This article shares with the reader the steps on how to implement HTTP Public Key Pinning (HPKP) security policy/control. This article also includes the steps to create self signed certificate, implement the security control, and some tips to validate the control.

Please note that HPKP is not compatible with all browsers yet but there is nothing wrong with experimenting with it. You do not need to have an authentic certificate signed by a reputable CA in order to get an idea on how HPKP works. Hopefully this article will empower someone to implement this security policy in their environment or prepare them for a future opportunity.

Create self-signed certificate through IIS
To create SSL self signed server certificate through IIS,

• Under IIS Manager, click on the server name.
• On the Features View, click on Server Certificates.
• Under the Actions, click on Create Self-Signed Certificate.
• Specify a friendly Name for the certificate, in this example, I’ll name it MyCert1.

Create self-signed certificate using OpenSSL
To create SSL self signed server certificate using OpenSSL, see below

1. Download and install the OpenSSL for windows.
2. Open a command prompt and navigate to the OpenSSL bin folder.
3. Enter the command in listing 1 to set the environment variable.
Listing 1
    set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg  
    set RANDFILE=C:\OpenSSL-Win32\bin\.rnd 

4. Enter the following command to create a new self-signed certificate with 4096 bits using x509 structure and a key file. The certificate is valid for 365 days.
Listing 2
openssl req -newkey rsa:4096 -days 365 -x509 -nodes -out mycerts\myninja.ysa.cer -keyout mycerts\myninja.ysa.key 

5. You will be prompted to enter the Country Name, State, etc… Since the URL to my website is myninja.ysa, the Common Name will be myninja.ysa

6. Next, we will generate the PKCS#12/PFX using the certificate and key using the command in listing 3. This command will generate a .pfx file with a friendly name "myninja.ysa". We will import the certificate into IIS in later section.
Listing 3
openssl pkcs12 -export -out mycerts\myninja.ysa.pfx -inkey mycerts\myninja.ysa.key -in mycerts\myninja.ysa.cer -name "myninja.ysa" 

7. You will be prompted to enter the password to export the certificate. You can leave it blank by hitting enter twice,

Create certificate chain with OpenSSL
If you are interested to create self signed server certificate chain using OpenSSL, follow the below steps.

1. Let assume the Root/CA is myninja.ysa, enter the command in listing 4 to create a Certificate Signing Request (CSR) or certificate request
openssl req -newkey rsa:4096 -nodes -out mycerts\sub.myninja.ysa.csr -key mycerts\myninja.ysa.key 

2.  You will be prompted to enter the Country Name, State, etc… Let's assume the URL to my website is sub.myninja.ysa, and under the Common Name, I will enter sub.myninja.ysa

3.  Run the following command in listing 5 to complete the request. You can read more from here to find out the definition for the OpenSSL option/argument
openssl x509 -req -days 365 -in mycerts\sub.myninja.ysa.csr -CA mycerts\myninja.ysa.cer -CAkey mycerts\myninja.ysa.key -set_serial 01 -out mycerts\sub.myninja.ysa.cer 

4.  Shown in figure 6 is the output and the new certificate will be created under mycerts\sub.myninja.ysa.cer folder

5.  Let generate the PKCS#12/PFX using the command in listing 6 so that we can import it into the IIS Server Certificates
openssl pkcs12 -export -out mycerts\sub.myninja.ysa.pfx -inkey mycerts\myninja.ysa.key -in mycerts\sub.myninja.ysa.cer -name "sub.myninja.ysa" 

Next, we will spend a minute to examine the newly created certificate. Navigate to the mycerts folder and double click to open the myninja.ysa.cer and sub.myninja.ysa.cer certificates.

