40FINGERS DNN Nederlands40FINGERS DNN English

Our Blog

Menu: Blog

Installing DotNetNuke on Windows 2008R2

By: Stefan Kamphuis
Installing DotNetNuke on Windows 2008R2

Windows 2008r2 is good in so many ways, I can never list them all. Of course, being the server variant of Windows 7, it means you can use all the nice interface enhancements that are also available in Windows 7.

Both Windows 7 and Windows 2008r2 have IIS 7.5 on board. One of the most interesting enhancements in IIS 7.5 is something called the Application Pool Identity (AppPoolIdentity). In Windows 2008r2 this is the default setting for new application pools. With this setting, IIS can create a unique virtual windows account, using the name of the application pool. Accounts created like this have the same networking capabilities as the well known NETWORKSERVICE account, however, because they are unique, they can also be used to secure physical files in your system.

So, lets see how we can use this to quickly install DotNetNuke in a secure manner.

The zeroth step in this installation is creating the database, which i am not going to write out completely. It should suffice to say that we have created a new database in SQL server, and a new SQL server login, and gave that login DBO rights on the newly created database.

So lets begin by downloading and unzipping the latest stable DNN version (5.4.4. at the time of writing). By the way, we are using the excellent zip application 7zip for everyting zip related. More about that in another blog. In this case we are using DotNetNuke 5.4.4, the install package.

Next step is to modify the file web.config. Most imporantly, the database connection string needs to be modified, so the application will know where and how to find the database. Of course, be sure to change both connectionstrings, since there are still modules arround that use the legacy connection string. My connection string looks like this:

<add name="SiteSqlServer" connectionString="Server=***;Database=***;uid=***;pwd=***;" providerName="System.Data.SqlClient" />

There are 2 settings in web.config that I often change as well: AutoUpgrade and UseInstallWizard. Setting the first to false ensures that the site installation does not start by accident (either by me or by another visitor), the latter makes it a bit faster: I  always use the auto install feature of the installation wizard anyway, and setting UseInstallWizard to false ensure that installation starts right away when I trigger it.

Next up is creating the site in IIS (the actual topic of this post). We came up with an IIS website naming scheme that matches the physical location of the site: [clientname]_[application number for this client]_[application name], eg: 40fingers_01_latest, which matches the physical location drive:\websites\40fingers\01\latest. Also, the name of the application pool the site is running in will be the same as the website name. When there are multiple people involved in administering a server, this will make it a lot easier to keep track about what is going on. Anyway, the settings I am using to create this new DNN application are:

  • site name: 40fingers_01_latest
  • application pool: automatic creation
  • physical path: drive:\websites\40fingers\01\latest
  • hostname: latest.stage.40fingers.net

We now have an application pool named 40fingers_01_latest. Now we need to set the security properties for the application directory. We are going to give full access to the automatically created virtual account. The name of this account in this case is iis apppool\40fingers_01_latest. Also, we will give access to the builtin IUSR account (read only access). The security properties will look something like this:

We now can surf to our website and start the DotNetNuke installation process. Because we set both AutoUpgrade and UseInstallWizard to false in the webconfig, DNN automatically redirects to the "under construction", in our case this is http://latest.stage.40fingers.net/Install/UnderConstruction.htm. From this url we can "easily" start the installation process, just browse to http://latest.stage.40fingers.net/Install/install.aspx?mode=install. This URL will tricker the auto install, and DotNetNuke will install with all the auto settings as they are set up in the installation configuration files.

When we switched over to Windows 2008r2, this new IIS feature was one of the gems to discover. Setting up secure hosting environments for clients is so much less work now than it used to be in Windows 2003.

More information about the Application Pool Identity can be found here

Categories: Windows Server
Actions:

Related Articles

Getting a list of all sites served by IIS In order to prepare for an upcoming move of all sites hosted on our webservers to a new location, one of the tasks was to list which sites are served ...

Comments: 16

# Joe Craig
18 July 2010 17:22
There is no need to edit web.config to do the install. The Wizard will do that for you.
# Anonymous User
18 July 2010 17:22
Joe, you are correct. However, as I tried to explain, modifying the web.config is actually faster. Using the auto install functionality of DNN is especially interesting if you are calling the install from a powershell script of something.
# Greet
18 July 2010 17:22
Hi, I have been downloading my live website to visual web developer 2008 and sql server 2008R. Untill yesterday, I had problems with IIS. I think I solved them now. But I still get a error on " Kan het type DotNetNuke.UI.UserControls.LocaleSelectorControl niet laden"
I really need the local setup, as I want to test some modules. Can someone please help. I have checked the internet for solutions, but nothing has come up. Thanks, Greet
# Anonymous User
18 July 2010 17:22
Greet, please send me an email at erik@40fingers.net, and I'll see what I can do for you
# J.
18 July 2010 17:22
Hi,
I want to change from networkservice to application pool identity. However, I do not see the iis pool user to add and give full trust permissions. Any idea how to do that?
J.
# Anonymous User
18 July 2010 17:22
J., the user you're looking for is called:
"iis apppool\"

If your server is in a domain: make sure you are looking for this user on the local machine, not in the domain.

Good luck!
Stefan KAmphuis
# J.
18 July 2010 17:22
Hi,

Thank you. I tried that, but for some reason it does not show up:

"The following object is not from a domain listed in the Select Location dialog box, and is therefore not valid:
"iis apppool\"
"
# Anonymous User
18 July 2010 17:22
Hmm, i see my previous comment was not published correctly. The user you're looking for is: "iis apppool\(apppool name)".

The message you get is what you normally get on the "Selects Users or Groups" dialog when you have the location set to something other than the server itself.
# J.
18 July 2010 17:22
Thank you. I tried that. But no success :-(. I did not create the application pool from a new site, but separately. Maybe that is the problem. I do however have ssl installed and I am not sure if I can remove the site.
# Anonymous User
18 July 2010 17:22
Please be sure to also post in this thread: http://40f.nl/9zz5EG. Creating an apppool manually is definitely not an issue, since I do that sometimes as well.
# J.
18 July 2010 17:22
"You have to start the application pool at least once in order for the IIS AppPool\ identity to be available for either object picker or icacls. "

Thank you. no luck at all. In taskmanager the app pool is shown of the identity although the user cannot be looked up and assign security to a folder.

I removed the network service and all inheritance..for some reason all security is lost and no access is given to the folders anymore. Even the Owner is lost.

Result : a nice 500 - Internal server error and certainly loss of customers and a PR penalty of Google. It is amazing how fragile the settings are. I am restarting and hoping I can access the folder as an administrator.

# J.
18 July 2010 17:22
Failed to start monitoring changes to 'C:\xx\xx\WebApplication\bin' because access is denied.

Not able to apply any folder permissions anymore. Even not able to allow network service to access and revert back. :-((
# J.
18 July 2010 17:22
Hi,
I have reverted back to NetworkService. My love for DNN has ended due to incremental problems with performance and other issues you do not want to be occupied with. Thank you for your help.
J.
# Anonymous User
18 July 2010 17:22
make sure that: application pool is turned off, then, make sure you are owner of the complete directory, then give permissions to the users that need access.

And again, please use the IIS.net forums for more information, as there are a lot more specialist around there than here...
# J.
18 July 2010 17:22
This did the trick to give correct permissions to folder. Once set with 'advanced' security permissions tab you can modify them (if required).

CMD run>icacls D:\folder\WebApplication\*.* /grant "IIS App
Pool\dnn-pool-name":(OI)(CI)F

Post Comment

Only registered users may post comments.