Sunday, 11 December 2016

Points to be remember for Deploying ASP.Net MVC Application in Production

1. To make application Offline use App_Offline.htm


If you are running your application within a .NET 4.0 application pool (IIS 7.0 or IIS 7.5) or your web site is configured as an ASP.NET 4.0 web site (IIS 6.0) and would like to show your clients an “under maintenance” page for a limited time, the easiest way is to put a file named app_offline.htm in your web site’s root folder. Then your application will be taking offline and the clients will be served with app_offline.htm page whatever their requests are.

2. Deploy application with debug="false"

When we develop asp.net application using Visual Studio, the default value for debug attribute is true. This setting will help developers to debug the application in development environment. For example, executing the application in this mode will not cache the resource files rendered by WebResources.axd handler. This prevents the need to clear the temporary cache every time when the developer needs to check the changes done. There will be other useful things done for developers for debugging like debug symbols, settings that will enable breakpoints etc. These setting will give a poor performance in production if released in the default debug mode (false).
So, never release your website with debug mode set to true. It should be set to false in web.config when moving to production.
<compilation debug=”false”/>
Debug mode to 'true' results following disadvantage.
  Code execution will be slow.
  Compilation will be slow since batch compilation is disabled.
  Memory consumption is higher since there are additional debug symbols, etc.
  Resources downloaded with webresources.axd will not be cached.

Alternate will be <deployment retail=”true”/> in machine.config. If you are a server administrator, make this change in machine.config so that it will enforce the debug attribute in the application’s web.config to false. It also disables the page output tracing and the ability to show the detailed exception report to the remote users when there is an exception.

3. Configure Custom Error Page in Web.Config file


In web.config use code.
<customErrors defaultRedirect="url"
              mode="On|Off|RemoteOnly">
     <error. . ./>
</customErrors>


ON - Specifies that custom errors are enabled. If no defaultRedirect attribute is specified, users see a generic error. The custom errors are shown to the remote clients and to the local host.

OFF - Specifies that custom errors are disabled. The detailed ASP.NET errors are shown to the remote clients and to the local host.

REMOTEONLY - Specifies that custom errors are shown only to the remote clients, and that ASP.NET errors are shown to the local host. This is the default value.

4. Separate Application pool For each Application

Application pool is the container of worker process.  Application pools is used to separate sets of IIS worker processes that share the same configuration.  Application pools enables a better security, reliability, and availability for any web application.  The worker process serves as the process boundary that separates each application pool so that when one worker process or application is having an issue or recycles, other applications or worker processes are not affected.

5. Custom Service Account for ASP.NET app pools

A custom account is useful in the following situations:
  • When you want to improve security and make it easier to trace security events to the corresponding application.
  • When you are hosting Web sites for multiple customers on a single Web server. If you use the same process account for multiple customers, source code from one customer's application may be able to access source code from another customer's application. In this case, you should also configure a custom account for the anonymous user account.
  • When an application requires rights or permissions in addition to the default permissions for an application pool. In this case, you can create an application pool and assign a custom identity to the new application pool.
  • For More Identity for an Application Pool
How to Set
  1. Open IIS Manager. For information about opening IIS Manager, see Open IIS Manager (IIS 7).
  2. In the Connections pane, expand the server node and click Application Pools.
  3. On the Application Pools page, select the application pool for which you want to specify an identity, and then click Advanced Settings in the Actions pane.
  4. For the Identity property, click the ... button to open the Application Pool Identity dialog box.
  5. If you want to use a built-in account, select the Built-in account option and select an account from the list.
  6. If you want to use a custom identity, select the Custom account option and click Set to open the Set Credentials dialog box. Then type the custom account name in the User name text box, type a password in the Password text box, retype the password in the Confirm password text box, and then click OK.
  7. Click OK to dismiss the Application Pool Identity dialog box.

6. Encrypt the Sensitive data in Web.Config file.

For more click Encrypt sensitive data

7. Deploying a Web Application Project Using a Web Deployment Package


8. For Intranet applications use Windows Authentication to connect to database


If your application is hosted in an intranet domain, then use windows authentication to connect to the database. The advantage of this approach, you can use the same windows service account configured to run your app pool in IIS 6.0 to connect to the database. This prevents the need to store the password as a clear text in web.config.

No comments:

Post a Comment