Click on the certificate Path tab. Under the Certificate status there will be a message "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store." and "The issuer of this certificate could not be found." In addition, the child certificate path didn't show the myninja.ysa as root. Refer to figure 7 and 8
To remedy this, click on the General tab of the myninja.ysa certificate. Click on the Install Certificate button. Place the certificate in the Trusted Root Certification Authorities. At the end click Finish to complete the process. You will see a Security Warning prompt "You are about to install certificate from a certification authority (CA) claiming to represent myninja.ysa… Do you want to install this certificate", click Yes to continue. After that double click on the certificate and you should observer that the certificate status show "This certificate is OK." And the chain certificate path shows the myninja.ysa as root as shown in figure 9.

Import certificate into the IIS Server Certificates
In this section we will touch base on the steps to import the certificate into the IIS

• Under IIS Manager, click on the server name
• On the Features View, click on Server Certificates
• Under the Actions, click on Import…
• Browse to the MyCerts folder and select myninja.ysa.pfx, enter the password
• Repeat step 4 for sub.myninja.ysa.pfx
• At the end of the day, you should have three certificates listed under the Server Certificates

Bind SSL to a Site

To bind a SSL Certificate to a site

• Under IIS Manager, expand the server name.
• Select the site.
• Click on Bindings… under Action menu.
• Click on Add, Type, and select https. Enter a different port number if other than 443. Under SSL Certificate, choose myninja.ysa, Click OK and Close to complete the step.
• You can iterate the above step to try out other certificate

Configuring HPKP
Here is the HPKP syntax:
Public-Key-Pins: pin-sha256="base64_Primary_Key"; pin-sha256="base64_Backup_Key"; max-age=Expire_Time; includeSubdomains;

And here is a brief explanation to the parameters:

Pin-sha256 Directive - Base64 encoded Subject Public Key Information (SPKI) fingerprint.

The max-age Directive - the length in seconds the browser should store the pinning details .

Optional includeSubDomains directive - include all subdomains.

Create Primary Pin
There are several ways to generate the primary key fingerprint. Let's say the URL to my site is https://myninja.ysa/, and then I can run the command in listing 7 to generate the certificate fingerprint. In summary, the command connects to the host, read the public key from the certificate and encode it to base64.

openssl s_client -host myninja.ysa -connect myninja.ysa:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 

Shown In figure 12 is the output from command in listing 7. Press Control + C to return back to the prompt.

Primary pin
Alternately, since I have the certificate, I can also run the below command to generate the fingerprint by supplying the certificate

Listing 8
openssl x509 -in mycerts\myninja.ysa.cer -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 

Shown in figure 13 is the result from command in listing 8.
Ultimately, both methods will generate the identical fingerprint (aCJgrjda9Bvvpx791OQ8g6wksucYBFpmV3gX5sTEqyc=).

Create Backup Pin
I found some good reading from Scott Helme website regarding the backup pin. He pointed out that we can create some backup CSRs and includes their fingerprints in the header. To create a CSR, first run the following command.

openssl req -newkey rsa:4096 -nodes -out mycerts\MyBackup1.csr -keyout mycerts\MyBackup1.key 

Then run the following command to generate the fingerprint
openssl req -pubkey < mycerts\MyBackup1.csr | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 

Shown in figure 14 is the output from command in listing 10
If you put everything together, the header will look something like in listing 11. The max-age was set to 10 seconds initially, you can set it to one year or 6 months once you have verify everything is working correctly.

pin-sha256='aCJgrjda9Bvvpx791OQ8g6wksucYBFpmV3gX5sTEqyc='; pin-sha256='Mq5prDs0m6V/+DEFM/ML3NysUtYTur+Pwoqzk8ZA0w0='; max-age=10; includeSubdomains;   

Configure HPKP in IIS

In this section, we will briefly discuss the steps to setup the HPKP on IIS.

