Very useful Rick! For some reason IIS does not come as standard with the very useful feature to import an application as a ZIP file and Microsoft make it super hard to find the link to download that add-on. It forces you to first install the "Web Platform Platform Installer Platform" or something, and then find an obscure link. I'm guessing that can't be done from PowerShell, but it sure would be useful.
@John - Agree 100%!
It feels like we're in perpetual preview at least in regards to the tooling. Tooling is the front facing thing nearly every dev works with and needs for high productivity (good tooling can bring the shine out on your framework). If they can get this stable and alleviate a lot of the manual interventions it will help tremendously.
I cannot overstate this, poor tooling is a enormous time suck.
@Daniel - .NET Core is definitely not ready for production. This is a preview and there are lots of things that are still being fixed and worked out. If you're using Visual Studio the tooling is absolutely terrible at the moment - in a lot of ways your better of using VS Code and compile and test from the command line.
Definitely wait until Microsoft gets to Release Candidate before doing anything for production.
.NET Core 1.1 is pretty stable for what I've used it for so far. But again the tooling is in a terrible state - it's way more work getting anything done as VS Code lacks many IDE features and Visual Studio constantly locks up or crashes for me. So coding productivity is way down for me.
I'm still in a holding pattern personally. If I need to get something done today I continue to use MVC 5.
I'm curious, how do you feel about using .NET Core 2.0 in production? do you feel that it is stable enough to be production ready? If not, what about .NET Core overall?
I love how your articles cut through all the Microsoft hype and depict the "real" status of Visual Studio and .NetCore. Microsoft was obviously more focused on putting something together for Build 2017 than product stability and new developer adoption. To me, this strategy only serves to be counterproductive and turns new developers off. But hasn't this always been the culture at Microsoft?
Thanks again for another great article.
Lastly, I don't know how you keep up will all this stuff, but you're definitely one smart surfer dude! 😃
Windows 10 Creator's Update just wiped out an ext4 partition it had no business touching. MS must be investing in Chinese flash, because trying to keep Windows 10 current on my Kangaroo (2GB RAM and a 32GB eMMC -- reduced to 25GB for Windows) is an almost herculean and unending job which writes many gigabytes of data over and over again to my eMMC -- often, the same download it just failed to install. Even if these problems are much worse trying to keep Windows 10 working with close to the minimum hardware specs, they are so far beyond what most end-users can deal with that I boggle that there haven't already been bad repercussions for MS.
I've just about had it with the investment of time required to keep my Kangaroo dual-booting Windows 10 and Porteus, and Porteus runs very well on my Kangaroo. Windows has easily done an order of magnitude more writing to the eMMC just trying to keep the OS current than using and updating Porteus! I want to keep Windows 10, but not if I have to devote an entire weekend every few months trying to cope with its redos. It's gotten beyond ridiculous; if MS' update process were flawless, it would be bad enough, but it has proven everything but -- I've had to resort to manual updates, because MS' diagnostics and proposed solutions just result in repeated, enormous downloads of updates which then fail to install. The eMMC fills up and MS' update and cleaning utilities -- all of them -- fail to deal with the problem. I was forced to reinstall all my applications and replace my files because the last update simply refused to retain them; the problem is attributed online to a change in language, but this device came with Windows 10 Home with US English and nothing has been changed in its region or language settings.
I am more computer-literate than at least 99% of the population; I can ditch Windows 10 and still have a very capable device. End-users of low-end hardware with Windows 10 must be shoving it in drawers, selling it, or discarding it, because Windows 10 cannot be updating on much of it!
Is there an option to detect if an extension is already installed? If we pass the uninstall flag, and the extension is not installed already, it will throw an exception / installer will fail
Well, ASP.NET Core 2.0 RTM will target .NET Standard 2.0 so this will change soon.
So, looking at this, we could either worry about the packet sizes, or possibly include some type of additional parameter in the request to tell the server to only send back a small sample size that is within the bounds of the packet size you are looking for.
This will not work on static pages of course, however dynamic pages could take a query string or body parameter that tells the server that you are merely testing uptime, at which point the server can send back a handshake that confirms that it is alive..
That way, you minimize the traffic on the wire. This could be done in some form of base page that all of your other pages inherit from or reference in some way that listens for this parameter and automatically writes a simple response and closes the response at the application layer.
