Presentation is loading. Please wait.

Presentation is loading. Please wait.

IIS7 The Future of Microsoft’s Web Server Platform

Similar presentations

Presentation on theme: "IIS7 The Future of Microsoft’s Web Server Platform"— Presentation transcript:

1 IIS7 The Future of Microsoft’s Web Server Platform
<Name> <Title> < >

2 Agenda Handlers and Modules IIS UI Extending the IIS Schema
Tracing and Diagnostics Configuration Overview Integrated Configuration Delegation of Configuration Configuration Extensibility

3 IIS7 – Built for Extensibility
Handlers and Modules Role and Membership Providers Extending the IIS Schema IIS UI Tracing and Diagnostics

4 IIS6 Request Processing
Authentication Monolithic implementation Install all or nothing… NTLM Basic Anon Determine Handler CGI Static File ASP.NET ISAPI PHP IIS 6 monolithic For example, if you don’t want to use Digest Authenticaiton, you can clear the checkbox, but the code is still loaded in memory. It’s not used, but is still present. is invoked when file extension is called and loaded into W3WP on demand. This is late in the IIS 6 request processing pipeline as several key events have already occurred including authentication. And how do you have functionality? You have to use ISAPI filters to handlers. While there performed well, you have to work within the contraints of ISAPI. Send Response Extend server functionality only through ISAPI… Log Compress

5 Handlers vs Modules Modules provide services to all requests
Basic Authentication module Compression module (etc) Handlers provide services to specific extensions ISAPI handler (.dll) Static handler (.htm, .jpg, .gif, etc) IIS 7 pipeline allows native and managed modules and handlers "Integrated" Application Pool mode Use the managed modules and handlers "Classic" Application Pool IIS 6 style invocation of .NET

6 IIS7 Request Processing
Server functionality is split into ~ 40 modules... Authentication Authentication NTLM Basic Anon Authorization Modules plug into a generic request pipeline… ResolveCache Determine Handler CGI Static File ExecuteHandler ISAPI Modules extend server functionality through a public module API. IIS 7 takes the monolithic features of IIS 6 and breaks them into approx 40 modules. These modules register for events in the request processing pipeline such as the Authentication, Execute handler, or the send Response event. Since IIS 7 can preload .NET framework into the worker process, native and managed code modules can both service the request pipeline . UpdateCache Send Response SendResponse Log Compress

7 Creating a Managed Module
Identical to ASP.NET IHttpModule interface. How to: Create class to implement iHttpModule Write code for the Init Method Initialize module Subscribe to events Write code for the subscribed events Implement the Dispose method (required) Register the module in the Web.config or Applicationhost.config file.

8 Creating a Class from IHttpModule
public class BasicAuthenticationModule : System.Web.IHttpModule { void Init(HttpApplication context) { } void Dispose() { } } Creating a class based on the IhttpModule class. This provides two methods that are required to be present in your class. In the Init method, use the HttpApplicatoon class to gain access to the request details including the Server, Request, and other collections.

9 Integrated pipeline: Events
WindowsAuthenticationModule Request Events Begin Authenticate Authorize Resolve Cache Map Handler Acquire State PreExecute Handler Execute Handler Release State Update Cache Log End On Demand Events SendResponse ReadEntityBody MapPath BasicAuthenticationModule System.Web.Security. FormsAuthenticationModule UrlAuthorizationModule Global Events Initialize / Shutdown Config Change / File Change Application Start / Stop Health Check Trace Event More 9

10 Subscribing to an Event
public void Init(HttpApplication context) { // // Subscribe to the authenticate event to perform the // authentication. context.AuthenticateRequest += new EventHandler(this.AuthenticateUser); // Subscribe to the EndRequest event to issue the // challenge if necessary. context.EndRequest += new EventHandler(this.IssueAuthenticationChallenge); } After creating the module class, in the init method, “wire up” the module to the events you want to use.