• Under IIS Manager, expand the server name
• Select the site
• Under Features View, double click on HTTP Response Headers
• Under Actions, click on Add…
• Type in the Name: Pubic-Key-Pins and the value 

Another way to accomplish this is to add the header through the web.config. Refer to listing 12 to get an idea where to insert the headers

Listing 12
    <?xml version="1.0" encoding="UTF-8"?>  
    <configuration>  
        <system.webServer>  
            <httpProtocol>  
                <customHeaders>  
                    <clear />  
                    <add name="Public-Key-Pins" value="pin-sha256='aCJgrjda9Bvvpx791OQ8g6wksucYBFpmV3gX5sTEqyc='; pin-sha256='Mq5prDs0m6V/+DEFM/ML3NysUtYTur+Pwoqzk8ZA0w0='; max-age=10; includeSubdomains;" /> </customHeaders>  
            </httpProtocol>  
        </system.webServer>  
    </configuration>  

How to test it?
First we need to have a valid certificate or certificate that signs by a trusted CA. You will see a similar error message in figure 16 if the certificate not signed by a valid CA. That not an issue, we can manually add the certificate into the client machine trusted store. This section covers the steps to export and install the certificate on client machine.

Export the certificate
There are many ways to accomplish this task but for now, we will stick with Google Chrome. Let's start by opening the Google Chrome browser, navigate to the website. First thing you will see on the page is the "Your Connection is not private" warning. Click on the pad lock icon on the URL, then click on the Certification link under the Connection tab. Click on the Details tab, then click on Copy to file… button, click Next to continue. Under the Export File Format screen, select DER encoded binary X.509 (.CER), click on Next to continue. Pick a location to save the certificate file, click on Next and Finish to complete the certificate export process.

Install the Certificate
Browse to the location of the certificate, double click on it, Click on Install Certificate under the General tab. Leave the default option, click on Next to continue. On the Certificate Store screen, select Place all certificate in the following store, click on Browse and select Trusted Root Certificate Authorities and OK to close the window. Then click on the Next button to continue and Finish button to complete the installation. A warning message wills popup, click on Yes button to continue.

It will be much simpler to achieve the same on Internet Explorer (IE) browser. Here are the steps; right click the IE browser and then click on Run as administrator. Click on the Certificate error on the URL and then click on View certificates. Under the General tab, click on Install Certificate… button and repeat the step above to complete the certificate installation.

My other suggestion is, copy the certificate (myninja.ysa.cer) to the client machine and install it.

See the security control/policy in action
Now open the Google Chrome browser and navigate to https://myninja.ysa. You should see the difference between figure 16 and 18 where the certificate error no longer an issue.

On the same browser, open a new tab. Type in chrome://net-internals/#hsts on the URL, enter. Go back to previous tab and refresh the page, then click on the second tab (chrome://net-internals/#hsts), type in myninja.ysa in the domain textbox under query domain. Click on the query button and if everything is setup correctly you should see something similar to figure 19.

Next, open up the web.config, modify the primary key by adding a random character at the beginning of the key. Save it, restart the IIS to be sure. On the Chrome browser, refresh the first tab (https://myninja.ysa), on the second tab type in myninja.ysa in the domain textbox under query domain. Click on the query button and compare the result in figure 19 and 20. You will notice that the fields in blue dots were empty. In some situation, you will see the message "Not found" if the key is not valid.

Go ahead and remove the random character from the key in web.config. On the Chrome browser, refresh the first tab, on the second tab type in myninja.ysa in the domain textbox under query domain. You should see the result similar to figure 19 again.

If your site is public, you can scan the header through https://securityheaders.io/. Make sure to check the checkbox "Hide results" if you want to keep it private.

Remember early on, one of the purposes of certificate pinning is to prevent the adversary from carry on a Man-in-the-middle-attack (MITM) attack. One thing I can think of is using Fiddler as an example. If you don't have Fiddler, download a copy, it's free from telerik.com/fiddler. Open the fiddler and the refresh the site and you will see the result. Click on the advanced link to toggle the details. Close the Fiddler and refresh the page again. You will noticed that the page load normally without the warning message.

