iis7 the future of microsoft’s web server platform
TRANSCRIPT
IIS7The Future of Microsoft’s Web Server Platform<Name><Title><Email>
Agenda
• Handlers and Modules• IIS UI• Extending the IIS Schema• Tracing and Diagnostics• Configuration Overview• Integrated Configuration• Delegation of Configuration• Configuration Extensibility
IIS7 – Built for Extensibility
• Handlers and Modules• Role and Membership Providers• Extending the IIS Schema• IIS UI• Tracing and Diagnostics
Handlers vs Modules• Modules provide services to all requests• Basic Authentication module• Compression module (etc)• Handlers provide services to specific
extensions• ISAPI handler (.dll)• Static handler (.htm, .jpg, .gif, etc)
• IIS 7 pipeline allows native and managed modules and handlers• "Integrated" Application Pool mode • Use the managed modules and handlers
• "Classic" Application Pool • IIS 6 style invocation of .NET
IIS7 Request Processing
Send ResponseSend Response
DetermiDetermine ne
HandlerHandler
AuthenticationAuthentication
SendResponseSendResponse
AuthenticationAuthentication
Authorization
ResolveCache
ExecuteHandlerExecuteHandler
UpdateCache
…
…
Server functionality is split into ~ 40
modulesmodules...
Modules plug into a generic request
pipeline…
Modules extend extend server functionalityserver functionality
through a public module API.
…
…
LogLog CompresCompresss
NTLMNTLM BasicBasic
CGICGI
StatiStatic Filec File
ISAPIISAPI
AnonAnon
Creating a Managed Module• Identical to ASP.NET IHttpModule
interface.• How to: • Create class to implement iHttpModule• Write code for the Init Method• Initialize module• Subscribe to events
• Write code for the subscribed events• Implement the Dispose method
(required)• Register the module in the Web.config
or Applicationhost.config file.
Creating a Class from IHttpModulepublic class BasicAuthenticationModule :
System.Web.IHttpModule {
void Init(HttpApplication context) { }
void Dispose() { }
}
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebIHttpModuleClassTopic.asp
Integrated pipeline: Events• Request Events
• Begin• Authenticate• Authorize• Resolve Cache• Map Handler• Acquire State• PreExecute Handler• Execute Handler• Release State• Update Cache• Log• End
• On Demand Events• SendResponse• ReadEntityBody• MapPath
System.Web.Security.System.Web.Security.FormsAuthenticationModuleFormsAuthenticationModule
BasicAuthenticationModuleBasicAuthenticationModule
WindowsAuthenticationModuleWindowsAuthenticationModule
UrlAuthorizationModuleUrlAuthorizationModule
• Global Events• Initialize / Shutdown• Config Change / File
Change• Application Start / Stop• Health Check• Trace Event• More
http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=928&p=3
Subscribing to an Event
public void Init(HttpApplication context){ // // Subscribe to the authenticate event to perform the // authentication. // context.AuthenticateRequest += new EventHandler(this.AuthenticateUser); // // Subscribe to the EndRequest event to issue the // challenge if necessary. // context.EndRequest += new
EventHandler(this.IssueAuthenticationChallenge);}
http://msdn2.microsoft.com/en-us/library/system.web.httpapplication.aspx
Add module to IIS 7 configuration• Modules can be added to:• Applicationhost.config as Global• Applicaitonhost.config as Local with location tag• Web.config
• The specific sequence of modules can matter
• Add modules with:• IIS Manager• APPCMD• WMI • Powershell• Microsoft.web.administration
Modules in Applicationhost.config• In Applicatonhost.config:• <Global Modules> - for native modules and
Managed Engine<add name="HttpCacheModule" image="%windir%\System32\
inetsrv\cachhttp.dll" />
• <Modules> - Entries for all native and managed modules <add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
• preCondition tells managed modules to work only for managed code by default
• List is customizable per application and can be delegated
• Modules defined in Applicationhost.config load for all application unless in “location” tag.
