Did you know appcmd commands

Here are some of the cool things you can do by piping appcmd commands together in IIS.

Application Pools
1. Recycle all application pools (replace recycle with start/stop to start/stop all apppools)appcmd list apppool /xml | appcmd recycle apppool /in
2. Stop application pools with word "cheap" in it
appcmd list apppool /name:"$=*cheap*" /xml | appcmd stop apppool /in

3. Set property enable32BitAppOnWin64 to true for all apppools (Filter apppools as in 2 if needed)
appcmd list apppool /xml | appcmd set apppool /in /enable32BitAppOnWin64:true

4. Start apppools which are stopped
appcmd list apppool /state:Stopped /xml | appcmd start apppool /in

5. Recycle application pools which are used in some applications
appcmd list app /xml | appcmd list apppool /in /xml | appcmd recycle apppool /in
appcmd list app /xml | appcmd recycle apppool /in (This might recycle one apppool multiple times)

6. Recycle apppools serving website “Default Web Site”appcmd list site "Default Web Site" /xml | appcmd list app /in /xml | appcmd list apppool /in /xml | appcmd recycle apppool /in
appcmd list app /site.name:"Default Web Site" /xml | appcmd list apppool /in /xml | appcmd recycle apppool /in

Sites
7. Start all the sites (Replace start with stop to stop all sites)
appcmd list site /xml | appcmd start site /in

8. Start the sites which are stopped
appcmd list site /state:stopped /xml | appcmd start site /in

9. Set serverAutoStart to false for all sites
appcmd list site /xml | appcmd set site /serverAutoStart:false /in

10. Keep sites config data and restore laterappcmd list site /config /xml > sites.xml
appcmd add sites /in < sites.xml

Applications and Vdirs
11. Delete all apps which are using a particular apppool
appcmd list apppool DefaultAppPool /xml | appcmd list app /in /xml | appcmd delete app /in

12. Move all applications in a site to NewAppPool apppool
appcmd list app /site.name:"Default Web Site" /xml | appcmd set app /in /applicationPool:NewAppPool

13. List all sites with "/test" app
appcmd list app /path:"/test" /xml | appcmd list site /in

14. List apps created by user10 (assuming all his apps under a folder whose name contains user10)
appcmd list vdir /physicalPath:"$=*user10*" /xml | appcmd list app /in

15. List sites which read from C:\inetput\wwwroot
appcmd list vdir /physicalPath:C:\inetput\wwwroot /xml | appcmd list app /xml /in | appcmd list site /in

16. List the vdirs of sites which are stopped
appcmd list site /state:stopped /xml | appcmd list app /xml /in | appcmd list vdir /in

Worker processes and Requests
17. Stop apppools of requests running for more than 60 seconds
appcmd list request /xml /time:"$>60000" | appcmd list apppool /in /xml | appcmd stop apppool /in

18. List apps served by wp 3600
appcmd list wp 3600 /xml | appcmd list apppool /xml /in | appcmd list app /in

Modules
19. Disable all managed modules
appcmd list module /preCondition:managedHandler /xml | appcmd delete module /in

20. Uninstall all native modules
appcmd list module /type:"" /xml | appcmd uninstall module /in

21. Unlock all module entries under system.webServer/modules (won’t work on vista)
appcmd list module /xml | appcmd set config /lockItem:false /in
Configuration
22. Keep config of a particular section and restore laterappcmd list config http://localhost/app1/ /section:caching /xml /config > config.xml
appcmd set config http://localhost/app1 /in < config.xml
Backups and Traces23. Delete all backups
appcmd list backup /xml | appcmd delete backup /in
24. List sites generating 404
appcmd list trace /statusCode:404 /xml | appcmd list site /in

References: This is a local copy of an article from http://goo.gl/fGvOYc

IIS Request Filtering to block HTTP Verbs (For example Trace)

The issue

Request Filtering is a built-in security feature that was introduced in Internet Information Services (IIS) 7.0. This can be used to block specific verbs like "Trace".

When request filtering blocks an HTTP request, IIS 7 will return an HTTP 404 error to the client and log the HTTP status with a unique substatus that identifies the reason that the request was denied. Verb Denied.

HTTP Substatus	Description
404.5	URL Sequence Denied
404.6	Verb Denied
404.7	File Extension Denied
404.8	Hidden Namespace
404.1	Request Header Too Long
404.11	URL Double Escaped
404.12	URL Has High Bit Chars
404.13	Content Length Too Large
404.14	URL Too Long
404.15	Query String Too Long
404.18	Query String Sequence Denied
404.19	Denied by Filtering Rule

How to block

To block specific verbs, all you need to do is modify your web.config and under <system.webServer> à <security> add the following:
<requestFiltering>

    <verbs applyToWebDAV="false">

         <add verb="TRACE" allowed="false" />

    </verbs>

</requestFiltering>

OR

Step 1: Open IIS Manager

Step 2: Navigate to site & look for "Request Filtering"

Step 3: Navigate to HTTP Verbs & Deny TRACE

Verification of the issue (when bound to 443 over https)

Here we will attempt to check if the HTTP Trace method has been disabled on IIS.

