Development in IIS or on file system

Discussion in 'ASP .Net' started by Mark, Jan 20, 2006.

  1. Mark

    Mark Guest

    ASP.NET 2.0 installs web projects by default in the file system, leveraging
    the increased security of the new personal web server, rather than relying
    on hacker prone IIS. However, it strikes me that this will add more
    headaches for testing because your development doesn't use IIS. For
    example, you lack the benefits of testing withing the VS IDE with debugging,
    as well as identifying IIS issues upfront. We work in an environment where
    Microsoft's updates are automatically downloaded and installed, keeping IIS
    ideally as up to date as Microsoft is able to make it.

    Aside from the obvious security benefit of not using IIS, are there other
    advantages/disadvantages/work arounds that should be considered here?

    Thanks in advance.

    Mark
     
    Mark, Jan 20, 2006
    #1
    1. Advertising

  2. Mark

    Jim Cheshire Guest

    On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <>
    wrote:

    >ASP.NET 2.0 installs web projects by default in the file system, leveraging
    >the increased security of the new personal web server, rather than relying
    >on hacker prone IIS. However, it strikes me that this will add more
    >headaches for testing because your development doesn't use IIS. For
    >example, you lack the benefits of testing withing the VS IDE with debugging,
    >as well as identifying IIS issues upfront. We work in an environment where
    >Microsoft's updates are automatically downloaded and installed, keeping IIS
    >ideally as up to date as Microsoft is able to make it.
    >
    >Aside from the obvious security benefit of not using IIS, are there other
    >advantages/disadvantages/work arounds that should be considered here?
    >


    At the risk of answering what appears to be, at least in part, a
    loaded question, it's important to remember that development and test
    are two different stages.


    Jim Cheshire
    --
    Blog:
    http://blogs.msdn.com/jamesche
     
    Jim Cheshire, Jan 20, 2006
    #2
    1. Advertising

  3. Mark

    Mark Guest

    Yes - testing is certainly done beyond development. However, it is my
    responsibility to test my software thoroughly prior to handing it to the
    tester. I can copy the files from the file system to my local IIS to test
    .... but again I lose the debug capabilities, not to mention the ease of
    finding problems just by working natively in IIS all the time.

    Also - no loaded question was intended. Microsoft has created a "safe"
    place for us to develop code, but it strikes me as a limited environment.
    I'd love feedback on how others intend to balance the need for feeling safe,
    and the desire for increased functionality. Once we have our team head down
    one path, it would be a pain to change it for everyone.

    Thanks again.

    Mark

    "Jim Cheshire" <> wrote in message
    news:...
    > On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <>
    > wrote:
    >
    >>ASP.NET 2.0 installs web projects by default in the file system,
    >>leveraging
    >>the increased security of the new personal web server, rather than relying
    >>on hacker prone IIS. However, it strikes me that this will add more
    >>headaches for testing because your development doesn't use IIS. For
    >>example, you lack the benefits of testing withing the VS IDE with
    >>debugging,
    >>as well as identifying IIS issues upfront. We work in an environment
    >>where
    >>Microsoft's updates are automatically downloaded and installed, keeping
    >>IIS
    >>ideally as up to date as Microsoft is able to make it.
    >>
    >>Aside from the obvious security benefit of not using IIS, are there other
    >>advantages/disadvantages/work arounds that should be considered here?
    >>

    >
    > At the risk of answering what appears to be, at least in part, a
    > loaded question, it's important to remember that development and test
    > are two different stages.
    >
    >
    > Jim Cheshire
    > --
    > Blog:
    > http://blogs.msdn.com/jamesche
     
    Mark, Jan 20, 2006
    #3
  4. Mark

    Jim Cheshire Guest

    On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <>
    wrote:

    >Yes - testing is certainly done beyond development. However, it is my
    >responsibility to test my software thoroughly prior to handing it to the
    >tester. I can copy the files from the file system to my local IIS to test
    >... but again I lose the debug capabilities, not to mention the ease of
    >finding problems just by working natively in IIS all the time.
    >
    >Also - no loaded question was intended. Microsoft has created a "safe"
    >place for us to develop code, but it strikes me as a limited environment.
    >I'd love feedback on how others intend to balance the need for feeling safe,
    >and the desire for increased functionality. Once we have our team head down
    >one path, it would be a pain to change it for everyone.
    >


    Yes, the ASP.NET Development Server is a limited environment for sure.
    There are several reasons why we chose to go that route, but one of
    the most important ones is that it allows developers to run and debug
    code as non-administrators. This has traditionally been a painful
    process, especially for educational institutions and government
    agencies.

    One thing that you may not have thought of is using the ASP.NET
    Development Server to debug content that physically exists on an IIS
    instance. In other words, say that you have a Web server called Web01.
    You can map a drive (say the G drive) on your development box that
    maps to the content of your Web site on the Web server. In VS 2005,
    you simply open your project using that file path. Then when you
    debug, you will actually run against the ASP.NET Development Server,
    but you can also browse the exact same content on the IIS instance.


    Jim Cheshire
    --
    Blog:
    http://blogs.msdn.com/jamesche
     
    Jim Cheshire, Jan 20, 2006
    #4
  5. Mark

    Mark Guest

    Interesting points. Thanks for the details. Assuming that our developers
    are all admins on our boxes, and that we all have IIS installed locally on
    our machines, is there any good reason not to develop our applications right
    in our local IIS instances?

    Thanks again.

