ASP.NET Core on Windows with IIS

Recently, I have been told to have an ASP.NET Core application on an internal Windows server with IIS. Although, this application will be only for internal users and not public on the internet, I want to create an SSL certificate and for the purpose a self-signed certificate will be enough.

Install IIS

Enable the Web Server (IIS) server role and establish role services.

1. Use the Add Roles and Features wizard from the Manage menu or the link in Server Manager. On the Server Roles step, check the box for Web Server (IIS).

2. After the Features step, the Role services step loads for Web Server (IIS). Select the IIS role services desired or accept the default role services provided.
   • Windows Authentication (Optional): to enable Windows Authentication, expand the following nodes: Web Server > Security. Select the Windows Authentication feature. For more information, see Windows Authentication and Configure Windows authentication
   • WebSockets (Optional) is supported with ASP.NET Core 1.1 or later. To enable WebSockets, expand the following nodes: Web Server > Application Development. Select the WebSocket Protocol feature. For more information, see WebSockets.
3. Proceed through the Confirmation step to install the web server role and services. A server/IIS restart isn’t required after installing the Web Server (IIS) role.

Windows desktop operating systems

Enable the IIS Management Console and World Wide Web Services.

1. Navigate to Control Panel > Programs > Programs and Features > Turn Windows features on or off (left side of the screen).
2. Open the Internet Information Services node. Open the Web Management Tools node.
3. Check the box for IIS Management Console.
4. Check the box for World Wide Web Services.
5. Accept the default features for World Wide Web Services or customize the IIS features.
   • Windows Authentication (Optional)
     To enable Windows Authentication, expand the following nodes: World Wide Web Services > Security. Select the Windows Authentication feature. For more information, see Windows Authentication and Configure Windows authentication.
   • WebSockets (Optional)
     WebSockets is supported with ASP.NET Core 1.1 or later. To enable WebSockets, expand the following nodes: World Wide Web Services > Application Development Features. Select the WebSocket Protocol feature. For more information, see WebSockets.
6. If the IIS installation requires a restart, restart the system.

Install the .NET Core Hosting Bundle

Install the .NET Core Hosting Bundle on the hosting system. The bundle installs the .NET Core Runtime, .NET Core Library, and the ASP.NET Core Module. The module allows ASP.NET Core apps to run behind IIS.

If the Hosting Bundle is installed before IIS, the bundle installation must be repaired. Run the Hosting Bundle installer again after installing IIS.

If the Hosting Bundle is installed after installing the 64-bit (x64) version of .NET Core, SDKs might appear to be missing (No .NET Core SDKs were detected). To resolve the problem, see Troubleshoot and debug ASP.NET Core projects.

Direct download (current version)

Download the installer using the following link: current .NET Core Hosting Bundle installer (direct download)

Earlier versions of the installer

To obtain an earlier version of the installer:

1. Navigate to the Download .NET Core page.
2. Select the desired .NET Core version.
3. In the Run apps – Runtime column, find the row of the .NET Core runtime version desired.
4. Download the installer using the Hosting Bundle link.

Install the Hosting Bundle

1. Run the installer on the server. The following parameters are available when running the installer from an administrator command shell:
   • OPT_NO_ANCM=1: Skip installing the ASP.NET Core Module.
   • OPT_NO_RUNTIME=1: Skip installing the .NET Core runtime. Used when the server only hosts self-contained deployments (SCD).
   • OPT_NO_SHAREDFX=1: Skip installing the ASP.NET Shared Framework (ASP.NET runtime). Used when the server only hosts self-contained deployments (SCD).
   • OPT_NO_X86=1: Skip installing x86 runtimes. Use this parameter when you know that you won’t be hosting 32-bit apps. If there’s any chance that you will host both 32-bit and 64-bit apps in the future, don’t use this parameter and install both runtimes.
   • OPT_NO_SHARED_CONFIG_CHECK=1: Disable the check for using an IIS Shared Configuration when the shared configuration (applicationHost.config) is on the same machine as the IIS installation. Only available for ASP.NET Core 2.2 or later Hosting Bundler installers. For more information, see ASP.NET Core Module.
2. Restart the system or execute the following commands in a command shell:ConsoleCopynet stop was /y net start w3svc Restarting IIS picks up a change to the system PATH, which is an environment variable, made by the installer.