Modules in Web.config
• Note System.webServer rather than System.web• IIS 7 reads System.webServer, ASP.net reads System.web
• Delegation for managed most managed modules is enabled by default
• Native modules cannot be loaded in web.config<configuration> <system.webServer> <modules>
<add name="MyBasicAuthenticationModule“ type="IIS7Demos.BasicAuthenticationModule" /></modules>
</system.webServer></configuration>
Options for Code Placement
• If loaded in Applicationhost.config:• Compile and place managed code in GAC• Can then service all requests in the server
pipeline• Native modules/handlers in system32\inetsrv• Specify location in configuration
• In Web.config• GAC • Locally in \App_Code as uncompiled code • Locally \bin as .dll
• If locally stored, Xcopy deployment will insure correct code and configuration
Creating a Managed Module
Creating a Managed Handler• Identical to ASP.NET IHttpHandler• Steps:• Create Class that implements iHttpHandler• Add code for ProcessRequest method • This method receives a parameter of type HttpContext.
Allows you to access the intrinsic objects such as Request and Response
• Set property IsReusable• Determines if other request can use the handler
• Configure Handler in Applicationhost.config or web.config
http://msdn2.microsoft.com/en-us/library/system.web.ihttphandler.processrequest.aspx
Examining a Custom Managed Handler
Extending the IIS Manager UI
• IIS 6 MMC was not easy to extend• IIS 7 Manager (IISMGR) has a modular
design• Add new controls, remove, or hide
features• Administration.config is xml config
store• IIS Manager features are Winform
apps• Integrate your application
configuration into IISManager and IIS 7 confiig system
Extending the IIS 7 Schema• Add app config settings to IIS 7 schema• Add xml file to %SystemDir%\inetsrv\config\
schema • Automatically incorporated by IIS 7• Read with Microsoft.Web.Administration
<configSchema> <sectionSchema name="system.webServer/imageCopyright"> <attribute name="enabled" type="bool" defaultValue="false" /> <attribute name="message" type="string“
defaultValue="Copyright Message" /> <attribute name="color" type="string" defaultValue="Red"/> <attribute name="cacheDuration" type="int" defaultValue="20" /> </sectionSchema> </configSchema>
Extending the IIS Manager
Add Tracing Events to Modules
• Integrate your apps with IIS 7 tracing• Emit trace events that are logged in
IIS trace logs• Shows your modules events
timestamped and in sequence with other pipleline events
• Quickly diagnose hangups, bottlenecks
• Can also add events in ASP.NET code
Add Trace Events to Modules
Configuration Overview• New configuration system• Before: System for a server• Now: System for a platform
• IIS 7 uses ASP.NET style grammar and syntax
• File based config: No intervening service• Root file for central record• Child files for setting properties at the site or app
level
• Rich API support means easier to manage • Rich extensibility means easier to integrate• Even the IIS UI is modular and extensible
Introduction to IIS 7 Configuration
IIS7 Configuration System
Root Web.configASP.net global
ApplicationHost.configIIS7 Global and Location settings
Web.configPer Application
.NET .NET Framework Framework
ASP.NETASP.NET
IIS7IIS7
IIS + IIS + ASP.NET + ASP.NET + .NET .NET FrameworkFramework
ASP.NET +ASP.NET +.NET Framework .NET Framework
Machine.configNET global
Integration Unifying technologies• Across technologies• Same file and format for IIS, ASP.NET,
WCF and third parties• Across features• Settings like authentication are set in a
single place• Same API concepts and tool usage
across platform
IIS7 ASP.NET Integration
• Classic Mode• Runs as ISAPI
• Integrated Mode• .NET modules /
handlers plug directly into pipeline
• Process all requests
• Full runtime fidelity
LogLog
CompresCompresss
BasicBasic
StatiStatic Filec File
ISAPIISAPI
AnonAnon
SendResponseSendResponse
AuthenticationAuthentication
Authorization
ResolveCache
ExecuteHandlerExecuteHandler
UpdateCache
…
…AuthenticationAuthenticationFormForm
ss WindowsWindows
Map Map HandlHandl
erer
ASPXASPX
TraceTrace
………
…
aspnet_isapi.dll
DelegationDistributing Configuration• Administrators: control global and
specific settings. Controls delegation• Site operators: modify settings for
their site/app – if permitted• Developers: store app settings with
website config to enable Xcopy-deployment of applications
• Locking permits granular control of config
Locking• Non-administrators can modify/override
properties.• A special internal section: <configSections>• Schema-related information that can be edited.• Registration point for adding sections.
