Hands-onLesson 13 of 16

Lab: Deploy and Configure a .NET Web App on IIS

End-to-end lab: publish app, create site/pool, set identity and permissions, verify health endpoint, and perform safe recycle.

🧒 Simple Explanation (ELI5)

You prepare the app, give IIS a place to run it, and open the right door (binding) so users can reach it.

🔧 Why Do We Need It?

🌍 Real-world Analogy

Like opening a new retail branch: fit out the store, assign staff, unlock doors, and run opening-day checks.

⚙️ Technical Explanation

For ASP.NET Core on IIS, install Hosting Bundle, use app pool with No Managed Code, bind site to folder, grant least-privilege ACLs to pool identity, and verify startup logs.

🔁 PowerShell Automation Focus

This lab also covers Windows automation basics: running scripts safely, using execution policy correctly, and automating repeatable operations such as service checks and app pool actions. Core sequence: write script, run with least privilege, validate output, and log actions for auditability.

📊 Visual Representation

Deployment Flow
Build
dotnet publish
Provision
Pool + Site + Binding
Secure
ACL + HTTPS
Validate
Health + Logs

⌨️ Commands / Syntax

PowerShell
# PowerShell basics for this lab
Get-ExecutionPolicy
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

# Build and deploy
dotnet publish .\MyApp.csproj -c Release -o C:\deploy\myapp
Import-Module WebAdministration
New-WebAppPool -Name "myapp-pool"
Set-ItemProperty IIS:\AppPools\myapp-pool -Name managedRuntimeVersion -Value ""
New-Website -Name "myapp" -Port 8080 -PhysicalPath "C:\deploy\myapp" -ApplicationPool "myapp-pool"
icacls C:\deploy\myapp /grant "IIS AppPool\myapp-pool:(OI)(CI)RX"

# Service/process automation checks
Get-Service W3SVC,WAS | Select-Object Name,Status,StartType
Get-Process w3wp -ErrorAction SilentlyContinue | Select-Object Id,CPU,WorkingSet

# Managed restart action
appcmd recycle apppool /apppool.name:"myapp-pool"

💼 Example (Real-world Use Case)

A release pipeline deploys every Friday night with the exact sequence above and validates /health before traffic cutover.

🧪 Hands-on

  1. Publish a sample app to C:\deploy\myapp.
  2. Create pool and site on port 8080.
  3. Grant read permissions to pool identity.
  4. Browse http://localhost:8080/health.
  5. Recycle pool and confirm no prolonged downtime.
💡
Deployment Safety

Prefer pool-level recycle and pre-deploy backups of config/content.

🐛 Debugging Scenario

Failure: 500.30 after deploy.

🎯 Interview Questions

Beginner

Why No Managed Code for ASP.NET Core?

IIS proxies/hosts Core via ANCM; CLR choice is handled by Core runtime.

What permission does site folder need?

At least RX for app pool identity, plus write only where needed.

Why health endpoint?

Fast readiness verification before exposing traffic.

Pool recycle vs iisreset?

Recycle limits blast radius to one app.

Where to look first if startup fails?

Event Viewer + app stdout logs.

Intermediate

How do you do zero-downtime deploy?

Blue/green or rolling nodes with health checks and drain before switch.

How do you secure app pool identity?

Use least privilege or gMSA for domain resource access.

What should be automated in pipeline?

Publish, backup, deploy, bind, smoke tests, rollback hooks.

How to validate config drift?

Script appcmd/WebAdministration baseline checks.

How to handle schema changes safely?

Use staged migrations and backward-compatible app versions.

Scenario-based

Deploy passed but users see 403.

Check NTFS permissions and auth settings mismatch.

Site works locally not remotely.

Validate firewall, binding, and DNS.

High memory right after deploy.

Warm-up plus caches may spike; verify steady-state and limits.

Rollback decision trigger?

Error budget breach or sustained 5xx after mitigation.

Multiple sites share one pool?

Not for production-critical apps; isolate pools.

🌐 Real-world Usage

This lab mirrors enterprise release steps used in regulated environments.

📝 Summary

Reliable IIS deployment is scripted, validated, and reversible.

← Troubleshooting