module 3: managing web applications with iis 7.0

Module 3:Managing Web Applications

with IIS 7.0

Overview

Explain management approaches for IIS 7.0

Use the IIS 7.0 configuration system

Grant non-administrative users access to IIS 7.0 configuration settings

Lesson 1: Managing IIS 7.0

Explain management approaches for IIS 7.0

Use appcmd.exe to perform basic administration tasks

List methods for configuring IIS 6.0 compatibility

SSL Configuration

Requesting SSL Certificates

Renewing SSL Certificates

Importing and Exporting Certificates

IIS Manager

Configure IIS settings

Install and remove IIS features

Control delegation

Remote administration

Extensible

Appcmd.exe

C:\> appcmd list requestsREQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost)

C:\> appcmd list requestsREQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost)

Quick, efficient access to new IIS 7.0 configuration

Mirrors *.vbs files from IIS 6.0

Built-in “pipe” support

C:\> appcmd list sitesSITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)

C:\> appcmd list sitesSITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)

Compatibility

WMIv2 and ADSI Scripts Supported

Installing Metabase compatibility easy

Admin Base Object (ABO) calls mapped to new

configuration system

Relies on Inetinfo.exe service

Requesting SSL Certificates

Obtain a certificate

Create the SSL Binding

Verify the SSL Binding

Configure SSL Settings

Renewing SSL Certificates

Importing and Exporting Certificates

Lesson 2: Using Hierarchical Configuration Settings

Describe the IIS 7.0 configuration system

Describe the function and format of section groups

Describe the function and format of sections

Describe the function and format of elements

Describe the function and format of collections

Describe the function and format of attributes

Describe the function and format of locations

Described the hierarchy of configuration files

Describe the IIS 7.0 configuration file schema

Work with schema files

IIS 7.0 Configuration Concepts

Main configuration in applicationHost.config

Consistent with ASP.NET web.config

Two main groupings of settings:

system.applicationHost

system.webServer

Section Groups

<system.webServer>

<defaultDocument enabled="true">

<files>

<add value="Default.htm" />

<add value="Default.asp" />

<add value="index.htm" />

<add value="index.html" />

<add value="iisstart.htm" />

<add value="default.aspx" />

</files>

</defaultDocument>

</system.webServer>

Sections

<system.webServer>

<defaultDocument enabled="true">

<files>

<add value="Default.htm" />

<add value="Default.asp" />

<add value="index.htm" />

<add value="index.html" />

<add value="iisstart.htm" />

<add value="default.aspx" />

</files>

</defaultDocument>

</system.webServer>

Elements

<system.webServer>

<defaultDocument enabled="true">

<files>

<add value="Default.htm" />

<add value="Default.asp" />

<add value="index.htm" />

<add value="index.html" />

<add value="iisstart.htm" />

<add value="default.aspx" />

</files>

</defaultDocument>

</system.webServer>

Collections

<system.webServer>

<defaultDocument enabled="true">

<files>

<add value="Default.htm" />

<add value="Default.asp" />

<add value="index.htm" />

<add value="index.html" />

<add value="iisstart.htm" />

<add value="default.aspx" />

</files>

</defaultDocument>

</system.webServer>

Attributes

<system.webServer>

<defaultDocument enabled="true" >

<files>

<add value="Default.htm" />

<add value="Default.asp" />

<add value="index.htm" />

<add value="index.html" />

<add value="iisstart.htm" />

<add value="default.aspx" />

</files>

</defaultDocument>

</system.webServer>

Locations

<location path="MyWebSite" overrideMode="Allow">

<system.webServer>

<defaultDocument enabled="true">

<files>

<add value="index.htm" />

<add value="iisstart.htm" />

<add value="default.aspx" />

</files>

</defaultDocument>

</system.webServer>

</location>

Hierarchy of Configuration Files

.NET Framework settings

Sites

machine.config

root web.config

applicationHost.config

ASP.NET settings

Main IIS 7.0 settings

web.configOptional

web.config

web.config

Applications

Virtual Directories

Lesson 3: Delegating Configuration to Non-Administrator Users

Grant non-administrative users access to IIS 7.0 configuration settings.

Lock individual configuration settings in IIS 7.0.

Describe default locking configuration for IIS 7.0 configuration settings.

Describe locking <location> sections.

Implement granular locking.

Describe lockAttributes & lockAllAttributesExcept.

Describe the function of lockElements.

Describe the function of lockElements add remove clear statements.

IIS 7.0 Programming

New managed code API

Access and control the server configuration Manage top-level server objects Access certificate and registration information Access state information at runtime Access configuration settings at runtime

Locking Configuration Settings

You can allow non administrators to:

Modify configuration properties Override configuration properties

overrideMode: Defines the lockdown state of a configuration section

Default Locking of Sections

Defined in <configSections>

Use overrideModeDefault

<configSections>...<section name="defaultDocument"

overrideModeDefault="Allow" />...</configSections>

<configSections>...<section name="defaultDocument"

overrideModeDefault="Allow" />...</configSections>

Locking <location> Sections

<location path="MySite" overrideMode="Deny"> <system.webServer> <defaultDocument/> </system.webServer> </location>

<location path="YourSite" overrideMode="Deny"> <system.webServer> <defaultDocument enabled="true"> <files> <clear/> <add value="default.aspx"/> </files> </defaultDocument> </system.webServer> </location>

<location path="MySite" overrideMode="Deny"> <system.webServer> <defaultDocument/> </system.webServer> </location>

<location path="YourSite" overrideMode="Deny"> <system.webServer> <defaultDocument enabled="true"> <files> <clear/> <add value="default.aspx"/> </files> </defaultDocument> </system.webServer> </location>

Granular Locking

Unlocking a section allows any part of it to be changed by application or site owners

With granular locking you can restrict changes to specific elements or attribute settings

You can also restrict the type of change to add, remove, or modify

lockAttributes & lockAllAtributesExcept

Specifies attributes that are locked

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockAttributes="enabled"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockAttributes="enabled"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

Locked

lockElements

Specifies elements that are locked

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockElements="files"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockElements="files"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

Locked

lockElements add remove clear

Limits what can be done to an element

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" <files lockElements="add“> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" <files lockElements="add“> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

Elements cannot

be added

lockItem

Locks a single item

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true"> <files> <add value="index.htm" lockItem="true" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true"> <files> <add value="index.htm" lockItem="true" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>

Locked

Locking Summary

lockAttributes

lockAllAttributesExcept

lockElements

lockAllElementsExcept

lockItem

IIS Manager and Delegation

Control feature delegation

Configuration section locking Permit users to use IIS manager IIS Manager features can be hidden from view

Manage site and application administrators

Manage IIS Manager users