Next, open the web.config and tamper the public key pin by adding a random character to the primary key. Clear the browser cache (Ctrl + Shift + Del) and then navigate to the website again. Open the fiddler and the refresh the site and you should see the result in figure 22. Notice the different between the message in figure 21 and figure 22. The latter has a link "Proceed to myninja.ysa (unsafe)" which will allow the user to proceed to the site.

Point of Interest
If you pay attention to figure 21, the message said "You cannot visit myninja.ysa right now because the website uses HSTS". I'm not sure why it said HSTS instead of HPKP. HTTP Strict Transport Security (HSTS) is another important security policy which enforces all the communications to send over HTTPS. You can get information on how to implement it from here.

Another thing to keep in mind is that the HPKP configurations need to be updated each time we renew/replace the site SSL certificate. As mentioned in the beginning this security policy is not compatible with all the browsers yet and OWASP ranked it as low risk. Is always good to know how it works for future prosperity.

Conclusion
I hope someone will find this information useful and equip you for future opportunity. If you find any bugs or disagree with the contents or want to help improve this article, please drop me a line and I'll work with you to correct it.

A default document is the file that a web server displays when you browse to a folder without specifying a file name.

This is syntax:
<system.webServer>
    <defaultDocument>
      <files>
        <clear />
        <add value="Path of your Page" />
      </files>
    </defaultDocument>
</system.webServer>

Using IIS 7.5 you can set default document in Web.Config in easy way. Suppose i have to set CommingSoon.aspx page as default page then we should do like this in system.webserver tag.
<configuration>
<system.webServer>
<defaultDocument>
<files>
<add value="CommingSoon.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>

When IIS gets this new default document it adds with parent or global list of default documents.

To remove an individual default document from the list.
<files> 
<remove value="CommingSoon.aspx" /> 
</files>

To remove a default document entry from the inherited or parent list of default documents, do something like this: 
<files> 
<clear/> 
<add value="CommingSoon.aspx" /> 
</files>

The process of hosting several domain names on a single server is known as virtual hosting. In essence, this is sharing a single server's services across several businesses or websites. It is sometimes referred to as Vhost. A business or organization that does not want to buy or manage many servers typically uses a virtual host. Apache Web Server or IIS Web Server can be used to provide virtual hosting. This blog post will demonstrate how to use IIS Web Server on a Windows Server 2012 virtual machine to establish a virtual host.

Virtual Hosting or Virtual Directory using IIS

• Install IIS on your server VM and restart it.
• Open IIS manager and browse to your site (or choose default site).

Select your web site and right-click the mouse and select “Add Virtual Directory“.

In this window set the alias name and physical path where your webpage is stored. Press the OK button so it will create a virtual directory. The alias name is the name to access this directory over the internet. For example with an alias of abc_alias we can access it using the following URL: www.domain.com/abc_alias/.

Now create the default webpage on that “Physical Path directory”, for example home.html, default.asp and abc.html. This default webpage must be added to the Default Document Set. So it can load when the virtual directory is hit over the internet.

Now add the default webpage entry into the “Default Document” of the current Virtual Directory. Open it by double-clicking on the Default Document Icon.

Click Add from the top-right corner and add your default webpage name with extension.

For example homepage.html. 

Now test your sub-domain in the web browser using IIS or with a URL.
Syntax: Host_Name/Virtual_Directory_Name.

For example testingadmin.cloudapp.net/subdomain.

Use the same process for creating multiple Virtual Directories. As shown in the preceding image there are three Virtual Directories created that can be accessible using the following URLs.
    www.domain.com/aaa/
    www.domain.com/bbb/
    www.domain.com/subdomain/ 

The configuration section 'system.web.extensions' cannot be read because it is missing a section declaration.

This article explains why this error occurs and how to resolve it effectively.

Understanding the Problem
IIS reads your application's web.config file to apply runtime configurations. When IIS encounters the <system.web.extensions> section but can't find its declaration in the <configSections> block, it throws the 500.19 error.

