HTTP COMPRESSION in IIS 6 and IIS 7 using Service Account
I have come across few issues on HTTP Compression in IIS 6 and thought I will quickly post it across for everyone’s benefit.
Enterprises prefer to compress their Static and Dynamic web content to save bandwidth. There are articles on how to enable compression and frankly it’s pretty simple. Here is the UI for enabling Compression in IIS 6 and IIS 7:
|Here is an article for IIS 6: Enabling HTTP Compression|
|Here is an article for IIS 7: IIS 7.0: Enable HTTP Compression of Dynamic Content|
The article works fine for default IIS 6 configuration. But as soon as you make some change like using a Service Account (Domain Account) for Application Pool the compression fails.
How do I check if compression is working?, well download a Web Debugger like Fiddler.
Let us walk through the process.
I have a website using DefaultAppPool and the AppPool is configured to use the Domain Account (CORP\w2k3service).
I have added CORP\w2k3service in the IIS_WPG group.
I am browsing my website as https://w2k3website.corp.contoso.com and the URL is a Host(A) Record entry in DNS.
I have added the HTTP SPN for the Service Account (CORP\w2k3service)
I browse the website and it works just fine.
I enable HTTP Compression as mentioned in the article above and to verify I ran Fiddler. Here is what I see
For the request https://w2k3website.corp.contoso.com, Fiddler shows HTTP Compression as “No Compression” odd isn’t it.
Let us check Metabase.xml
Looks good to me.
Now, follow the steps when you have AppPool using Service Account.
- Add the user account to the IIS_WPG group
- Also the user account must have permission on the website folder
- Also the user account must have following permission in the metabase (use Metabase Explorer from IIS Resource Kit tools):
- LM –> Read
- W3SVC –> Read
- AppPools -> Query Unsecure Property (Special Permission)
- AnyNewAppPool -> QueryUnsecure Property (Special Permission)
- Filters -> Read and Write
- Compression –> deflate (Read and Write)
- Compression –> gzip (Read and Write)
- Restart IIS
Let us verify with Fiddler again
Good thing here is we don’t have to worry about the Service Account Permission in IIS 7.
Chao for now.