467,134 Members | 1,035 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,134 developers. It's quick & easy.

Development in IIS or on file system

ASP.NET 2.0 installs web projects by default in the file system, leveraging
the increased security of the new personal web server, rather than relying
on hacker prone IIS. However, it strikes me that this will add more
headaches for testing because your development doesn't use IIS. For
example, you lack the benefits of testing withing the VS IDE with debugging,
as well as identifying IIS issues upfront. We work in an environment where
Microsoft's updates are automatically downloaded and installed, keeping IIS
ideally as up to date as Microsoft is able to make it.

Aside from the obvious security benefit of not using IIS, are there other
advantages/disadvantages/work arounds that should be considered here?

Thanks in advance.

Mark

Jan 20 '06 #1
  • viewed: 1272
Share:
6 Replies
On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <ma**@nojunkmail.com>
wrote:
ASP.NET 2.0 installs web projects by default in the file system, leveraging
the increased security of the new personal web server, rather than relying
on hacker prone IIS. However, it strikes me that this will add more
headaches for testing because your development doesn't use IIS. For
example, you lack the benefits of testing withing the VS IDE with debugging,
as well as identifying IIS issues upfront. We work in an environment where
Microsoft's updates are automatically downloaded and installed, keeping IIS
ideally as up to date as Microsoft is able to make it.

Aside from the obvious security benefit of not using IIS, are there other
advantages/disadvantages/work arounds that should be considered here?


At the risk of answering what appears to be, at least in part, a
loaded question, it's important to remember that development and test
are two different stages.
Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche
Jan 20 '06 #2
Yes - testing is certainly done beyond development. However, it is my
responsibility to test my software thoroughly prior to handing it to the
tester. I can copy the files from the file system to my local IIS to test
.... but again I lose the debug capabilities, not to mention the ease of
finding problems just by working natively in IIS all the time.

Also - no loaded question was intended. Microsoft has created a "safe"
place for us to develop code, but it strikes me as a limited environment.
I'd love feedback on how others intend to balance the need for feeling safe,
and the desire for increased functionality. Once we have our team head down
one path, it would be a pain to change it for everyone.

Thanks again.

Mark

"Jim Cheshire" <no****@nomail.com> wrote in message
news:gg********************************@4ax.com...
On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <ma**@nojunkmail.com>
wrote:
ASP.NET 2.0 installs web projects by default in the file system,
leveraging
the increased security of the new personal web server, rather than relying
on hacker prone IIS. However, it strikes me that this will add more
headaches for testing because your development doesn't use IIS. For
example, you lack the benefits of testing withing the VS IDE with
debugging,
as well as identifying IIS issues upfront. We work in an environment
where
Microsoft's updates are automatically downloaded and installed, keeping
IIS
ideally as up to date as Microsoft is able to make it.

Aside from the obvious security benefit of not using IIS, are there other
advantages/disadvantages/work arounds that should be considered here?


At the risk of answering what appears to be, at least in part, a
loaded question, it's important to remember that development and test
are two different stages.
Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche

Jan 20 '06 #3
On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <ma**@nojunkmail.com>
wrote:
Yes - testing is certainly done beyond development. However, it is my
responsibility to test my software thoroughly prior to handing it to the
tester. I can copy the files from the file system to my local IIS to test
... but again I lose the debug capabilities, not to mention the ease of
finding problems just by working natively in IIS all the time.

Also - no loaded question was intended. Microsoft has created a "safe"
place for us to develop code, but it strikes me as a limited environment.
I'd love feedback on how others intend to balance the need for feeling safe,
and the desire for increased functionality. Once we have our team head down
one path, it would be a pain to change it for everyone.


Yes, the ASP.NET Development Server is a limited environment for sure.
There are several reasons why we chose to go that route, but one of
the most important ones is that it allows developers to run and debug
code as non-administrators. This has traditionally been a painful
process, especially for educational institutions and government
agencies.

One thing that you may not have thought of is using the ASP.NET
Development Server to debug content that physically exists on an IIS
instance. In other words, say that you have a Web server called Web01.
You can map a drive (say the G drive) on your development box that
maps to the content of your Web site on the Web server. In VS 2005,
you simply open your project using that file path. Then when you
debug, you will actually run against the ASP.NET Development Server,
but you can also browse the exact same content on the IIS instance.
Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche
Jan 20 '06 #4
Interesting points. Thanks for the details. Assuming that our developers
are all admins on our boxes, and that we all have IIS installed locally on
our machines, is there any good reason not to develop our applications right
in our local IIS instances?

