Like many, my preferred web platform, (done a few intranet and internet) uses a CIFS based backend content store and unique AD based application pool identities for EACH application. This has several plus points. Add to this a tweaked .NET medium trust and you have a secure and scalable platform.

But that is where the fun starts

.NET needs to trust the code it is being asked to run, which by default only include local disks, so code on a UNC path is not trusted by default. Fortunately for .NET 2.0 that is fairly easy and the following command will arrange that for you…

caspol -machine -addgroup 1. -url \\HOST\SHARE\* FullTrust

OR  so you would think

One of the platforms which had passed all of its Accept into Service tests, and was happily running a handful of websites doing all manner of stuff, was refusing to correctly interpret a simple parameter, on one web site. A web site using the “ajaxcontroltoolkit.dll”, in the <controls> section of the web.config file the line 
<add namespace=”AjaxControlToolkit” assembly=”AjaxControlToolkit” tagPrefix=”ajaxToolkit”/>”
was being completely ignored. It was not a case of the assembly was not being found as some code which created a NEW object based on a class in the assembly (Dim mp As AjaxControlToolkit.ModalPopupExtender) worked fine, but any attempt to us a ajaxToolkit tag “<ajaxToolkit:ModalPopupExtender ” failed with a “Parser Error Message: Unknown server tag ‘ajaxToolkit:ModalPopupExtender’.”

Various tests on the same code on servers with local content all worked, and in fact it works on the (unc based) Development platform too.. (lot of head scratching followed)

Anyway after 15 hours of digging to locate the fault, is came down to a missing “\”
caspol -machine -addgroup 1. -url \\HOST\SHARE\* FullTrust
compared to
caspol -machine -addgroup 1. -url \\HOST\SHARE* FullTrust

All fixed and working now

A FEW WORDS OF ADVICE,

• Changes to security.config doe not force a recompile
• When faulting an ASP.NET config issue, always do and IISreset and clear the compilation cache before each test.

The use of Cold fusion is wide spread in many Internet and intranet environments. www.myspace.com is Cold Fusion based for example. It is an interesting thing to setup, the Adobe Cold Fusion server runs in a J2EE container, typically adobe JRUN. So what you have is a J2EE app, which instead of producing the HTML responses, interprets the CFML tags to render the HTML is a dynamic manor.

The use of J2EE makes it somewhat interesting when you have to track down rogue code inside and application. When you look into the J2EE process with standard windows tools yoiu can only see the J2EE code, not the CFML. This makes fine tuning and fixing a suspect application a bit of a black art.

Enter the (Blue) Dragon from New Atlanta. Written in J# (so still java based) it allows CFML 7.01 tags to be interpreted by an ASP.NET engine, will all the .NET benefits around process monitoring, and managing run away CPU and memory.

Time for a POC!

Over the past 4 years I have had to work with some of the best web application developers I have ever met, unfortunately I have also had the miss-fortune of working with some of the worst developers on the planet.
With this in mind, while attending the Microsoft 2008 launch event,  I was very impressed to pick up a book entitled “the Developer Highway code : The drive for safer coding!” 
This book is fantastic, and has hundreds of coding guidelines and server configuration recommendations. And absolute MUST read for any ASP, ASP.NET developer and / or web server support staff.

The best bit, it is available as a free ebook, from Microsoft:
http://download.microsoft.com/documents/uk/msdn/devdave/mic472_dev_highway_all.pdf