109 lines
6.4 KiB
Markdown
109 lines
6.4 KiB
Markdown
|
---
|
||
|
|
title: Out-of-process hosting with IIS and ASP.NET Core
|
||
|
|
author: rick-anderson
|
||
|
|
description: Learn about out-of-process Hosting with IIS and the ASP.NET Core Module.
|
||
|
|
monikerRange: '>= aspnetcore-5.0'
|
||
|
|
ms.author: riande
|
||
|
|
ms.custom: mvc
|
||
|
|
ms.date: 02/07/2020
|
||
|
|
uid: host-and-deploy/iis/out-of-process-hosting
|
||
|
|
---
|
||
|
|
# Out-of-process hosting with IIS and ASP.NET Core
|
||
|
|
|
||
|
|
Because ASP.NET Core apps run in a process separate from the IIS worker process, the ASP.NET Core Module handles process management. The module starts the process for the ASP.NET Core app when the first request arrives and restarts the app if it shuts down or crashes. This is essentially the same behavior as seen with apps that run in-process that are managed by the [Windows Process Activation Service (WAS)](/iis/manage/provisioning-and-managing-iis/features-of-the-windows-process-activation-service-was).
|
||
|
|
|
||
|
|
The following diagram illustrates the relationship between IIS, the ASP.NET Core Module, and an app hosted out-of-process:
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
1. Requests arrive from the web to the kernel-mode HTTP.sys driver.
|
||
|
|
1. The driver routes the requests to IIS on the website's configured port. The configured port is usually 80 (HTTP) or 443 (HTTPS).
|
||
|
|
1. The module forwards the requests to Kestrel on a random port for the app. The random port isn't 80 or 443.
|
||
|
|
|
||
|
|
<!-- make this a bullet list -->
|
||
|
|
The ASP.NET Core Module specifies the port via an environment variable at startup. The <xref:Microsoft.AspNetCore.Hosting.WebHostBuilderIISExtensions.UseIISIntegration%2A> extension configures the server to listen on `http://localhost:{PORT}`. Additional checks are performed, and requests that don't originate from the module are rejected. The module doesn't support HTTPS forwarding. Requests are forwarded over HTTP even if received by IIS over HTTPS.
|
||
|
|
|
||
|
|
After Kestrel picks up the request from the module, the request is forwarded into the ASP.NET Core middleware pipeline. The middleware pipeline handles the request and passes it on as an `HttpContext` instance to the app's logic. Middleware added by IIS Integration updates the scheme, remote IP, and pathbase to account for forwarding the request to Kestrel. The app's response is passed back to IIS, which forwards it back to the HTTP client that initiated the request.
|
||
|
|
|
||
|
|
For ASP.NET Core Module configuration guidance, see <xref:host-and-deploy/aspnet-core-module>.
|
||
|
|
|
||
|
|
For more information on hosting, see [Host in ASP.NET Core](xref:fundamentals/index#host).
|
||
|
|
|
||
|
|
## Application configuration
|
||
|
|
|
||
|
|
### Enable the IISIntegration components
|
||
|
|
|
||
|
|
When building a host in `CreateHostBuilder` (`Program.cs`), call <xref:Microsoft.Extensions.Hosting.Host.CreateDefaultBuilder%2A> to enable IIS integration:
|
||
|
|
|
||
|
|
```csharp
|
||
|
|
public static IHostBuilder CreateHostBuilder(string[] args) =>
|
||
|
|
Host.CreateDefaultBuilder(args)
|
||
|
|
...
|
||
|
|
```
|
||
|
|
|
||
|
|
For more information on `CreateDefaultBuilder`, see <xref:fundamentals/host/generic-host#default-builder-settings>.
