Wordpress Theme Upload error on IIS 7: AppPoolIdentity, FastCGI Impersonation and What not?

After hearing from like a zillion people I finally set out to try WordPress today on my Windows 7 PC. Initial reaction towards the app was cool. Small, sweet download. Pretty easy to run if you already have the pre-requistes like IIS, PHP and MySql up and running. Well during my "Lets see what it's got" phase with WordPress I was checking out some cool themes that are available for free. Selected a few of them and wanted to try them out. A cool feature in WordPress allows you to upload themes in zip packages. Further it automatically reads, uploads, configures the theme and makes it available for you to use. So far so good.

While I was uploading the ZIP package, I recieved the following message:

Unable to create directory "File Path of Upload diretory". Is its parent directory writable by the server?

I gave appropriate write access to my App Pool identity and then gave it a shot. No Go. I quickly Binged a bit for the error and found a lot of articles which seem to be Linux\Apache favouring. Things like "give 755 permission on the directory" or "give 777 permission on the directory". Well I had already figured out that I needed to give permission. My question was to which user?

Being in a Support environment, a lesson I learned was never to let go off basics. Enter Process Monitor. :)

Here's what I did:

1.) The 1st thing I did after firing up ProcMon was to include a filter for w3wp.exe and php-cgi.exe because I was sure these were the only relevant processes for my problem.
2.) Ran and captured File access parameters in ProcMon for the above 2 processes.
3.) Once it was captured, I needed to find the Access Denied result. Knew it would be there somewhere. Here's how it looked like.

Now, if you notice I was getting an Access Denied for the uploads folder creation operation. The last column, however, states that the user associated to this operation was my AppPoolidentity-->blog. But I had given the acess already. Couldnt figure out why it was failing.
4.) While thinking about this, I hovered on the details column in Procmon. This was my saviour. Check it out...

As you can see it says that php-cgi.exe was impersonating IUSR account for the write operation in this case. As soon as I gave write access to IUSR on the wp-content directory everything started to run smooth.

But what I really wanted to know was - Why is IUSR account coming into all this?
Answer: Time to go back to basics :)

When I noticed the process name once again, that is when it hit me. My machine is running PHP with Fast CGI and I have the following setting in my php.ini:

fastcgi.impersonate=1

Which esentially means when fastcgi impersonation is enabled, PHP will perform all file system operations with the user id that is currently authenticated by IIS. In my case I was using Anonymous Authentication with default settings. Hence IUSR. 

Case Solved. Having fun with WordPress. All is well. Now, something off-topic but IIS related. Once the file directory was created and all that I found this cool thing in the following pic:

As soon as a directory is made from WordPress, IIS (w3wp.exe) performs a NotifyChangeDirectory operation for the root and the parent directory. In this case notifying not just the AppPool for this application but all the AppPools in the website. Cool.

Hope this helps. Have Fun!

How many IIS 7 Managers are there anyways?

A few days back I was having a conversation with an exchange admin on how exchange works with IIS and stuff like that when suddenly he said: "It's good that we can have IIS 7 on Windows Server 2003 now" and I went like HUH!!! After explaining him that there is no downgrade available for IIS and the changes from IIS 6 to IIS 7 and a lot more explaination it was starting to get frustating. The guy just kept on saying "But I have IIS 7 running on my Server 2003 machine". I had to finally convince him to show me the machine.

  After logging on the server he opens up IIS 7 Manager gives an IIS server name and connects. I explained him that the exe he was using was known as IIS Manager for Remote Administration. Now he lost me! To be honest there really are quite a few UI's for managing IIS 7.x. But isn't it great! Here's the list :-)

1.) IIS Manager: This is the standard IIS Manager that is installed when you install IIS on a Server or Client OS running Windows Vista and up.

2.) IIS 6.0 Manager: Confused? This one is installed when you install IIS 6 Management Compatibility feature within the Web server Role. Best example for this one is when you install SMTP feature in Windows Server 2008. It looks exactly like the IIS 6 manager... Except it will not show you the IIS Websites and Application pool settings as it use to show in Windows Server 2003. It will only show you SMTP.

 















3.) IIS Manager for Remote Administration: This is a good one. This is basically a extension that is available as a download. It's a cool thing because I seen that a lot of ppl have IIS installed just because they wanted to connected to another server in their network or on the internet. Now with IIS Remote Manager you no more need to do that. You can just install this on your machine, make a few changes on the IIS Server and you are good to go. Here are the changes that you need to do.

i.) Log into your IIS Server. Open up the IIS Manager on the server.
ii.) At the Server node, in the features view find Management Service. Double Click.
iii.) Select Enable Remote Connections and go through the connection settings. Default settings should do just good. Unless you really want to do something out-of-world :)

Note: If you do not see management service in the features view. Check if you have it installed on the server at the first place. It will be under the IIS Management Tools section of IIS Features.

Oh! By the way if you are looking into more detailed explaination on the IIS 6 vs IIS 7 UI. Check out some good set of articles from Nitasha Verma.

Hope this solves some questions! Have Fun!

Netcraft: IIS now serves 50 Million Hostnames!

