(Versions 7.9.0+)

Hosting with IIS (Internet Information Services) provides a full management interface to configure the network traffic to your website.

Have Questions?  Contact Us

Related Topics:

Benefits of IIS Hosting

IIS provides more features, scalability, & robustness than the lightweight IIS Express. IIS Express is a smaller, self-contained version, which is installed by default and starts as a task with the Pleasant Password Server service.

  • Allows more configuration
  • Allows for more authentication options, such as:
  • Additional logging options
  • etc.

Below are the migration steps, which in the future, will be replaced with a more automated solution.

Migration Steps From IIS Express to IIS

Step 1: Copy your Application files to the IIS Machine

Do this step if you are migrating to a different machine running IIS. (Otherwise, skip to Step 2).

  • Copy the Registry entries:
    • On the IIS Express machine, open the Windows registry and expand the HKEY_LOCAL_MACHINE\SOFTWARE branch. Locate the Pleasant Solutions folder, right click on it, and click Export.
    • On the IIS machine locate the same same branch, right-click on it, and click Import.

 

  • Copy application folders from the IIS Express machine to the IIS machine:
    • C:\Program Files (x86)\Pleasant Solutions
    • C:\ProgramData\Pleasant Solutions\Password Server folders

Step 2: Install your Application on IIS

  • Install the Application on the IIS Machine (if it is not installed already):
    • Install Pleasant Password Server
    • Stop the "Pleasant Password Server" service
    • Disable the "Pleasant Password Server" service

Step 3: Run Web Platform Installer

  • For an IIS server with internet access, download & install the Web Platform Installer tool
    • Configure it to run the following 3 applications:
      • URL Rewrite
      • IIS: Application Initialization
      • IIS: ASP.NET 4.5

Step 4: Create a New IIS Site

  • In the IIS Manager, create the new site and set the Physical path to:
    • C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\www
  • Bind the site to type HTTPS
  • May choose to use a non-standard port such as 10001, to limit traffic flowing to Password Server

Step 5: Configure the IIS Site

  • For the IIS site:
    • Right-click on the IIS website
    • (General) > Preload Enabled = True
  • For Earlier Versions (previous to 7.9.0):
    • On your IIS site - in the Authentication section, set:
      • ASP.NET Impersonation = Enabled
      • (Note: for versions 7.9.0+ this setting can remain Disabled)

Step 6: Configure the IIS Application Pool User

  • Configure the account used for Password Server's "Application Pool"
    • Right-click on the Application Pool > Select "Advanced Options" > Click Identity
      • Choose one of the following options:
Option A - ApplicationPoolIdentity (default, recommended)
  • Use a separate, unique Application Pool Identity
    • Explanation: This creates a new, virtual account to secure the application and it's communications in IIS an across the network with a custom, least privileged account (such as NetworkService). Rather than creating a new account for each application, this account will allow both: running in it's own space and connection to other network locations (e.g. Backup, and MS-SQL).
  • Set Identity = ApplicationPoolIdentity
    • Your new virtual user account can be referenced by this handle:
      • IIS APPPOOL\<YourApplicationPoolName>
    • This user will not be found by searching in your machine/network users
    • This user is only selected by referencing the "IIS APPPOOL\" location, indexed by the name of your application pool

  • (Note: in the next step 7, be sure to set Load User Profile = True)
Option B - User Account
  • A local or LDAP user account, with Local Admin access
Option C - LocalSystem (easiest)
  • Uses the account which is the most powerful on the machine, with access privileges across the network

Step 7: Configure the IIS Application Pool Settings

  • Application Pool > Select the application pool > Advanced Settings:
    • (General) > Start Mode = AlwaysRunning
      • Keep the website running
    • Process Model > Idle Time-out (minutes) = 0
      • Stop the website's App Pool from shutting down if it has been idle for awhile (after 20 minutes)
    • Process Model > Maximum Worker Processes = 0
      • Allow numerous processes at a time
    • * Process Model > Load User Profile = True
      • * Only needed if you are:
        • Using the ApplicationPoolIdentity user,
        • Seeing IsolatedStorage errors in server Logging Details

Step 8: Configure the Application Pool User Permissions

  • Configure Local Machine Access: 
    • If you have chosen a Local Admin account or LocalSystem, your account will have the permissions needed on this machine
    • Otherwise, provide access:
      • If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.
      • File Folders:
        • Give the account "modify" rights on these folders:
          • C:\Program Files (x86)\Pleasant Solutions
          • C:\ProgramData\Pleasant Solutions\Password Server
      • Registry Keys:
        • Give the account "Full Control" rights for these registry keys:
          • Expand the HKEY_LOCAL_MACHINE\SOFTWARE branch. Locate the Pleasant Solutions folder.
          • Right-Click the Key > select Permissions > Advanced > Permissions > Add
          • Now remove the permission "Write DAC"
          • Replace all child object permissions
  • Configure Network Access:
    • This account may need access for the following connections:
      • Network Backups: if your automatic Backups are placed on a network share
      • MS SQL Server Database: give this same user (selected in step 6) access to your database instance
    • (Note: If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.)

Step 9: Start the IIS site

  • Recycle the Application Pool
  • Start the site
  • If necessary, reboot the server and restart IIS

 

Please Contact Us!  If you have any questions or any difficulties regarding these steps.

Troubleshooting:
  • If the site does not start:
  • If you receive an "IsolatedStorage" error:
    • Consider upgrading to 7.9.13 which better handles this.
    • Set "Load User Profile" = True   (step 7)
    • You may also need to set ASP.NET Impersonation  (Step 5)
  • If you receive a "Method Not Allowed" error, when modifying an entry in KeePass for Pleasant client:
    • It may be that there is another application installed which has modified the WebDAV extension
    • Open your IIS application > Site > Handler Mappings > WebDAV
    • Open Request Restrictions > Verbs > select All Verbs > Save your changes
    • Now try again, and also try in KeePass & Web client
Tag page
You must login to post a comment.