In short:
IIS doesn't know how to parse <system.web.extensions> without its proper declaration.

Common Causes

• Incorrect or missing <configSections> block in web.config.
• ASP.NET 4.x not installed or registered with IIS.
• IIS not configured to support ASP.NET extensions.

Solution Steps
Ensure IIS Supports ASP.NET 4.x

Go to:
    Control Panel → Programs and Features → Turn Windows Features On or Off.

Under Internet Information Services → World Wide Web Services → Application Development Features, ensure:
    ✅ ASP.NET 4.x
    ✅ .NET Extensibility 4.x
    ✅ ISAPI Extensions
    ✅ ISAPI Filters

If missing, enable these options and restart IIS.

Alternatively, run via Command Prompt:
dism /online /enable-feature /featurename:IIS-ASPNET45 /all
iisreset

Correct Your web.config File
At the top of your web.config file, add the following <configSections> block before any use of <system.web.extensions>:
<configuration>
<configSections>
<sectionGroup name="system.web.extensions"
              type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
  <sectionGroup name="scripting"
                type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
    <section name="scriptResourceHandler"
             type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
             requirePermission="false" allowDefinition="MachineToApplication"/>
  </sectionGroup>
</sectionGroup>
</configSections>

Then, include your <system.web.extensions> section like this:
<system.web.extensions>
<scripting>
<webServices>
  <!-- Custom settings here -->
</webServices>
</scripting>
</system.web.extensions>

Finally, complete your web.config with typical sections like <system.web>, <appSettings>, etc.

Restart IIS
After saving changes to web.config, restart IIS:
iisreset

Example Working web.config
<?xml version="1.0"?>
<configuration>

<configSections>
<!-- Required declaration -->
</configSections>

<system.web.extensions>
<scripting>
  <webServices>
    <!-- Your configuration -->
  </webServices>
</scripting>
</system.web.extensions>

<system.web>
<compilation debug="true" targetFramework="4.0"/>
</system.web>

</configuration>

Important Note: ASP.NET Core Apps
If your project is ASP.NET Core, you should not use <system.web.extensions> or related configuration. Core apps rely on appsettings.json and middleware pipelines.

Conclusion
The HTTP Error 500.19 due to 'system.web.extensions' cannot be read is typically caused by:

• Missing ASP.NET support in IIS.
• Incorrect web.config structure.

By installing necessary IIS features and correctly declaring your configuration sections, you can resolve this issue and deploy your application successfully.

With the aid of the operating system, users are authorized in ASP.NET Core applications using Windows Authentication. In intranet applications when users are in the same domain, Windows authentication is particularly helpful. 

Set up ASP.net Core's Windows authentication
Configuring Windows Authentication for the application is an option in the Visual Studio web application template. We can make a web application that supports Windows Authentication by using this template option. With Visual Studio, we can use the template to develop a core web application. Change the authentication to Windows Authentication after selecting File >> New >> ASP.NET Core Web Application.

By choosing the WA option, we can also set up the current application for Windows Authentication. Open Visual Studio project properties and select the Debug tab to manually configure the authentication. It can be configured in the same way.

Alternatively, we can also configure Windows Authentication related properties into launchSettings.json file.
    {  
          "iisSettings": {  
                   "windowsAuthentication": true,  
                    anonymousAuthentication": false,  
                   "iisExpress": {  
                        "applicationUrl": "http://localhost:26001/",  
                         "sslPort": 0  
                     }  
            }  
    }  

Alternatively, we can create applications that support windows authentication by using command line. Using following command, we can create asp.net MVC core application with windows authentication.
    >dotnet new mvc --auth windows  

Configure Windows authentication on IIS
IIS uses the ASP.net core module to host asp.net core application. This module flows windows authentication to IIS by default. It is also possible that windows authentication is done only at IIS, not in the application. Following are the steps to configure windows authentication in IIS
 
The first step is to create or add website and create the application pool that works with ASP.NET Core application. The next step is to customize the authentication going go to Feature view >> select "Authentication" module, and enable Windows Authentication.
 