Realistically, if you are writing a generic monitoring tool, you might not be able to enforce this, however, if you are writing one just for your own purposes, this might be an easy way to accomplish your goal.
I was trying to disable the resize on a click event! it didnt work! Could you please help with this??
Hello Rick -
I've followed your guide and publishes ASP.NET Core applications on IIS. They works fine. Expept for a detail. The application that runs behind IIS returns Context.Request.Path as null. Do not happend in a development environment. This breaks the applications with Localizatiion techniques.
I would like to ask you if there is a solution so that from IIS Context.Request.Path does not return null, or have an alternative.
Hello Rick -
I've followed your guide and publishes ASP.NET Core applications on IIS. They works fine. Expept for a detail. The application that runs behind IIS returns Context.Request.Path as null. Do not happend in a development environment.
This breaks the applications with Localizatiion techniques.
Behind IIS the parameter returnUrl is null -
As always... you're the man. I can't even count how many times you've helped me out over the past decade or so. If I ever find myself in Hawaii, I shall hunt you down and buy you a coffee/beer/scotch/whatever. Thanks for everything you post.
@Heiko - yes you have a very good point and I think, Microsoft is starting to realize that the way the current deployment model works (in ASP.NET Core 1.x) really sucks.
In .NET Core 2.0 things clean up a bit and the footprint gets a bit smaller. They are also going to support pre-installed runtimes that can be shared so you're not deploying all the plumbing over and over and allow that as an option. I was never clear why this hasn't been the primary delivery vehicle.
Having multiple side by side frameworks installed at the system level and then having the application specify which runtime to use makes perfect sense to me, but for some reason this is not how it works today. I believe the plan is that with 2.0, this will be a supported path and hopefully it'll be the default path, with the remaining option of dropping everything into a folder and running 100% self contained.
But I can totally agree with the assessment that .NET Core is a heck of a lot harder to manage than a System.Web ASP.NET application which deploys with hardly any extra foot print besides your application. I really hope Microsoft will make this work again with .NET Core and I think they will.
@Joseph - AFAIK IIS should automatically forward all headers and add proxy headers. If not I would consider that a bug.
I don't think you can use rewrite for that if you are using the ASPNETCoreModule because it bypasses url rewriting for what it matches. The only way that would work if you completely take the module out of the equation and just forward the calls using IIS Rewrite directly.
I don't think you can target class libraries to netcoreapp2.0? Haven't tried that and not sure if that would work or not. Either way the settings I show are what the tooling sets up in Visual Studio - there's no option in VS to select netcoreapp for class libraries or netstandard for the host console app.
Again - this makes my point: The fact we're even discussing this is a major failing point.
Either way - I think you definitely want to target .NET Standard in class libraries so the libraries will potentially work on other supported platforms. If you target netcoreapp you'd be tied to that specific version of .NET Core, which I suppose is the reason you specify that on your host application - somewhere you do need to pin the actual framework to a concrete implementation and I guess netcoreapp2.0 is exactly that.
With respect to the different targets, aren't you overcomplicating things anyway by having the host app be netcore and the library netstandard. There should be no reason you can't have both be netcore, unless you plan on sharing the library among other non-netcore users.
How do I have IIS forward custom headers to Kestrel? My application expects some custom headers when running behind a reverse-proxy that it uses for re-writing URLs that it sends back to the client, etc. Do I just use the rewrite module for that?
Thanks, the pain points were enough to convince me that, this time, I won't be an early adopter!
.NET CORE || WebApplications -> I dont understand what Microsoft want to reach with that techniques...everything is getting harder, bigger & slower??
I create big websites with about 100k customers per site. The customers pay big amount for using this sites. The only thing that is interesting is that the sites are fast, secure and that is running on every browser/System/Network.
If u today create a so called Webapplication - there are so many libraries wich u need - so an empty Project has a size about 30MByte - all things u have to manage if something goes wrong. A normal Website created by Visual Studio 2008 has a Size of 500Kbyte -> and u can do everything with that libraries.
Also compare the running-times of Visual Studio 2015 & 2008 -> that is ridiculous. I want to make my work and not want to deal with Microsofts "Inventions" that nobody needs...
