Search code examples
iis.net-coreweb-config

Why is w3wp.exe looking through my dotnetcore api path to find web.config?

Using IIS 7 with a deployed dotnetcore 2.1 or 3.1 web API alone in an application pool, we discovered while looking at Process Monitor on the server, the w3wp.exe workers were logging many errors where they were apparently looking for a web.config. They checked every route in the api's route. The expected behavior was that the w3wp.exe (an IIS worker) would "hand off" the request to the dotnetcore application's routing, which would find the endpoint, but instead, it appeared to be also checking for a web.config. The process monitor revealed w3wp.exe QueryOpen NAME NOT FOUND and PATH NOT FOUND errors.

enter image description here

I looked at a few articles and concluded it was a problem with web.config inheritance, and there must be some setting in IIS or a dotnetcore configuration that was dictating the behavior of checking each API route path as if it were a virtual directory folder system that might contain a new web.config. The benefit would be that you could have a different web.config in a sub-application, but we didn't want that benefit and we didn't want these IIS workers blowing up the logs with thousands of these errors throughout the day. We found an insanely simple solution that an IIS admin might say "duh" but will hopefully save someone out there some time.

Solution

  • We found the answer on an old blog.iis.net post about web.config inheritance (https://blogs.iis.net/steveschofield/control-web-config-inheritance-with-iis-7-asp-net-options). There is a configuration called allowsubdirconfig that directs the w3wp.exe worker to check subdirectories for a web.config file. Here's how you change it in IIS applicationhost.config that can be found through IIS Manager:

    1. Go to configuration editor Go to configuration editor

    2. Go to system.applicationHost => sites => virtual directory defaults enter image description here

    3. Set allowSubDirConfig to False

    We also discovered that Microsoft recommends you use this setting for hosting dotnetcore applications on IIS

    Skipping the additional file operations can significantly improve performance of websites that have a very large set of randomly accessed static content.

    https://learn.microsoft.com/en-us/previous-versions//dn529134(v=vs.85)?redirectedfrom=MSDN

    Keep in mind, if you use this setting, you'll need to come up with a solution to separate applications that use or don't use the setting.

    Related issue with MVC: ASP.NET MVC security and IIS allowSubDirConfig configuration