11 Add module to IIS 7 configuration
Modules can be added to: Applicationhost.config as Global Applicaitonhost.config as Local with location tag Web.config The specific sequence of modules can matter Add modules with: IIS Manager APPCMD WMI Powershell Microsoft.web.administration Appcmd.exe install module /name:<MODULE_NAME> /image:<PATH_TO_DLL> e.g. appcmd.exe install module /name:DefaultDocumentModule /image:D:\defdoc.dll Appcmd.exe list modules [/<APPLICATION_NAME>] e.g. appcmd.exe list modules /"Default Web Site/" appcmd.exe list modules Appcmd.exe add module /name:<MODULE_NAME> /type:<MGD_TYPE> e.g. appcmd.exe add module /name:FormsAuthentication /type: System.Web.Security.FormsAuthenticationModule /"Default Web Site/" appcmd.exe add module /name:FormsAuthentication /type: System.Web.Security.FormsAuthenticationModule

12 Modules in Applicationhost.config
In Applicatonhost.config: <Global Modules> - for native modules and Managed Engine <add name="HttpCacheModule" image="%windir%\System32\inetsrv\cachhttp.dll" /> <Modules> - Entries for all native and managed modules <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" /> preCondition tells managed modules to work only for managed code by default List is customizable per application and can be delegated Modules defined in Applicationhost.config load for all application unless in “location” tag. DinnerNow has several Location tag uses in applicationhostl.config you can show for illustration. Module Reference Preconditions Details: Preconditions are used by the IIS core engine to determine when to enable a particular module. Performance reasons for example might determine that you only want to execute managed modules for requests that also go to a managed handler. The precondition in the following example (precondition="managedHandler") would only enable the forms authentication module for requests that are also handled by a managed handler – requests to .aspx or .asmx files for example. <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" /> So if you remove the attribute precondition="managedHandler", Forms Authentication would also apply to content that is not served by manged handlers, for example .html, .jpg, .doc, but also for classic ASP (.asp) or PHP (.php) extensions. See the "How to Take Advantage of IIS7 Integrated Pipeline" article on for an example of enabling ASP.NET modules to run for all content. You can also use a shortcut to enable all managed (ASP.NET) modules to run for all requests in your application, regardless of the "managedHandler" precondition. To enable all managed modules to run for all requests without configuring each module entry to remove the "managedHandler" precondition, use the runAllManagedModulesForAllRequests property in the <modules> section: <modules runAllManagedModulesForAllRequests="true" /> When this is used, the "managedHandler" precondition has no effect and all managed modules run for all requests.

13 Modules in Web.config Note System.webServer rather than System.web
4/6/2017 2:04 PM Modules in Web.config Note System.webServer rather than System.web IIS 7 reads System.webServer, reads System.web Delegation for managed most managed modules is enabled by default Native modules cannot be loaded in web.config <configuration> <system.webServer> <modules> <add name="MyBasicAuthenticationModule“ type="IIS7Demos.BasicAuthenticationModule" /> </modules> </system.webServer> </configuration> Managed modules are setup to permit configuration changes in web.config by default. Since you can load modules in on IIS6, if delegation was disabled for modules, this could cause significant incompatibility with if delegation was disabled. Modules written in native code are always global and cannot be loaded from web.config. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Options for Code Placement
If loaded in Applicationhost.config: Compile and place managed code in GAC Can then service all requests in the server pipeline Native modules/handlers in system32\inetsrv Specify location in configuration In Web.config GAC Locally in \App_Code as uncompiled code Locally \bin as .dll If locally stored, Xcopy deployment will insure correct code and configuration

15 Creating a Managed Module
demo Creating a Managed Module See Demos\IIS7\Core\ManagedModule\Demonotes.txt

16 Creating a Managed Handler
Identical to ASP.NET IHttpHandler Steps: Create Class that implements iHttpHandler Add code for ProcessRequest method This method receives a parameter of type HttpContext. Allows you to access the intrinsic objects such as Request and Response Set property IsReusable Determines if other request can use the handler Configure Handler in Applicationhost.config or web.config

17 Examining a Custom Managed Handler
demo Examining a Custom Managed Handler See Demos\IIS7\Core\ManagedModule\Demonotes.txt

18 Extending the IIS Manager UI
IIS 6 MMC was not easy to extend IIS 7 Manager (IISMGR) has a modular design Add new controls, remove, or hide features Administration.config is xml config store IIS Manager features are Winform apps Integrate your application configuration into IISManager and IIS 7 confiig system

19 Extending the IIS 7 Schema
Add app config settings to IIS 7 schema Add xml file to %SystemDir%\inetsrv\config\schema Automatically incorporated by IIS 7 Read with Microsoft.Web.Administration <configSchema> <sectionSchema name="system.webServer/imageCopyright"> <attribute name="enabled" type="bool" defaultValue="false" /> <attribute name="message" type="string“ defaultValue="Copyright Message" /> <attribute name="color" type="string" defaultValue="Red"/> <attribute name="cacheDuration" type="int" defaultValue="20" /> </sectionSchema> </configSchema> Key points is to communicate benefits to extending the schema (we’ll talk about the specifics shortly): You want to deploy your web app configuration with the web site configuration details in web.config in order to make the entire thing xcopy deployable. In this way, details like custom handlers/modules/providers and site behavior such as authentication type can be copied along with the code/content. You’re application, module, or handler can read and manage the configuraiton using the web.administration API. You can extend the IIS 7 UI to include your application setup.