Configure Windows authentication on HTTP.sys
HTTP.sys is a Windows-based web server for ASP.NET Core. It is an alternative to Kestrel Server and it has some features that are not supported by Kestrel, one of them is it support windows authentication. To enable windows authentication with HTTP.sys server, it requires some configuration in Program class.
    public class Program  
    {  
        public static void Main(string[] args) =>   
            BuildWebHost(args).Run();  
      
        public static IWebHost BuildWebHost(string[] args) =>  
            WebHost.CreateDefaultBuilder(args)  
                .UseStartup<Startup>()  
                .UseHttpSys(options =>  
                {  
                    options.Authentication.Schemes =   
                        AuthenticationSchemes.NTLM | AuthenticationSchemes.Negotiate;  
                    options.Authentication.AllowAnonymous = false;  
                })  
                .Build();  
    }  

Windows Authentication
The attributes: "Authorize" and "AllowAnonymous" are used to determines access of anonymous in the application. There is no effect of these two attributes when Windows authentication is enabled, and anonymous access is disabled for the application. This is due to the fact that our request never reaches  the application if the IIS or HTTP.sys is configured to disallow anonymous access. If both Windows authentication and anonymous access are enabled, the Authorize attribute allows us to secure the pieces of the application. The AllowAnonymous attribute overrides the behavior of Authorize attribute in the application. There is an additional configuration required in Startup class to challenge anonymous requests for Windows Authentication in ASP.NET Core 2.x.
 
The following code needs to be added to the ConfigureServices method of startup class if we are using IIS
services.AddAuthentication(IISDefaults.AuthenticationScheme);  

The following code needs to be added to the ConfigureServices method of startup class if we are using HTTP.sys server.
services.AddAuthentication(HttpSysDefaults.AuthenticationScheme);  

Summary
Windows Authentication is very useful in intranet applications where users are in the same domain. In this article, I have explained how to configure Windows Authentication in core application, IIS, and HTTP.sys. However, Kestrel doesn't support Windows Authentication.

Microsoft created the robust web server software known as Internet Information Services (IIS) for Windows operating systems with the purpose of hosting websites and web applications. It has progressed through important versions such as IIS 5.0 with Windows 2000, IIS 6.0 with Windows Server 2003, and the rebuilt IIS 7.0 with Windows Server 2008, beginning with IIS 1.0 as a free add-on for Windows NT 3.51. With dependable performance and security for your online presence, each version expands capabilities.

What is an IIS server used for?

• Website Hosting
  • Serves static content (HTML, CSS, images).
  • Hosts dynamic applications (ASP.NET, .NET Core, PHP).
  • Supports intranet applications.
• FTP Server
  • Allows secure file uploads/downloads with FTPS.
• SMTP Server
  • Sends emails, typically for web app notifications.
• Media Streaming
  • Streams audio and video content.
• Security Features
  • Authentication methods (Anonymous, Basic, Windows).
  • Authorization controls and request filtering.
  • SSL/TLS for secure communication.
  • IP address restrictions.
• Management Tools
  • IIS Manager for GUI management.
  • Command-line tools and PowerShell for advanced tasks.
  • Application pools for isolating apps.
• Microsoft Integration
  • Seamless compatibility with Windows and Microsoft products.
• Extensibility
  • Modular architecture for adding/removing components and features.

How to Install IIS on a Local Developer Machine and Windows Server?
Part 1. Install IIS on a Local Developer Machine (Windows 10/11)

• Open "Turn Windows Features On or Off" - Press Win + S, type "Windows Features", and open "Turn Windows features on or off".
• Enable IIS

In the window that opens, check.