Why Microsoft tries to integrate the Compiler & Webserver into the Web-Applications? That is unprofessional - in our firm we have specialists who controlled their own sector - Website, Server, Network, WCF Services and so on....
@Johann - sure, but many applications need to support open access. If you have an open API that is to be consumed from many clients you need to have any origin.
If you can crank it down - by all means do, but that doesn't invalidate the need for having * accessibility.
That was of great help! I struggled a little with how to find the name of the .exe file because I am not building an executable, just a macro-like thing for a plugin for a desktop application. So I would like to add that just using an Asterisk as the registry key name would force the usage of the specified version of IE on ALL apps that use Web browser control.
using builder.AllowAnyOrigin() essentially disables CORS. It is preferable to selectively enable domains like builder.WithOrigins("http://example.com")
The above answer is not valid for AdSense. It is against the TOS.
@hannes - yup, but that doesn't always work. In my case I have a dev tool that installs an extension and you can uninstall the tool independently of the addin. Now if the user uninstalls my tool, then reinstalls and the addin hasn't rev'ed it fails which is sad. The installer should be smart enough to either detect that the component is already there with the same version and just silently go on or otherwise provide a silent fail option in that can be trapped somehow, but neither is available.
Cool aritcle! Thanks for sharing.
The update problem should be solved by increasing the version number.
Can I specify multiple file specifications, like **.bak; .bak2 etc.
Hi, thanks a lot for this post, it was quite difficult to find just this and not the whole Identity + EF implementation.
I have a question though, regarding cookie timeout and presenting it to the user.
I have been following this kind of approach to it:
basically I setup my cookie with a SlidingExpiration = true, then, after the user logs in I do a request by ajax to get the current remaining cookie valid time, but by doing that request (which runs periodically by 1 sec or so) then the cookie itself gets renewed and never expires, do you have any suggestions to present that info to the user and not confuse the ajax request with a user's request?
thanks in advance!!
Ryan - compression is handled by IIS for static content, but not for dynamic content generated by Kestrel. The AspNetCore module passed content straight through the pipeline so there's no post processing of requests except for the proxy header fixups (which may actually get added beforehand). Otherwise IIS just forwards the request as is.
So, if you want compression in your application generated content you need to use the content compression middleware in ASP.NET Core.
Hey Rick, Thankyou very much.. from last few days I was facing similar issue on two different places with different z-index values, in which one is working fine and other is disturbed. When I applied the z-index value in css the first one got disturbed & the other one was working fine.. I tried a lot with different solutions, but nothing worked. But this works.. Thanks a lot
Great article. Had a question. I implemented the exception filter in my project. when i throw a exception, the filter is capturing it. but when error occurs in the application, for example, i gave wrong database name, the filter is not capturing it. I am able to see the exception in console window, but exception is not handling it to give error in json format. am i missing something? Thanks.
Thanks for your write-up about LetsEncrypt-Win-Simple.
I managed to get it working within IIS 8. This is going to simplify an annoying task.
However, when asked if I want to to auto renew every 60 days I chose 'No' as I thought I could choose 'Y' the next time but it does not give me this option again. I see there is a new letsencrypt daily task in Task Scheduler but I don't think this is the 60 day auto renewal.
I do not see a way to either renable the auto renewal Y/N option when running letsencrypt.exe or how to manually add it to a config file.
Just wondering if this is something you know about?
I've read about Net Standard for at least a year now, and waited for VS 2017 to come out. Now that it is, I've studied what VS 2017 does in order to understand what Net Standard really is. Unfortunately, I still do not understand why everyone keeps saying that Net Standard is not an implementation, when everything I see in VS 2017 says Net Standard is an implementation. As someone wisely said, "Don't tell me [Microsoft] what you believe in. I'll observe how you behave and I will make my own determination."
Aside, I can accept Net Standard may be also a standard, but what's listed at https://github.com/dotnet/standard/blob/master/docs/versions/netstandard1.6_ref.md is a terrible definition. It contains no semantics, so what one framework would do might be completely different in another framework. Maybe I'm too old school.