1. To complete this step you will need a machine with openssl. 
2. You will need to log into the machine from step a using putty or an equivalent terminal. 
3. Create a connection to the secure server via openssl using s_client 
   openssl s_client -connect dev.server.supportpoint.com:443 -servername dev.server.supportpoint.com -host dev.server.supportpoint.com -port 443
   
4. Next mimic a TRACE connection
   
   
   
   by entering:
   TRACE /  HTTP/1.0
   Connection: dev.server.supportpoint.com 
5. As you can notice here, the result returned is 404. 
6. Check the IIS Access Logs for 404.6 (When request filtering blocks an HTTP request, IIS 7 will return an HTTP 404 error to the client and log the HTTP status with a unique substatus that identifies the reason that the request was denied. In our case, 404.6 is Verb Denied)
1. Find the Application Id

1. Go to the IIS Manager
2. Right-click your site à Manage Website à Advanced Settings 
3. Your ID is an integer value
4. 
   
2. Navigate to logs directory & open last modified log file
1. Go to %SystemDrive%\inetpub\logs\LogFiles
2. Then find the folder based on your Application ID. 
1. If your ID is 1, then go to W3SVC1. 
2. If your ID is 2, then go to W3SVC2. 
3. … and so on
3. Open the Last Modifed Log file
3. Search the log file for your TRACE request.
4. You should now be able to see that the error logged is 404.6 

Part 2: Async requests in ASP.NET MVC 4 when working with Session [Thread Starvation my A$$]

This is a multi-part post dedicated to Async requests in ASP.NET MVC 4 when working with Session. Be sure to follow this series starting from the first post to gain a clear understanding.

Catch up from the last post

So in our last post it looked like it was Thread Starvation that was causing the all synchronous request to be queued and run sequentially. NOT! 

It wasn't Thread Starvation after all

So for thread starvation to occur, I should have exhaused all of the 5000 threads that were available. Seeing that I was hosting my application locally & was the only person accessing my website I couldn't have exhaused all my available threads (specified by MaxWorkerThreads). So we could deduce that it wasn't Thread Starvation.

What is it then?

Looks like i overlooked a key piece of information in my last post. The requests that were queuing up were all a part of the same session. 

How thread pools really work

On the Web server, the .NET Framework maintains a pool of threads that are used to service ASP.NET requests. When a request arrives, a thread from the pool is dispatched to process that request. If the request is processed synchronously, the thread that processes the request is blocked while the request is being processed, and that thread cannot service another request.

Access to ASP.NET session state is exclusive per session, which means that if two different users make concurrent requests, access to each separate session is granted concurrently. However, if two concurrent requests are made for the same session (by using the same SessionID value), the first request gets exclusive access to the session information. The second request executes only after the first request is finished. [Info Src Link]

What Microsoft recommends

The second session can also get access if the exclusive lock on the information is freed because the first request exceeds the lock time-out. If the EnableSessionState value in the @ Page directive is set to ReadOnly (or annotate the controller with [SessionState(SessionStateBehavior.ReadOnly)]), a request for the read-only session information does not result in an exclusive lock on the session data. However, read-only requests for session data might still have to wait for a lock set by a read-write request for session data to clear.

My solution

My original request method needed to get converted to an async operation achieved easily with async-await. In-spite of using async-await, the requests still ran sequentially due to the thread lock imposed by ASP.NET session state. Seeing that I needed access to my session state & possibly needed to save data to it, I couldn't simply disable the session state behavior. To find out what I ended up doing click here (Coming soon) (I'll include some code samples) ...

Sync v/s Async

Microsoft recommends the following ..

In general, use synchronous pipelines when the following conditions are true:

• The operations are simple or short-running.
• Simplicity is more important than efficiency.
• The operations are primarily CPU operations instead of operations that involve extensive disk or network overhead. Using asynchronous action methods on CPU-bound operations provides no benefits and results in more overhead.

In general, use asynchronous pipelines when the following conditions are true:

• The operations are network-bound or I/O-bound instead of CPU-bound.
• Testing shows that the blocking operations are a bottleneck in site performance and that IIS can service more requests by using asynchronous action methods for these blocking calls.
• Parallelism is more important than simplicity of code.
• You want to provide a mechanism that lets users cancel a long-running request.