Are there any best practice guides for IIS and .net applications?

I'm working with a company whose infrastructure team could use some guidance for deploying a .Net application. I've seen some incredible guides for programming best practices with .net. Are there any similar guides or resources for configuring IIS and windows that I could pass along?

Any assistance appreciated.


Solution 1:

Not sure if this is what you are looking for, but checkout the IIS 6 Operations Guide on MS TechNet. http://technet.microsoft.com/en-us/library/cc785089(WS.10).aspx

Solution 2:

A few things that I've learned (the hard way) over the past few years about deploying for .NET:

  1. Create App Pools - For all applications important enough to "not be bothered" by the need to jumpstart the web server processes of other apps, give them their own Application Pool.

  2. InProc == Pure Evil - imho (flames will no doubt ensue) In-Proc session state is one of the most dangerous features in .NET. It makes processes less resistant to restarts and encourages some poor practices. Using the Session State server where possible is how we operate these days.

  3. Minimalism is a good thing - Remove any IIS services that you don't need. If you don't need FTP, Mail etc; turn these off.

Another excellent guide/checklist here: http://www.washington.edu/computing/support/windows/UWdomains/IISsecchecklist.html

And a decent security article here: http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part1.html