I was going through some data on IIS webservers today and came across Netcraft, which is a website that gives monthly statistical data on webservers from different companies and some other interesting stuff. Not sure if this data can be taken official or not but what really excited me was the number of hostnames that were running on IIS.

Microsoft Web Server has hit the BIG number of 50 Million hostnames from which Netcraft has recieved response. Now, yes, I know what you must be thinking. We all have Intranet websites that run any of the web server technologies that might be listed out there. Those are not coming into account in this. A reason that could be considerate enough not to get this data on a sales pitch ... :)

Nevertheless, 50 Million hostnames is a huge number for anyone.

Source: Netcraft February WebServer Survey

Just to keep in spirit of this achievement I am now planning some informative articles on the latest and most powerful extensions that can be plugged in IIS 7.x

Have Fun!

PS: If any one can get me a link to an official statistical data for IIS, I would be more than happy to link to it.

IIS Solution Center and More

Apparently a lot of people including me regularly search for support articles related to IIS for solutions. Today with no real work on hand I decided to save a few IIS related articles so that I can have a database at a central location. When I visited the Microsoft Support Solution center for IIS, I realised that a great location was already available with all the information. Solution Center as the name suggest is a central repository of not just the support articles but also a lot of great "How-To" articles on IIS. For some reason, I was not able to find the link for IIS 7 Solution Center, but below are the links for IIS 5, IIS 5.1 and IIS 6.

IIS 6 Solution Center
IIS 5, 5.1 Solution Center

At the bottom of the IIS 5 Solution center you will find a link for Information on the "Nimda" worm. Hmmm... Not sure if that gives correct information but it sure as hell reminds you of the mark it left... :)

For learning all the new stuff on IIS 7 ... do visit http://learn.iis.net/ and for questions: http://forums.iis.net/

Hope this helps.

ASP.NET MVC Framework and IIS: What's the connection?

"Can you tell me as to how ASP.NET MVC is processed in IIS?" I came across this interesting question from a member of my audience when I was giving a session for Community Techdays a few days back. I am not much of an ASP.NET developer therefore as much as I would hate to I had to say "Let me get back to you later on that".

So here's what I have figured out so far:

ASP.Net MVC or ASP.Net Model View Controller was introduced with .Net 3.5. The basic difference between an ASP.Net application and and ASP.Net MVC is that in ASP.Net, traditionally, the .Net framework maps the URL to a certain file on the disk (This file on disk has the code, that performs certain logic and also the markup to which is then sent to the requestor), whereas in ASP.NET MVC the URL is mapped to a controller where the controller class is responsible for handling various features of the request.

The mapping of these ASP.NET MVC URL's is handled by the ASP.NET routing engine. I am not going to go into how the MVC is executed. But for further details you can check this.

Lets look at it from an IIS perspective now. ASP.NET is executed in different ways in different versions of IIS. I will be covering IIS 6, IIS 7 and IIS 7 ... Yes I mention IIS 7 twice ... :) the 1st one is for IIS 7 with Integrated Pipeline mode and the 2nd one is for IIS 7 in Classic Mode. To know more IIS 7 processing features check my previous articles IIS : Changes from 6 to 7, IIS 6 and IIS 7 - How different are they?

In IIS 6 and IIS 7 Classic Mode, ASP.NET processing is not built-in with IIS. In very simple terms when IIS determines that the request is for ASP.NET, the request is mapped to aspnet_isapi.dll and from this point on the request is executed and the response is sent back. Therefore, an extension has a lot of importance in terms of IIS 6. Hence, for ASP.NET MVC applications to work we need to have a mechanism to map the ASP.NET MVC URL's to the aspnet_isapi.dll. This is acheived in one of the two ways mentioned below:

1.) Create a wildcard mapping for the ASP.NET MVC Application website in the way shown below:

(i) Right-click on the concerning website --> select Properties
(ii) Select the Home Directory tab
(iii) Click the Configuration button
(iv) Select the Mappings tab
(v) Click the Insert button
(vi) Give the path to the aspnet_isapi.dll in the Executable field. It's under C:\Windows\Microsoft.NET\Framework\v2.0.50727\, C:\ being your System Drive.
(vii) Uncheck the checkbox labeled Verify that file exists
(viii) Click the OK button

Note: If you see the configuration tab to be greyed out, that means your application is not mapped to an Application Pool. Click on the Create button just above it and in the drop down below select an appropriate application pool.

After this is done you need to make an addition in the global.asax file in your application as below:

routes.MapRoute("Root", "", new { controller = "Home", action = "Index", id = "" });

2.) The second method is to register the .mvc extension using registermvc.wsf with IIS from the following directory, C:\Program Files\Microsoft ASP.NET\ASP.NET MVC\Scripts

Once that is done, modify you RegisterRoutes function in global.asax as follows:

routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute("Default", "{controller}.mvc/{action}/{id}", new { action = "Index", id = "" });
routes.MapRoute("Root", "", new { controller = "Home", action = "Index", id = "" } );

Now your URL's should be as follows:
{controller}.mvc/{action}/{id}
 /product.mvc/


Hope this helps.