IIS 7 and Above
Having additional web server in DMZ - ASP.net
Last post Sep 02, 2018 03:27 PM by jordanmills
Jul 04, 2018 07:06 AM|jnv|LINK
We have an ASP.net 3.5 web forms based web application. So far we had this application on an App server facing internet. Our security team is asking us to have one additional Web server in DMZ and put this application server behind the DMZ. I had few queries.
a. If we have a web server forward request to our application, can the session state management work. We have our inproc session management.
b. Will there be any performance impact? Are there any precautions that we need to take care of?
Jul 05, 2018 06:56 AM|deepakpanchal10|LINK
I can see you had asked several questions.
If your web application only hosted on one web server means not using multiple web server then session will work without any issue.
In general condition, there will be no or very less impact on performance.
I agree with your security team for creating a DMZ.
DMZ is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks, usually the internet. External-facing servers, resources and services are located in the DMZ. So, they are accessible from the internet,
but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the internet.
Jul 07, 2018 10:37 AM|jnv|LINK
Thanks Deepak. We will ask the customer to configure it accordingly
Jul 18, 2018 09:37 AM|deepakpanchal10|LINK
Is your issue solved?
If yes, I suggest you to mark the helpful suggestion as an answer will help us to close this thread on our side.
If your issue is still exist and you have further question then let us know about that.
We will try to provide further suggestions to solve the issue.
Thanks for your understanding.
Jul 23, 2018 05:48 AM|jnv|LINK
Customer's network team is configuring thier web server - Linux for this. They will forward the request to our ASP.net application on a separate IIS server behind firewall. Will update once done.
Sep 01, 2018 08:27 AM|jnv|LINK
This has worked perfectly for me without any issues
Sep 02, 2018 03:27 PM|jordanmills|LINK
From reading your post, it looks like you might also be served by running ADFS web application proxy (which would require AD DS and ADFS infrastructure, so that's probably not worth it, or by running IIS with application request router as a reverse proxy
in the DMZ. It sounds like you're pretty much doing that with Linux now. It's another solution to keep as an option in the future, but if you have it in a working state now, it's probably best to not mess with it.