ASP.NET Core Module

By Tom Dykstra, Rick Strahl, and Chris Ross

The ASP.NET Core Module allows ASP.NET Core apps to run behind IIS in a reverse proxy configuration. IIS provides advanced web app security and manageability features.

Supported Windows versions:

  • Windows 7 or later
  • Windows Server 2008 R2 or later†

†Conceptually, the use of the ASP.NET Core Module with IIS described in this document also applies to hosting ASP.NET Core apps on Nano Server IIS. For instructions specific to Nano Server, see the ASP.NET Core with IIS on Nano Server tutorial.

The ASP.NET Core Module only works with Kestrel. The module is incompatible with HTTP.sys (formerly called WebListener).

ASP.NET Core Module description

The ASP.NET Core Module is a native IIS module that plugs into the IIS pipeline to redirect web requests to backend ASP.NET Core apps. Many native modules, such as Windows Authentication, remain active. To learn more about IIS modules active with the module, see IIS modules.

Because ASP.NET Core apps run in a process separate from the IIS worker process, the module also handles process management. The module starts the process for the ASP.NET Core app when the first request arrives and restarts the app if it crashes. This is essentially the same behavior as seen with ASP.NET 4.x apps that run in-process in IIS that are managed by the Windows Process Activation Service (WAS).

The following diagram illustrates the relationship between IIS, the ASP.NET Core Module, and ASP.NET Core apps:

ASP.NET Core Module

Requests arrive from the web to the kernel-mode HTTP.sys driver. The driver routes the requests to IIS on the website's configured port, usually 80 (HTTP) or 443 (HTTPS). The module forwards the requests to Kestrel on a random port for the app, which isn't port 80/443.

The module specifies the port via an environment variable at startup, and the IIS Integration Middleware configures the server to listen on http://localhost:{port}. Additional checks are performed, and requests that don't originate from the module are rejected. The module doesn't support HTTPS forwarding, so requests are forwarded over HTTP even if received by IIS over HTTPS.

After Kestrel picks up a request from the module, the request is pushed into the ASP.NET Core middleware pipeline. The middleware pipeline handles the request and passes it on as an HttpContext instance to the app's logic. The app's response is passed back to IIS, which pushes it back out to the HTTP client that initiated the request.

The ASP.NET Core Module has a few other functions. The module can:

  • Set environment variables for the worker process.
  • Log stdout output to file storage for troubleshooting startup issues.
  • Forward Windows authentication tokens.

How to install and use the ASP.NET Core Module

For detailed instructions on how to install and use the ASP.NET Core Module, see Host on Windows with IIS. For information on configuring the module, see the ASP.NET Core Module configuration reference.

Additional resources