20 Extending the IIS Manager
demo Extending the IIS Manager See demonotes.txt in \Core\ExtendingUI

21 Add Tracing Events to Modules
Integrate your apps with IIS 7 tracing Emit trace events that are logged in IIS trace logs Shows your modules events timestamped and in sequence with other pipleline events Quickly diagnose hangups, bottlenecks Can also add events in ASP.NET code

22 Add Trace Events to Modules
demo Add Trace Events to Modules If tracing was not covered in the IIS 7 walkthrough, then cover it in an introductory way here. Refer to the overview demo instructions for those details. See DemoNotes.txt in Demos\Core\ for details on this demo.

23 Configuration Overview
New configuration system Before: System for a server Now: System for a platform IIS 7 uses ASP.NET style grammar and syntax File based config: No intervening service Root file for central record Child files for setting properties at the site or app level Rich API support means easier to manage Rich extensibility means easier to integrate Even the IIS UI is modular and extensible Note: You can skip this and the following demo if this has been adequately covered in an overview The IIS 5 and 6 Metabase was a system designed to work with the server. It worked fine for the server it was deployed on but was not easily extensible, was not designed with distribution, or delegation mind. The IIS 7configuraiton story is redesigned so technologies like that has a different configuration store in IIS 6, has a more unified configuration design with IIS 7. This open design, and public APIs let’s anyone add configuration elements to the IIS 7 schema and use the the configuration custom IIS 7 extensions to the integrated pipeline. IIS 7 config system is similar to so that if you are familiar with machine.config and web.config, then you will be familiar with the new Applicaitonhost.config, which replaces Metabase.xml The configuration system is file based. In IIS 6, there was a service that managed the metabase. In IIS 7, the file is the master copy of the configuration. This simplifies the administration and eliminates the possibility of duplicate writes to an administration servic and the config file. An new API – Microsoft.Web.Administration is provided that allows to control the configuration and state of IIS 7 in managed code, WMI, or a new APPCMD command line tool. The API’s are much richer and more accessible than anything we’ve had before. The IIS 7 configuration schema is full extensible via XML files that contain your schema elements. You can store your application settings in with the IIS 7 configuraiton and make use of the new APIs, extensible UI, and delegation features to manage your application.

24 Introduction to IIS 7 Configuration
demo Introduction to IIS 7 Configuration Start with IIS UI and introduce new tool. Show sites, pools, task sensitive actions on right Quickly show modules listing and point how they are listed managed here. Ask “where are these setting stored?” Walk through Applicationhost.config: replaces metabase.xml Sections Application Pools Sites Note that types are not Dwords, but strong types. Walkthrough IIS_Schema.xml – the definition of each section in applicationhost.config. For example: see logEventOnRecycle, in IIS 6, this is a bitmask and you can’t tell what the setting means by looking at it’s value. As you can seek, this is much more clearly represented as shown in “Default Value”. Show localhost with static page. Access files in a directory and get Forbidden – directory listing is not allows. In IIS 6, this requires a phone call to the server admin. This is a call to the admin in IIS 6. Use UI to create web.config that allows directory browsing. Show page. Show web.config Review options like add/remove/clear Show Administration.config and highlight that it is fully modular. You can create customized views of the UI for specific purposes or people.

25 IIS7 Configuration System
.NET Framework ASP.NET IIS + ASP.NET + .NET Framework ASP.NET + .NET Framework Root Web.config global Machine.config NET global IIS7 Talking Points “IIS7 introduces an unified configuration model for IIS and ASP.NET settings. Click “As this diagram illustrates, IIS7’s new configuration integrates smoothly into the configuration model for the ASP.NET and the .NET Framework. This distributed file based model allows IIS configuration to be set at the global Web server level in ApplicationHost.config or at a per directory level, in Web.config files just like ASP.NET configuration.” The reason we have a unique config file is that there can be different versions of so we need a unified IIS 7 configuration file. and IIS 7 both then read their sectiosn in web.config. Web.config Per Application ApplicationHost.config IIS7 Global and Location settings