    Mark

    "Jim Cheshire" <> wrote in message
    news:...
    > On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <>
    > wrote:
    >
    >>Yes - testing is certainly done beyond development. However, it is my
    >>responsibility to test my software thoroughly prior to handing it to the
    >>tester. I can copy the files from the file system to my local IIS to test
    >>... but again I lose the debug capabilities, not to mention the ease of
    >>finding problems just by working natively in IIS all the time.
    >>
    >>Also - no loaded question was intended. Microsoft has created a "safe"
    >>place for us to develop code, but it strikes me as a limited environment.
    >>I'd love feedback on how others intend to balance the need for feeling
    >>safe,
    >>and the desire for increased functionality. Once we have our team head
    >>down
    >>one path, it would be a pain to change it for everyone.
    >>

    >
    > Yes, the ASP.NET Development Server is a limited environment for sure.
    > There are several reasons why we chose to go that route, but one of
    > the most important ones is that it allows developers to run and debug
    > code as non-administrators. This has traditionally been a painful
    > process, especially for educational institutions and government
    > agencies.
    >
    > One thing that you may not have thought of is using the ASP.NET
    > Development Server to debug content that physically exists on an IIS
    > instance. In other words, say that you have a Web server called Web01.
    > You can map a drive (say the G drive) on your development box that
    > maps to the content of your Web site on the Web server. In VS 2005,
    > you simply open your project using that file path. Then when you
    > debug, you will actually run against the ASP.NET Development Server,
    > but you can also browse the exact same content on the IIS instance.
    >
    >
    > Jim Cheshire
    > --
    > Blog:
    > http://blogs.msdn.com/jamesche
     
    Mark, Jan 20, 2006
    #5
  6. Mark

    Jim Cheshire Guest

    On Fri, 20 Jan 2006 13:15:55 -0600, "Mark" <>
    wrote:

    >Interesting points. Thanks for the details. Assuming that our developers
    >are all admins on our boxes, and that we all have IIS installed locally on
    >our machines, is there any good reason not to develop our applications right
    >in our local IIS instances?
    >


    No, in your scenario, you can certainly use the local IIS instance.

    Jim Cheshire
    --
    Blog:
    http://blogs.msdn.com/jamesche
     
    Jim Cheshire, Jan 20, 2006
    #6
  7. Mark,

    To add to Jim's answer, at my main job (F+W Publications, Inc.) we develop
    on IIS and I develop using IIS for my own side business also. I prefer it
    that way for many of the same reasons you are thinking of doing it. And my
    setup is similar to yours in many ways. I would recommend doing one thing if
    you're worried about IIS possibly being compromised. Because we have our
    development boxes opened up at work (not to the public but internally) we
    run software firewalls and allow only local 127.0.0.1 access to IIS. That
    locks it down pretty tightly.

    Regards,

    --
    S. Justin Gengo
    Web Developer / Programmer

    Free code library:
    http://www.aboutfortunate.com

    "Out of chaos comes order."
    Nietzsche


    "Mark" <> wrote in message
    news:...
    > Interesting points. Thanks for the details. Assuming that our developers
    > are all admins on our boxes, and that we all have IIS installed locally on
    > our machines, is there any good reason not to develop our applications
    > right in our local IIS instances?
    >
    > Thanks again.
    >
    > Mark
    >
    > "Jim Cheshire" <> wrote in message
    > news:...
    >> On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <>
    >> wrote:
    >>
    >>>Yes - testing is certainly done beyond development. However, it is my
    >>>responsibility to test my software thoroughly prior to handing it to the
    >>>tester. I can copy the files from the file system to my local IIS to
    >>>test
    >>>... but again I lose the debug capabilities, not to mention the ease of
    >>>finding problems just by working natively in IIS all the time.
    >>>
    >>>Also - no loaded question was intended. Microsoft has created a "safe"
    >>>place for us to develop code, but it strikes me as a limited environment.
    >>>I'd love feedback on how others intend to balance the need for feeling
    >>>safe,
    >>>and the desire for increased functionality. Once we have our team head
    >>>down
    >>>one path, it would be a pain to change it for everyone.
    >>>

    >>
    >> Yes, the ASP.NET Development Server is a limited environment for sure.
    >> There are several reasons why we chose to go that route, but one of
    >> the most important ones is that it allows developers to run and debug
    >> code as non-administrators. This has traditionally been a painful
    >> process, especially for educational institutions and government
    >> agencies.
    >>
    >> One thing that you may not have thought of is using the ASP.NET
    >> Development Server to debug content that physically exists on an IIS
    >> instance. In other words, say that you have a Web server called Web01.
    >> You can map a drive (say the G drive) on your development box that
    >> maps to the content of your Web site on the Web server. In VS 2005,
    >> you simply open your project using that file path. Then when you
    >> debug, you will actually run against the ASP.NET Development Server,
    >> but you can also browse the exact same content on the IIS instance.
    >>
    >>
    >> Jim Cheshire
    >> --
    >> Blog:
    >> http://blogs.msdn.com/jamesche

    >
    >
     
    S. Justin Gengo, Mar 21, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Spencer
    Replies:
    2
    Views:
    455
    John Saunders
    Aug 6, 2003
  2. Akhlaq Khan
    Replies:
    4
    Views:
    775
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN
    Sep 27, 2004
  3. Replies:
    0
    Views:
    486
  4. Replies:
    2
    Views:
    798
    dar7yl
    Jan 15, 2005
  5. Brent White
    Replies:
    8
    Views:
    333
    Cowboy \(Gregory A. Beamer\)
    Nov 9, 2007
Loading...

Share This Page