|
||
|
|
|
||
|
|
|
||
|
|
**Out-of-process hosting model**
|
||
|
|
|
||
|
|
To configure IIS options, include a service configuration for <xref:Microsoft.AspNetCore.Builder.IISOptions> in <xref:Microsoft.AspNetCore.Hosting.IStartup.ConfigureServices%2A>. The following example prevents the app from populating `HttpContext.Connection.ClientCertificate`:
|
||
|
|
|
||
|
|
```csharp
|
||
|
|
services.Configure<IISOptions>(options =>
|
||
|
|
{
|
||
|
|
options.ForwardClientCertificate = false;
|
||
|
|
});
|
||
|
|
```
|
||
|
|
|
||
|
|
| Option | Default | Setting |
|
||
|
|
| ------------------------------ | :-----: | ------- |
|
||
|
|
| `AutomaticAuthentication` | `true` | If `true`, [IIS Integration Middleware](#enable-the-iisintegration-components) sets the `HttpContext.User` authenticated by [Windows Authentication](xref:security/authentication/windowsauth). If `false`, the middleware only provides an identity for `HttpContext.User` and responds to challenges when explicitly requested by the `AuthenticationScheme`. Windows Authentication must be enabled in IIS for `AutomaticAuthentication` to function. For more information, see the [Windows Authentication](xref:security/authentication/windowsauth) topic. |
|
||
|
|
| `AuthenticationDisplayName` | `null` | Sets the display name shown to users on login pages. |
|
||
|
|
| `ForwardClientCertificate` | `true` | If `true` and the `MS-ASPNETCORE-CLIENTCERT` request header is present, the `HttpContext.Connection.ClientCertificate` is populated. |
|
||
|
|
|
||
|
|
|
||
|
|
### Proxy server and load balancer scenarios
|
||
|
|
|
||
|
|
The [IIS Integration Middleware](#enable-the-iisintegration-components) and the ASP.NET Core Module are configured to forward the:
|
||
|
|
|
||
|
|
* Scheme (HTTP/HTTPS).
|
||
|
|
* Remote IP address where the request originated.
|
||
|
|
|
||
|
|
The [IIS Integration Middleware](#enable-the-iisintegration-components) configures Forwarded Headers Middleware.
|
||
|
|
|
||
|
|
Additional configuration might be required for apps hosted behind additional proxy servers and load balancers. For more information, see [Configure ASP.NET Core to work with proxy servers and load balancers](xref:host-and-deploy/proxy-load-balancer).
|
||
|
|
|
||
|
|
|
||
|
|
### Out-of-process hosting model
|
||
|
|
|
||
|
|
To configure an app for out-of-process hosting, set the value of the `<AspNetCoreHostingModel>` property to `OutOfProcess` in the project file (`.csproj`):
|
||
|
|
|
||
|
|
```xml
|
||
|
|
<PropertyGroup>
|
||
|
|
<AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
|
||
|
|
</PropertyGroup>
|
||
|
|
```
|
||
|
|
|
||
|
|
In-process hosting is set with `InProcess`, which is the default value.
|
||
|
|
|
||
|
|
The value of `<AspNetCoreHostingModel>` is case insensitive, so `inprocess` and `outofprocess` are valid values.
|
||
|
|
|
||
|
|
[Kestrel](xref:fundamentals/servers/kestrel) server is used instead of IIS HTTP Server (`IISHttpServer`).
|
||
|
|
|
||
|
|
For out-of-process, [`CreateDefaultBuilder`](xref:fundamentals/host/generic-host#default-builder-settings) calls <xref:Microsoft.AspNetCore.Hosting.WebHostBuilderIISExtensions.UseIISIntegration%2A> to:
|
||
|
|
|
||
|
|
* Configure the port and base path the server should listen on when running behind the ASP.NET Core Module.
|
||
|
|
* Configure the host to capture startup errors.
|
||
|
|
|
||
|
|
### Process name
|
||
|
|
|
||
|
|
`Process.GetCurrentProcess().ProcessName` reports `w3wp`/`iisexpress` (in-process) or `dotnet` (out-of-process).
|
||
|
|
|
||
|
|
Many native modules, such as Windows Authentication, remain active. To learn more about IIS modules active with the ASP.NET Core Module, see <xref:host-and-deploy/iis/modules>.
|
||
|
|
|
||
|
|
The ASP.NET Core Module can also:
|
||
|
|
|
||
|
|
* Set environment variables for the worker process.
|
||
|
|
* Log stdout output to file storage for troubleshooting startup issues.
|
||
|
|
* Forward Windows authentication tokens.
|