it gives people who don't understand what it actually does a false sense of security that's not actually there.

Well, in 2019, xsd.exe still can't read import element... Microsoft

Rick,

I am not sure what happened to my previous post. But, I am trying to have this installed on Windows 10 desktop for developers. Default it is going to be installed on C drive. Now, with the C drive being a VDISK and if it is locked down that users cannot make changes, will it affect in anyway if they have develop the websites and put it in InetPub folder in D drive? Next, I also got a script from this Microsoft link which be used to automate the relocating of the Inetpub contents, and will leave the existing directory structure untouched. Will this affect your installation in anyway? I am going to build a new Windows 10 box with C drive and D drive and I am going to run your script to install IIS and also I am going to run this script to see how it goes.

https://support.microsoft.com/en-us/help/2752331/guidance-for-relocation-of-iis-7-0-and-iis-7-5-content-directories

Rick,

Thank you so much for all of your posts!

You have helped me tremendously, with your concise explanations and cogent, clear tips!

You have saved me so much time.

Thanks, Sam