So, when I create a Net Standard class library in VS 2017, I can compile it, link to it, and run the code. I can link to the Net Standard DLL from a Net Core app, or a Net Framework app. (See https://github.com/kaby76/NetStandardCoreFramworkExamples for every permutation of interoperability.) I can Dotpeek the Net Standard DLL and see code. If I look at a csproj file for a freshly generated Net Standard class library from VS 2017, it contains only a reference to "netstandard1.4". The csproj file might look like this:
I can change this to a multi-target framework with the addition of other frameworks:
and see, when built, there are two DLL's generated, one for Net Core, another for Net Standard.
So, if Net Standard is just a standard, and not an implementation, why is there a distinct target with code generated when I build a Net Standard library?
So, what I deduce is that Net Stardard is an implementation. It may not be important, and it all works well, but what people keep saying does not make sense.
I would serve static content form CDN
Finally I had to remove timezone information, otherwise the posted result (the hours part of the time) was tranformed due to timezone information.
(ok, it is not about JSON, but may help someone who is surfing on the information ocean)
Are gzip/deflate compressions also offloaded to iis?
Or do we need to configure this too?
it will stop, when you retire. That's the wonder of doing what we do.
Hi Rick great article! HUGE fan of lets encrypt it is like something i never knew existed but desperately need!
I am using asp.net core with a reverse proxy (not the aspcore IIS module) - this doesnt play nicely with the auto-renew as you need to disable the reverse proxy (unless your proxied app runs in the same folder as your IIS web application)
fortunately you can do this before the renewal runs via command line:
set-webconfigurationproperty '/system.webserver/rewrite/rules/rule[@name="ReverseProxyInboundRule1"]' -Name enabled -Value false -PSPath "IIS:\sites\<your_website_name>"
set-webconfigurationproperty '/system.webserver/rewrite/rules/rule[@name="ReverseProxyInboundRule1"]' -Name enabled -Value false -PSPath "IIS:\sites\<your_website_name>"
I used your blog to get CORS setup with my WebAPI 2.0 app on an IIS server which worked, however; I moved this and the web front end onto an Azure server preventing cookies being sent to the server, which I know is an issue when going cross domains. I have allow any origin, allow any method and allow credentials but the cookie still doesn't get sent. Any ideas of what I might be doing wrong?
Interestingly, Tony's suggestion worked just fine for me without any registry hacks.
Here's a link to a solution that doesn't involve calling netsh. I'm adding SSL on a site that has 5 domains with a cert that has Alternative subject names. Note that the * for IP address and passing -Thumbprint seem to be key to getting it just right.
New-WebBinding -Name $name -Protocol "https" -Port $httpsPort -HostHeader $hostname -SslFlags 1 # SNI certificate
New-Item -Path "IIS:\\SslBindings\*!$httpsPort!$hostname" -Thumbprint $thumbprint -SSLFlags 1
Also it has a multi-platform Rewrite support too:
PM> Install-Package Microsoft.AspNetCore.Rewrite
// import from web.config
app.UseRewriter(new RewriteOptions().AddIISUrlRewrite(env.ContentRootFileProvider, "web.config"))
Really great stuff Rick. I've been wondering about trying ASP.NET Core on a small new project but been put off by all the confusion. Now I feel happy to give it a go!
How can I do on linux (Ubuntu 16.04)?
I was banging my head for two days trying to figure out how to apply CORS to my API...I was following MSDN and it was not working for me - I use your example and it works perfect. THANK YOU!!!
@Pliskin - Localization resoures are cached by the location framework in ASP.NET - regardless which dev platform (MVC, WebForms) you use. You need to either restart the AppDomain, or if you're using the localiztion provider mentioned here you can force the resource cache to be cleared. But either way these operations have to be explicitly performed - they don't happen automatically.
@Pablo - 1 - no you can't run the developer tools. They are not part of the control, they are part of the IE Application shell which is not part of the Web Browser control. You can however use FireBug Lite as an addin to at least get proper Console Output.
This provider id helpful, I have a question; I have two web projects(ASP.NET MVC and Web Form), If I use this provider in MVC project and update resource texts, can I see the new text in web Form project without restarting?
Hi Rick, firstly thank's for your help, this aricle is very helpful and sorry for my english.
I have two questions:
1.- Is it possible to run te developer toolbar from webbrowser component with F12 like Internet Explorer?
2.- What is the relation beetwen de and .
I don't understand that:
"Internet Explorer 11. Webpages are displayed in IE11 Standards mode, regardless of the !DOCTYPE directive."
I hope I have explained it well.