Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Development in IIS or on file system

Reply
Thread Tools

Development in IIS or on file system

 
 
Mark
Guest
Posts: n/a
 
      01-20-2006
ASP.NET 2.0 installs web projects by default in the file system, leveraging
the increased security of the new personal web server, rather than relying
on hacker prone IIS. However, it strikes me that this will add more
headaches for testing because your development doesn't use IIS. For
example, you lack the benefits of testing withing the VS IDE with debugging,
as well as identifying IIS issues upfront. We work in an environment where
Microsoft's updates are automatically downloaded and installed, keeping IIS
ideally as up to date as Microsoft is able to make it.

Aside from the obvious security benefit of not using IIS, are there other
advantages/disadvantages/work arounds that should be considered here?

Thanks in advance.

Mark



 
Reply With Quote
 
 
 
 
Jim Cheshire
Guest
Posts: n/a
 
      01-20-2006
On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <(E-Mail Removed)>
wrote:

>ASP.NET 2.0 installs web projects by default in the file system, leveraging
>the increased security of the new personal web server, rather than relying
>on hacker prone IIS. However, it strikes me that this will add more
>headaches for testing because your development doesn't use IIS. For
>example, you lack the benefits of testing withing the VS IDE with debugging,
>as well as identifying IIS issues upfront. We work in an environment where
>Microsoft's updates are automatically downloaded and installed, keeping IIS
>ideally as up to date as Microsoft is able to make it.
>
>Aside from the obvious security benefit of not using IIS, are there other
>advantages/disadvantages/work arounds that should be considered here?
>


At the risk of answering what appears to be, at least in part, a
loaded question, it's important to remember that development and test
are two different stages.


Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche
 
Reply With Quote
 
 
 
 
Mark
Guest
Posts: n/a
 
      01-20-2006
Yes - testing is certainly done beyond development. However, it is my
responsibility to test my software thoroughly prior to handing it to the
tester. I can copy the files from the file system to my local IIS to test
.... but again I lose the debug capabilities, not to mention the ease of
finding problems just by working natively in IIS all the time.

Also - no loaded question was intended. Microsoft has created a "safe"
place for us to develop code, but it strikes me as a limited environment.
I'd love feedback on how others intend to balance the need for feeling safe,
and the desire for increased functionality. Once we have our team head down
one path, it would be a pain to change it for everyone.

Thanks again.

Mark

"Jim Cheshire" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <(E-Mail Removed)>
> wrote:
>
>>ASP.NET 2.0 installs web projects by default in the file system,
>>leveraging
>>the increased security of the new personal web server, rather than relying
>>on hacker prone IIS. However, it strikes me that this will add more
>>headaches for testing because your development doesn't use IIS. For
>>example, you lack the benefits of testing withing the VS IDE with
>>debugging,
>>as well as identifying IIS issues upfront. We work in an environment
>>where
>>Microsoft's updates are automatically downloaded and installed, keeping
>>IIS
>>ideally as up to date as Microsoft is able to make it.
>>
>>Aside from the obvious security benefit of not using IIS, are there other
>>advantages/disadvantages/work arounds that should be considered here?
>>

>
> At the risk of answering what appears to be, at least in part, a
> loaded question, it's important to remember that development and test
> are two different stages.
>
>
> Jim Cheshire
> --
> Blog:
> http://blogs.msdn.com/jamesche



 
Reply With Quote
 
Jim Cheshire
Guest
Posts: n/a
 
      01-20-2006
On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <(E-Mail Removed)>
wrote:

>Yes - testing is certainly done beyond development. However, it is my
>responsibility to test my software thoroughly prior to handing it to the
>tester. I can copy the files from the file system to my local IIS to test
>... but again I lose the debug capabilities, not to mention the ease of
>finding problems just by working natively in IIS all the time.
>
>Also - no loaded question was intended. Microsoft has created a "safe"
>place for us to develop code, but it strikes me as a limited environment.
>I'd love feedback on how others intend to balance the need for feeling safe,
>and the desire for increased functionality. Once we have our team head down
>one path, it would be a pain to change it for everyone.
>


Yes, the ASP.NET Development Server is a limited environment for sure.
There are several reasons why we chose to go that route, but one of
the most important ones is that it allows developers to run and debug
code as non-administrators. This has traditionally been a painful
process, especially for educational institutions and government
agencies.

One thing that you may not have thought of is using the ASP.NET
Development Server to debug content that physically exists on an IIS
instance. In other words, say that you have a Web server called Web01.
You can map a drive (say the G drive) on your development box that
maps to the content of your Web site on the Web server. In VS 2005,
you simply open your project using that file path. Then when you
debug, you will actually run against the ASP.NET Development Server,
but you can also browse the exact same content on the IIS instance.


Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche
 
Reply With Quote
 
Mark
Guest
Posts: n/a
 
      01-20-2006
Interesting points. Thanks for the details. Assuming that our developers
are all admins on our boxes, and that we all have IIS installed locally on
our machines, is there any good reason not to develop our applications right
in our local IIS instances?

Thanks again.