Internet Information Services
(Optional) Expand it and enable

• Web Management Tools > IIS Management Console
• World Wide Web Services > Application Development Features
• Enable .NET Extensibility, ASP.NET, CGI, ISAPI Extensions, etc., depending on what your app needs. Click OK

Windows will install the necessary files. It may take a few minutes.

• Verify Installation
• Open your browser and go to http://localhost. You should see the default IIS welcome page.

Part 2. Install IIS on a Windows Server (e.g., Windows Server 2016/2019/2022)

Using Server Manager (GUI)

• Open Server Manager: Start > Server Manager
• Click Add Roles and Features: This opens the Add Roles and Features Wizard
• Choose Installation Type Select: Role-based or feature-based installation and click Next.
• Choose Server: Select the server (usually pre-selected) and click Next
• Select Server Roles: Check Web Server (IIS) and click Add Features

Add Features (Optional) - You can add features like .NET Framework, Web Socket Protocol, etc, and click Next.

• Confirm and Install: Click Install and wait for the installation to complete
• Verify Installation: Open a browser on the server and navigate to http://localhost. You should see the IIS welcome page

Post-Installation Tips

• Open IIS Manager.
• Press Win + R, type inetmgr, and press Enter
• Create your first site or import an existing project
• Set the correct Application Pool settings if you’re using .NET Core/.NET Framework
• Add bindings if you want the app to respond to domain names or custom ports

To keep the user session alive even after an IIS restart in ASP.NET, you need to store session data outside of the default in-memory session state.

1. Use SQL Server Session State
The best approach to persist session data even after an IIS reset is to store it in an SQL Server database.
Steps to Configure SQL Server Session State

1. Enable SQL Server session state in Web.config

<configuration>
    <system.web>
        <sessionState mode="SQLServer"
                      sqlConnectionString="Data Source=your_server;Initial Catalog=ASPState;Integrated Security=True"
                      cookieless="false"
                      timeout="60" />
    </system.web>
</configuration>

2. Run the SQL Server Session State Setup Script
EXEC aspnet_regsql.exe -S YourSQLServer -E -ssadd -sstype p

The session will persist even after an IIS restart.

2. Use State Server Mode (Out-of-Process Session)
If you prefer not to use SQL Server, you can configure a separate session state service.
Steps to Configure

1. Enable State Server in Web.config
<configuration>
    <system.web>
        <sessionState
            mode="StateServer"
            stateConnectionString="tcpip=127.0.0.1:42424"
            cookieless="false"
            timeout="60" />
    </system.web>
</configuration>

2. Start ASP.NET State Service
Open Run (Win + R) → Type services.msc → Find ASP.NET State Service → Start it.

The session will persist after an IIS restart but will be lost if the State Server service is stopped.

3. Use a Distributed Cache (Redis)
If you have multiple servers, using Redis for session storage is an excellent option.
Steps to Configure Redis Session State

1. Install Redis Session Provider via NuGet
Install-Package Microsoft.Web.RedisSessionStateProvider

2. Update Web.config
<configuration>
    <system.web>
        <sessionState mode="Custom" customProvider="RedisSessionProvider">
            <providers>
                <add name="RedisSessionProvider"
                     type="Microsoft.Web.Redis.RedisSessionStateProvider"
                     host="your_redis_server"
                     port="6379"
                     accessKey="your_redis_key"
                     ssl="false"/>
            </providers>
        </sessionState>
    </system.web>
</configuration>

Sessions will persist even if IIS restarts and it works well in cloud environments.

Which Method Should You Use?

Final Recommendation

• If you are running a single-server app, use State Server.
• If you are using multiple IIS servers, go with SQL Server Session State.
• If you need a high-performance, scalable solution, use Redis.

In this article, I will show you how to repair corrupted system files in the current image of your Windows 11 using the proper and easiest method.  When you refer to "Repair Any Corrupted System File in The Current Image," you're likely talking about using built-in Windows tools to repair system files. Two primary tools are essential for this task.