ASP.NET Core doesn’t adopt roll-forward behavior for patch releases of shared framework packages. After upgrading the shared framework by installing a new hosting bundle, restart the system or execute the following commands in a command shell:ConsoleCopy

net stop was /y
net start w3svc

Create the IIS site

1. On the hosting system, create a folder to contain the app’s published folders and files. In a following step, the folder’s path is provided to IIS as the physical path to the app. For more information on an app’s deployment folder and file layout, see ASP.NET Core directory structure.
2. In IIS Manager, open the server’s node in the Connections panel. Right-click the Sites folder. Select Add Website from the contextual menu.
3. Provide a Site name and set the Physical path to the app’s deployment folder. Provide the Binding configuration and create the website by selecting OK: 

4. Under the server’s node, select Application Pools.
5. Right-click the site’s app pool and select Basic Settings from the contextual menu.
6. In the Edit Application Pool window, set the .NET CLR version to No Managed Code: ASP.NET Core runs in a separate process and manages the runtime. ASP.NET Core doesn’t rely on loading the desktop CLR (.NET CLR). The Core Common Language Runtime (CoreCLR) for .NET Core is booted to host the app in the worker process. Setting the .NET CLR version to No Managed Code is optional but recommended.

1. ASP.NET Core 2.2 or later:
   • For a 32-bit (x86) self-contained deployment published with a 32-bit SDK that uses the in-process hosting model, enable the Application Pool for 32-bit. In IIS Manager, navigate to Application Pools in the Connections sidebar. Select the app’s Application Pool. In the Actions sidebar, select Advanced Settings. Set Enable 32-Bit Applications to True.
   • For a 64-bit (x64) self-contained deployment that uses the in-process hosting model, disable the app pool for 32-bit (x86) processes. In IIS Manager, navigate to Application Pools in the Connections sidebar. Select the app’s Application Pool. In the Actions sidebar, select Advanced Settings. Set Enable 32-Bit Applications to False.
2. Confirm the process model identity has the proper permissions.If the default identity of the app pool (Process Model > Identity) is changed from ApplicationPoolIdentity to another identity, verify that the new identity has the required permissions to access the app’s folder, database, and other required resources. For example, the app pool requires read and write access to folders where the app reads and writes files.

How to Create a Self-Signed Certificate in IIS

SSL establishes trust and ensures customers for a safe visit and transactions over the net. We highly suggest you not to use a self-signed certificate for any e-commerce site or any other sites which require sensitive data like bank or credit card information. If you want to generate self-signing SSL certificate in IIS, follow the below steps.

Step: 1 Go to the Start menu & click on Administrative Tools > Internet Information Services (IIS) Manager

Step: 2 Click on the server name in the Connections column on the left and Double-click on Server Certificates

Step: 3 Click on Create Self-Signed Certificate in the Actions Column on the right.

Step: 4 Type any meaningful name and then click OK to proceed

Step: 5 Click OK. Once that is complete you should now see the SSL in the list of Self-Signed certificates. Now, you have IIS Self-Signed Certificate with 1 year validation.

Finally, by following the above step your Self-Signed Certificate is ready in the IIS.

Swapping to Development

So, very often I saw this error page when I ran my application.

To switch your application to development, you have to modify your web.config file with the below. The web.config file is typically auto generated in the root folder of the application.

<aspNetCore processPath="dotnet" arguments=".\projectName.dll" 
            stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout">
    <environmentVariables>
        <environmentVariable name="ASPNETCORE_ENVIRONMENT" 
                             value="Development" />
    </environmentVariables>
</aspNetCore>

The web.config in its entirety should resemble the below (update “projectName.dll” for your project appropriately):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" 
             modules="AspNetCoreModuleV2" 
             resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\projectName.dll" 
                  stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" 
                  hostingModel="InProcess">
       <environmentVariables>
          <environmentVariable name="ASPNETCORE_ENVIRONMENT" 
                               value="Development" />
        </environmentVariables>
      </aspNetCore>
    </system.webServer>
  </location>
</configuration>