Thanks again.

Mark

"Jim Cheshire" <no****@nomail.com> wrote in message
news:ri********************************@4ax.com...
On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <ma**@nojunkmail.com>
wrote:
Yes - testing is certainly done beyond development. However, it is my
responsibility to test my software thoroughly prior to handing it to the
tester. I can copy the files from the file system to my local IIS to test
... but again I lose the debug capabilities, not to mention the ease of
finding problems just by working natively in IIS all the time.

Also - no loaded question was intended. Microsoft has created a "safe"
place for us to develop code, but it strikes me as a limited environment.
I'd love feedback on how others intend to balance the need for feeling
safe,
and the desire for increased functionality. Once we have our team head
down
one path, it would be a pain to change it for everyone.


Yes, the ASP.NET Development Server is a limited environment for sure.
There are several reasons why we chose to go that route, but one of
the most important ones is that it allows developers to run and debug
code as non-administrators. This has traditionally been a painful
process, especially for educational institutions and government
agencies.

One thing that you may not have thought of is using the ASP.NET
Development Server to debug content that physically exists on an IIS
instance. In other words, say that you have a Web server called Web01.
You can map a drive (say the G drive) on your development box that
maps to the content of your Web site on the Web server. In VS 2005,
you simply open your project using that file path. Then when you
debug, you will actually run against the ASP.NET Development Server,
but you can also browse the exact same content on the IIS instance.
Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche

Jan 20 '06 #5
On Fri, 20 Jan 2006 13:15:55 -0600, "Mark" <ma**@nojunkmail.com>
wrote:
Interesting points. Thanks for the details. Assuming that our developers
are all admins on our boxes, and that we all have IIS installed locally on
our machines, is there any good reason not to develop our applications right
in our local IIS instances?


No, in your scenario, you can certainly use the local IIS instance.

Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche
Jan 20 '06 #6
Mark,

To add to Jim's answer, at my main job (F+W Publications, Inc.) we develop
on IIS and I develop using IIS for my own side business also. I prefer it
that way for many of the same reasons you are thinking of doing it. And my
setup is similar to yours in many ways. I would recommend doing one thing if
you're worried about IIS possibly being compromised. Because we have our
development boxes opened up at work (not to the public but internally) we
run software firewalls and allow only local 127.0.0.1 access to IIS. That
locks it down pretty tightly.

Regards,

--
S. Justin Gengo
Web Developer / Programmer

Free code library:
http://www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"Mark" <ma**@nojunkmail.com> wrote in message
news:ez**************@TK2MSFTNGP09.phx.gbl...
Interesting points. Thanks for the details. Assuming that our developers
are all admins on our boxes, and that we all have IIS installed locally on
our machines, is there any good reason not to develop our applications
right in our local IIS instances?

Thanks again.

Mark

"Jim Cheshire" <no****@nomail.com> wrote in message
news:ri********************************@4ax.com...
On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <ma**@nojunkmail.com>
wrote:
Yes - testing is certainly done beyond development. However, it is my
responsibility to test my software thoroughly prior to handing it to the
tester. I can copy the files from the file system to my local IIS to
test
... but again I lose the debug capabilities, not to mention the ease of
finding problems just by working natively in IIS all the time.

Also - no loaded question was intended. Microsoft has created a "safe"
place for us to develop code, but it strikes me as a limited environment.
I'd love feedback on how others intend to balance the need for feeling
safe,
and the desire for increased functionality. Once we have our team head
down
one path, it would be a pain to change it for everyone.


Yes, the ASP.NET Development Server is a limited environment for sure.
There are several reasons why we chose to go that route, but one of
the most important ones is that it allows developers to run and debug
code as non-administrators. This has traditionally been a painful
process, especially for educational institutions and government
agencies.

One thing that you may not have thought of is using the ASP.NET
Development Server to debug content that physically exists on an IIS
instance. In other words, say that you have a Web server called Web01.
You can map a drive (say the G drive) on your development box that
maps to the content of your Web site on the Web server. In VS 2005,
you simply open your project using that file path. Then when you
debug, you will actually run against the ASP.NET Development Server,
but you can also browse the exact same content on the IIS instance.
Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche


Mar 21 '06 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

28 posts views Thread by Me | last post: by
70 posts views Thread by KingIshu | last post: by
3 posts views Thread by Pascal Frey | last post: by
6 posts views Thread by Klaus Jensen | last post: by
1 post views Thread by Mark | last post: by
4 posts views Thread by Richard Levasseur | last post: by
8 posts views Thread by situ | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.