• System File Checker (SFC): Scans and replaces corrupted system files with cached copies. (Note: Here I attached my previous article  How to Clean and Replace Corrupted Files in Windows 11 (c-sharpcorner.com))
• Deployment Image Servicing and Management (DISM): Repairs system image issues that might prevent SFC from working correctly.

Common Causes of Corrupted System Files

• Malware infections
• Incomplete installations or updates
• Hardware failures
• Power outages
• Software conflicts

Preventive Measures

• Keep your system updated.
• Use reliable antivirus software.
• Regularly back up your system.
• Avoid running multiple system optimization tools.

Step 1. On your computer, open the command prompt as an administrator.

Step 2. Type DISM /online /cleanup-image /restorehealth after hit enter.

Step 3. Now here you can see our system-cleaned message appear.

Conclusion
In this article, we all clearly understand how to repair corrupted system files in the current image of your Windows 11 using the proper and easiest method. If you need clarification regarding this topic, feel free to contact me.

Installing and activating IIS Express on Windows (11/10) is described in this article. Start by downloading IIS Express from the Microsoft website's official IIS Express page. After that, install the software by opening the installer and following the prompts on the screen. Verify from the Start menu after installation.

To activate IIS Express, take the actions listed below.

Step 1: Go to Control Panel > Programs and Features, then select "Turn Windows features on or off"

Step 2. From "Turn Windows features on or off" window search and on check box "install and enable the IIS express" option and click ok.

Step 3. Windows Feature update will update the required files. After Completing Click Close.

After completion go to start menu and search IIS Express manager will get enable in your system.

What are Protos?
The high-performance RPC framework called gRPC relies heavily on protos, which are an acronym for protocol buffers. They are a method of defining and sharing structured data that is independent of language. Prototypes basically act as a template for serializing and deserializing data so that the client and server can comprehend and communicate with each other.

Importance of Protos

• Contractual Agreement: Protos serve as the client and server’s contract. In order to avoid misunderstandings and guarantee compatibility, they specify the precise structure and kinds of data that will be transferred.
• Code Generation: gRPC can produce client and server stubs in a number of programming languages, including C++, Java, Python, and Go, once a proto file has been specified. Error risk and development time are greatly decreased as a result.
• Platform Independence: Because prototypes are language-neutral, they can be utilized on a variety of platforms and programming languages. Because of this, gRPC is extremely flexible and adaptive to many settings.
• Efficiency: Compared to text-based formats like JSON or XML, the binary serialization format used by gRPC is typically more efficient.1. Faster communication and less network overhead are the outcomes of this
• Evolution and Versioning: Since prototypes support versioning, you can change your data structures over time without upsetting current users. Upholding compatibility and supporting updates require this.

Why You Should Know About Protos Before Starting with gRPC?

• Understanding gRPC’s Core Concepts: One of the main components of gRPC is the proto. You won’t be able to understand the fundamental ideas and make good use of the framework if you don’t have a firm grasp of protos.
• Defining Services and Messages: Protos are used to define gRPC services and the messages that will be exchanged between those services. Knowing how to write Protos is essential for designing your gRPC architecture.
• Generating Client and Server Code: As mentioned earlier, gRPC generates client and server stubs from protos. Understanding protos will enable you to customize the generated code to your specific needs.
• Efficient Data Transfer: Protos’ binary serialization format can significantly improve the performance of your gRPC applications. Knowing how to optimize your protos can lead to more efficient data transfer.

A Basic Proto Example
Here’s a simple example of a proto file defining a greeting service.
syntax = "proto3";

service GreetingService {
  rpc SayHello (HelloRequest) returns (HelloReply);
}

message HelloRequest {
  string name = 1;
}

message HelloReply {
  string message = 1;
}

This proto file defines a GreetingService with a single method, SayHello. The HelloRequest and HelloReply messages specify the structure of the data that will be exchanged.