Appendix A: IIS Configuration

This topic provides some guidance for configuring IIS using either the IIS Management Console or the Powershell WebAdministration module.

Configure IIS using the IIS Management Console

  1. Open IIS Manager.
  2. Creating a new application pool:
    1. In the Connections pane, right-click the Application Pools node.
    2. Select Add Application Pool.
    3. Give the pool a unique name.
    4. Select .NET CLR Version, and Managed Pipeline mode as well as any other settings.
    5. Click OK.
    6. Right-click on the new Application Pool in the list and select Advanced Settings...
    7. Set any advanced mode settings, e.g. Start Mode or Application Pool Identity.
    8. Click OK.
  3. Adding a web application into IIS:
    1. In the Connections pane, expand the Sites node and then the node representing your website (e.g. Default Web Site).
    2. Either:
      1. Right-click the folder the node representing the folder you created in step 1 and click Convert To Application, or
      2. Right-click the website and select Add Application.
    3. Set the Alias if you need to (the path portion of the URL).
    4. Choose the application pool you want to run the web application.
    5. Set the physical path if you need to (the path on the file system).
    6. Tick the Enable Preload option.
    7. Click OK.
    8. You can change these setting by selecting the web application node and selecting Advanced Settings...

Configure IIS via Windows Powershell

The application pool and web application may also be scripted via a powershell command prompt. The following example sets up a SilhouetteCentral and SilhouetteTokenService web site:

Import-Module WebAdministration

New-WebAppPool –Name Silhouette

Set-ItemProperty –path IIS:\AppPools\Silhouette –name "managedRuntimeVersion" –value "v4.0"

Set-ItemProperty –path IIS:\AppPools\Silhouette –name "startMode" –value "AlwaysRunning"

New-WebAppPool –Name SilhouetteToken

Set-ItemProperty –path IIS:\AppPools\SilhouetteToken –name "startMode" –value "AlwaysRunning"

New-WebApplication –Name silhouette –Site "Default Web Site" –PhysicalPath c:\inetpub\wwwroot\silhouette –ApplicationPool Silhouette

Set-ItemProperty -path "IIS:\Sites\Default Web Site\silhouette" -name "preloadEnabled" -value "True"

New-WebApplication –Name silhouette –Site "Default Web Site" –PhysicalPath c:\inetpub\wwwroot\silhouettetoken –ApplicationPool SilhouetteToken

Set-ItemProperty -path "IIS:\Sites\Default Web Site\silhouettetoken" -name "preloadEnabled" -value "True"

IIS and File System Permissions

The identity used by the application pool (by default set to IIS AppPool\Silhouette) requires read and execute permission to all files within the web application folder. By default, IIS automatically add the application pool identity as a member of the local IIS_IUSRS group, which by default has read access to all web applications hosted in the wwwroot folder. If you are not using a sub-folder of the wwwroot folder as the web application physical path, then grant read & execute rights to the IIS_IUSRS built in windows group to the folder you are using.

The IIS anonymous authentication user (built in IUSR identity) typically has read access to the web application folder by default through the Users group. If the IUSR identity doesn't have access you will get authentication errors when trying to serve static resources from the web application folder. If you experience this, grant the IUSR account Read & Execute access to the web application folder.