26 Integration Unifying technologies
Across technologies Same file and format for IIS, ASP.NET, WCF and third parties Across features Settings like authentication are set in a single place Same API concepts and tool usage across platform Using Web.config to control aspects of IIS 7 configuration is an example of delegated administration made possible by a unified configuration system. Unification of the configuration allows us to integrate the configuration elements of various technologies including IIS,, Windows Communications Foundation and possibly others. This allows you to take advantage of the features of these technologies in the IIS 7 Pipeline. For example, ASP.NET customer errors and IIS custom errors are the same. Other .net Technologies can be leveraged directly in IIS 7 such as forms authentication and caching. Managing these various technologies comes together in the configuration API. Add a protocol for Windows Communication Foundation using the same API for creating a web site. As a developer this helps a lot as you only need to understand a single configuration system rather than having several different systems to work with.

27 IIS7 ASP.NET Integration
Basic Classic Mode Runs as ISAPI Integrated Mode .NET modules / handlers plug directly into pipeline Process all requests Full runtime fidelity Anon Authentication Authorization ResolveCache aspnet_isapi.dll Static File Authentication ExecuteHandler Forms Windows ISAPI This slide shows how Classic Application Pool loads This is the same as an IIS 6 server. You can see that is loaded as an ISAPI but it loaded late in the request processing for IIS 6 when the ISAPI handler is invoked. then is launched which has it’s own configuration section and state machine for processing requests. In an Integrated mode Application Pool, ASP.NET is preloaded into the worker process. That means we have a unified pipeline without feature duplication. This enables us to also have a unified configuration so that you can configure ASP.NET and IIS 7 with the same syntax, config files, and APIs. ASPX UpdateCache Map Handler Trace SendResponse Compress Log

28 Delegation Distributing Configuration
Administrators: control global and specific settings. Controls delegation Site operators: modify settings for their site/app – if permitted Developers: store app settings with website config to enable Xcopy-deployment of applications Locking permits granular control of config Delegation has different meaning in the IT world, but in this context it means giving non-server administrators the ability to configure aspects of their own sites and applications. This is not allowed by default. Very little is delegated to site or application level out of the box. But once IIS 7 allows delegation of a feature, the user can control that feature, or elements of that feature which are premitted to be controlled. This helps to support self-contained applications that can be xcopied to other sites or servers.

29 Note: in recent builds, Remove Delegation says “Not Delegated”
Explain the following: This page controls two behaviors: 1) if a section is delegated and 2) if the section appears in a remote connection using IIS Manager Settings can be written to Application Host as a global setting if editing the server node, or in a location tag in application host for a site or application. If delegated, configuration settings will be written to web.config. SUGGESTION: Connect to the website as a remote user and show a remote console. See If section is not delegated, the issue of should it appear in a remote connection comes into consideration. In some cases, the section should be shown, but be read/only so a user can see what the choices are – such as a deafult document setting. In other cases, you may not want a feature to even be seen by the remote user. If a section is delegated, it can be seen and edited by the remote user by default. Read/Write enabled delegation: it unlocks the section for use in web.config. Changes for configuration effecting this section will be written to the web.config file. This section will be modifiable and seen from a remote connecton using the IIS Manager. Read Only means only means the section is not delegated, and if present in web.config, an error will occur. As a result, take when when removing delegation as this will cause an error if the user has this section in the web.config file. The delegated view of this feature through the IIS Manger will show the feature, but it will be read only and cannot be configured via a remote connection (using the IIS Manger). Remove Delegation (Not Delegated in current builds) will the keep the feature from appearing at all on a remote console. Of course, the setting is not delegated as the name says. Reset to Inherited removes the designated setting from a child location. For more details, see the online help in the IIS UI.