• Attributes:• overrideMode: Defines the lockdown state of a
configuration section.
<configSections><configSections>......<section name="defaultDocument" <section name="defaultDocument" overrideModeDefault="Allow" overrideModeDefault="Allow" />/>......</configSections></configSections>
Locking
Delegation Control with LocationallowOverride="Allow”allowOverride="Allow”
• Use to specifically permit delegated control
• Allows changes in Applicationhost & web.config for the section<location path="MyWebSite" allowOverride="Allow"><location path="MyWebSite" allowOverride="Allow"><system.webServer><system.webServer>
<defaultDocument enabled="true"><defaultDocument enabled="true"> <files><files> <add value="index.htm" /><add value="index.htm" /> <add value="iisstart.htm" /><add value="iisstart.htm" /> <add value="default.aspx" /><add value="default.aspx" /> </files></files>
</defaultDocument></defaultDocument></system.webServer></system.webServer></location></location>
Delegation Control with LocationallowOverride=“Deny”allowOverride=“Deny”
• Use to centralize configuration control • Can Deny specific paths and Allow others• Permits changes for location only in
Applicationhost.config <location path="MyWebSite" allowOverride=“Deny"><location path="MyWebSite" allowOverride=“Deny"><system.webServer><system.webServer>
<defaultDocument enabled="true"><defaultDocument enabled="true"> <files><files> <add value="index.htm" /><add value="index.htm" /> <add value="iisstart.htm" /><add value="iisstart.htm" /> <add value="default.aspx" /><add value="default.aspx" /> </files></files>
</defaultDocument></defaultDocument></system.webServer></system.webServer></location></location>
Using the Location Tag
Granular Locking• Unlocking a section opens up the whole
section for site/application owners to change.
• Granular locking can restrict specific elements or attribute settings from being added, edited or removed.
• Directives• lockAttributes• lockAllAttributesExcept• lockElements• lockAllElementsExcept• lockItem
Granular Locking
IIS 7 Schema• Declarative schema that defines the
configuration properties and its logical groupings.• Different from IIS 6 and ASP.NET.
• Specifies structure as well as names, types and default values for settings of the section.
• Files• IIS_schema.xml• ASPNET_schema.xml• FX_schema.xml• optional custom schema.xml
• Extensible
• A configuration section
Schema
• Its corresponding schema
<<defaultDocumentdefaultDocument enabled="true">enabled="true"> <files><files> <add value="Default.htm" /><add value="Default.htm" />
</files></files></defaultDocument></defaultDocument>
<<sectionSchemasectionSchema name="system.webServer/defaultDocument">name="system.webServer/defaultDocument">......<attribute name="value" type="string" isUniqueKey="true"/><attribute name="value" type="string" isUniqueKey="true"/>......</sectionSchema></sectionSchema>
Reading the Schema
• Schema definition for defaultDocument
• Shows rules for configuration in applicationhost.config• Attribute “Enabled” is Boolean with
default of True • Files Element• Collection for add, clear, remove,
mergeAppend• You can read the Schema for rules,
options, and defaults
Extending the Schema
• Store application config with IIS settings to simplify site deployment
• IIS 7 Schema located in inetsrv\config• Extend Schema by adding custom
XML schema files to the config folder• Will automatically be added to the IIS
7 Schema• Application can read schema settings
using Managed API
Summary• Custom modules and handlers• Extend reach of existing .NET handlers
and modules to non ASP.NET content• Extend UI / Schema: integrated
administration• Manage with granular delegated
administration• Diagnose with built in / extensible
tracing