Mark

"Jim Cheshire" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <(E-Mail Removed)>
> wrote:
>
>>Yes - testing is certainly done beyond development. However, it is my
>>responsibility to test my software thoroughly prior to handing it to the
>>tester. I can copy the files from the file system to my local IIS to test
>>... but again I lose the debug capabilities, not to mention the ease of
>>finding problems just by working natively in IIS all the time.
>>
>>Also - no loaded question was intended. Microsoft has created a "safe"
>>place for us to develop code, but it strikes me as a limited environment.
>>I'd love feedback on how others intend to balance the need for feeling
>>safe,
>>and the desire for increased functionality. Once we have our team head
>>down
>>one path, it would be a pain to change it for everyone.
>>

>
> Yes, the ASP.NET Development Server is a limited environment for sure.
> There are several reasons why we chose to go that route, but one of
> the most important ones is that it allows developers to run and debug
> code as non-administrators. This has traditionally been a painful
> process, especially for educational institutions and government
> agencies.
>
> One thing that you may not have thought of is using the ASP.NET
> Development Server to debug content that physically exists on an IIS
> instance. In other words, say that you have a Web server called Web01.
> You can map a drive (say the G drive) on your development box that
> maps to the content of your Web site on the Web server. In VS 2005,
> you simply open your project using that file path. Then when you
> debug, you will actually run against the ASP.NET Development Server,
> but you can also browse the exact same content on the IIS instance.
>
>
> Jim Cheshire
> --
> Blog:
> http://blogs.msdn.com/jamesche



 
Reply With Quote
 
Jim Cheshire
Guest
Posts: n/a
 
      01-20-2006
On Fri, 20 Jan 2006 13:15:55 -0600, "Mark" <(E-Mail Removed)>
wrote:

>Interesting points. Thanks for the details. Assuming that our developers
>are all admins on our boxes, and that we all have IIS installed locally on
>our machines, is there any good reason not to develop our applications right
>in our local IIS instances?
>


No, in your scenario, you can certainly use the local IIS instance.

Jim Cheshire
--
Blog:
http://blogs.msdn.com/jamesche
 
Reply With Quote
 
S. Justin Gengo
Guest
Posts: n/a
 
      03-21-2006
Mark,

To add to Jim's answer, at my main job (F+W Publications, Inc.) we develop
on IIS and I develop using IIS for my own side business also. I prefer it
that way for many of the same reasons you are thinking of doing it. And my
setup is similar to yours in many ways. I would recommend doing one thing if
you're worried about IIS possibly being compromised. Because we have our
development boxes opened up at work (not to the public but internally) we
run software firewalls and allow only local 127.0.0.1 access to IIS. That
locks it down pretty tightly.

Regards,

--
S. Justin Gengo
Web Developer / Programmer

Free code library:
http://www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche


"Mark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Interesting points. Thanks for the details. Assuming that our developers
> are all admins on our boxes, and that we all have IIS installed locally on
> our machines, is there any good reason not to develop our applications
> right in our local IIS instances?
>
> Thanks again.
>
> Mark
>
> "Jim Cheshire" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <(E-Mail Removed)>
>> wrote:
>>
>>>Yes - testing is certainly done beyond development. However, it is my
>>>responsibility to test my software thoroughly prior to handing it to the
>>>tester. I can copy the files from the file system to my local IIS to
>>>test
>>>... but again I lose the debug capabilities, not to mention the ease of
>>>finding problems just by working natively in IIS all the time.
>>>
>>>Also - no loaded question was intended. Microsoft has created a "safe"
>>>place for us to develop code, but it strikes me as a limited environment.
>>>I'd love feedback on how others intend to balance the need for feeling
>>>safe,
>>>and the desire for increased functionality. Once we have our team head
>>>down
>>>one path, it would be a pain to change it for everyone.
>>>

>>
>> Yes, the ASP.NET Development Server is a limited environment for sure.
>> There are several reasons why we chose to go that route, but one of
>> the most important ones is that it allows developers to run and debug
>> code as non-administrators. This has traditionally been a painful
>> process, especially for educational institutions and government
>> agencies.
>>
>> One thing that you may not have thought of is using the ASP.NET
>> Development Server to debug content that physically exists on an IIS
>> instance. In other words, say that you have a Web server called Web01.
>> You can map a drive (say the G drive) on your development box that
>> maps to the content of your Web site on the Web server. In VS 2005,
>> you simply open your project using that file path. Then when you
>> debug, you will actually run against the ASP.NET Development Server,
>> but you can also browse the exact same content on the IIS instance.
>>
>>
>> Jim Cheshire
>> --
>> Blog:
>> http://blogs.msdn.com/jamesche

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Published from Win XP system with VS2005 to Win2003 system with IIS Brent White ASP .Net 8 11-09-2007 02:11 PM
Web Application development vs windows client development cabernet123@hotmail.com ASP .Net 0 11-17-2005 12:09 AM
enterprise application development versus traditional software development jrefactors@hotmail.com Java 2 01-15-2005 10:45 PM
development environment architecture for ASP.NET development team Akhlaq Khan ASP .Net 4 09-27-2004 01:33 PM
Re: Development best practices and knowing when to exercise control over development Kevin Spencer ASP .Net 2 08-06-2003 09:33 PM



Advertisments