30 Locking Non-administrators can modify/override properties.
A special internal section: <configSections> Schema-related information that can be edited. Registration point for adding sections. Attributes: overrideMode: Defines the lockdown state of a configuration section. While admins can modify the schema, we don’t want users making changes to settings that we do not specifically allow. IIS 7 allows you to control who can edit what sections to a very high degree of granularity. Not all of this is exposed in the UI so to get the highest degree of control, you need to be familiar with the locking semantics. The first question is one of scope. What scope do you want users to be able to change? Sections are defined In the <configsectsions> section. The section definition contains an overrideModeDefault element that can be set to allow or deny, By default most config sections are Denied. [Look at the configSections in Applicationhost.config and identify those that are allowed] <configSections> ... <section name="defaultDocument" overrideModeDefault="Allow" /> </configSections>

31 demo Locking See demonotes.txt in \Demos\IIS7\Configuration\Locking 31

32 Delegation Control with Location allowOverride="Allow”
Use to specifically permit delegated control Allows changes in Applicationhost & web.config for the section <location path="MyWebSite" allowOverride="Allow"> <system.webServer> <defaultDocument enabled="true"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> <add value="default.aspx" /> </files> </defaultDocument> </system.webServer> </location> This is a very important topic and is the heart of the mechanism that controls delegation When allowOverride is set to Allow at the global level, any site or application can control the attribute settings. You can allow overides for an individual site or directory(app) using the location tag. This is set in applicationhost.config (or a parent web.config) to control what settings are inherited by the application and to control which configuration settings can be modified at lower levers. The general rule is this: if using the IIS UI the configuration will be written to the lowest level possible. In this case, the location tag for MyWebSite is set to allow the default document to be delegated.

33 Delegation Control with Location allowOverride=“Deny”
Use to centralize configuration control Can Deny specific paths and Allow others Permits changes for location only in Applicationhost.config <location path="MyWebSite" allowOverride=“Deny"> <system.webServer> <defaultDocument enabled="true"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> <add value="default.aspx" /> </files> </defaultDocument> </system.webServer> </location> In this example, the Default Document cannot be changed for MyWebSite in Web.config

34 demo Using the Location Tag
See \Demos\IIS7\Configuraiton\Location\Demonotes.txt

35 Granular Locking Unlocking a section opens up the whole section for site/application owners to change. Granular locking can restrict specific elements or attribute settings from being added, edited or removed. Directives lockAttributes lockAllAttributesExcept lockElements lockAllElementsExcept lockItem In addition to high level locking for a section (which roughly translates to a feature), we have granular locking that prevent a specific series of elements,, or attributes from being edited, added, or removed., This is done with a series of Directives For example, you may want to allow a user to control authentication, but do they should not disable Integrated Windows. Using these directives you can achieve this.

36 demo Granular Locking See demonotes in demos\iis7\configuration\granularlocking

37 IIS 7 Schema Declarative schema that defines the configuration properties and its logical groupings. Different from IIS 6 and ASP.NET. Specifies structure as well as names, types and default values for settings of the section. Files IIS_schema.xml ASPNET_schema.xml FX_schema.xml optional custom schema.xml Extensible IIS 7 Schema. Why have an IIS 7 schema reader in addition to schema? We want to be able to run the IIS 7 pipeline without modules (Classic) mode. As a developer, you can create your own “MyApplication” schema in an XML file and drop in the Schema folder, then register your schema in the Applicationhost.config. Then you can then access your schema configuration witthin your application using the IIS7 APIs. (Show this in a module that such as the comment clearner module or copyright module. Then show the API ins the module that read the schema.)

38 Schema A configuration section Its corresponding schema
<defaultDocument enabled="true"> <files> <add value="Default.htm" /> </files> </defaultDocument> Its corresponding schema <sectionSchema name="system.webServer/defaultDocument"> ... <attribute name="value" type="string" isUniqueKey="true"/> </sectionSchema> Here you can see that the default document section in ApplicaitonHost.config is defined as a possible schema element in IISSchema.xml by declaring the sectionSchema name as system.webServer/defaultDocument which has String Value that has to be unique. You can then use the element add value = “Default.htm” for the defualt document as it has been properly defined. If you break the rules and use a duplicate value, incorrect attritbute name or type, IIS 7 will tell you about it,

39 Reading the Schema Schema definition for defaultDocument
Shows rules for configuration in applicationhost.config Attribute “Enabled” is Boolean with default of True Files Element Collection for add, clear, remove, mergeAppend You can read the Schema for rules, options, and defaults

40 Extending the Schema Store application config with IIS settings to simplify site deployment IIS 7 Schema located in inetsrv\config Extend Schema by adding custom XML schema files to the config folder Will automatically be added to the IIS 7 Schema Application can read schema settings using Managed API

41 Summary Custom modules and handlers
Extend reach of existing .NET handlers and modules to non ASP.NET content Extend UI / Schema: integrated administration Manage with granular delegated administration Diagnose with built in / extensible tracing


Download ppt "IIS7 The Future of Microsoft’s Web Server Platform"

Similar presentations

Ads by Google