module 3: managing web applications with iis 7.0
TRANSCRIPT
Module 3:Managing Web Applications
with IIS 7.0
Overview
Explain management approaches for IIS 7.0
Use the IIS 7.0 configuration system
Grant non-administrative users access to IIS 7.0 configuration settings
Lesson 1: Managing IIS 7.0
Explain management approaches for IIS 7.0
Use appcmd.exe to perform basic administration tasks
List methods for configuring IIS 6.0 compatibility
SSL Configuration
Requesting SSL Certificates
Renewing SSL Certificates
Importing and Exporting Certificates
IIS Manager
Configure IIS settings
Install and remove IIS features
Control delegation
Remote administration
Extensible
Appcmd.exe
C:\> appcmd list requestsREQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost)
C:\> appcmd list requestsREQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost)
Quick, efficient access to new IIS 7.0 configuration
Mirrors *.vbs files from IIS 6.0
Built-in “pipe” support
C:\> appcmd list sitesSITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)
C:\> appcmd list sitesSITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)
Compatibility
WMIv2 and ADSI Scripts Supported
Installing Metabase compatibility easy
Admin Base Object (ABO) calls mapped to new
configuration system
Relies on Inetinfo.exe service
Requesting SSL Certificates
Obtain a certificate
Create the SSL Binding
Verify the SSL Binding
Configure SSL Settings
Renewing SSL Certificates
Importing and Exporting Certificates
Lesson 2: Using Hierarchical Configuration Settings
Describe the IIS 7.0 configuration system
Describe the function and format of section groups
Describe the function and format of sections
Describe the function and format of elements
Describe the function and format of collections
Describe the function and format of attributes
Describe the function and format of locations
Described the hierarchy of configuration files
Describe the IIS 7.0 configuration file schema
Work with schema files
IIS 7.0 Configuration Concepts
Main configuration in applicationHost.config
Consistent with ASP.NET web.config
Two main groupings of settings:
system.applicationHost
system.webServer
Section Groups
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
Sections
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
Elements
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
Collections
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
Attributes
<system.webServer>
<defaultDocument enabled="true" >
<files>
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
Locations
<location path="MyWebSite" overrideMode="Allow">
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="index.htm" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
</location>
Hierarchy of Configuration Files
.NET Framework settings
Sites
machine.config
root web.config
applicationHost.config
ASP.NET settings
Main IIS 7.0 settings
web.configOptional
web.config
web.config
Applications
Virtual Directories
Lesson 3: Delegating Configuration to Non-Administrator Users
Grant non-administrative users access to IIS 7.0 configuration settings.
Lock individual configuration settings in IIS 7.0.
Describe default locking configuration for IIS 7.0 configuration settings.
Describe locking <location> sections.
Implement granular locking.
Describe lockAttributes & lockAllAttributesExcept.
Describe the function of lockElements.
Describe the function of lockElements add remove clear statements.
IIS 7.0 Programming
New managed code API
Access and control the server configuration Manage top-level server objects Access certificate and registration information Access state information at runtime Access configuration settings at runtime
Locking Configuration Settings
You can allow non administrators to:
Modify configuration properties Override configuration properties
overrideMode: Defines the lockdown state of a configuration section
Default Locking of Sections
Defined in <configSections>
Use overrideModeDefault
<configSections>...<section name="defaultDocument"
overrideModeDefault="Allow" />...</configSections>
<configSections>...<section name="defaultDocument"
overrideModeDefault="Allow" />...</configSections>
Locking <location> Sections
<location path="MySite" overrideMode="Deny"> <system.webServer> <defaultDocument/> </system.webServer> </location>
<location path="YourSite" overrideMode="Deny"> <system.webServer> <defaultDocument enabled="true"> <files> <clear/> <add value="default.aspx"/> </files> </defaultDocument> </system.webServer> </location>
<location path="MySite" overrideMode="Deny"> <system.webServer> <defaultDocument/> </system.webServer> </location>
<location path="YourSite" overrideMode="Deny"> <system.webServer> <defaultDocument enabled="true"> <files> <clear/> <add value="default.aspx"/> </files> </defaultDocument> </system.webServer> </location>
Granular Locking
Unlocking a section allows any part of it to be changed by application or site owners
With granular locking you can restrict changes to specific elements or attribute settings
You can also restrict the type of change to add, remove, or modify
lockAttributes & lockAllAtributesExcept
Specifies attributes that are locked
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockAttributes="enabled"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockAttributes="enabled"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
Locked
lockElements
Specifies elements that are locked
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockElements="files"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" lockElements="files"> <files> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
Locked
lockElements add remove clear
Limits what can be done to an element
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" <files lockElements="add“> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true" <files lockElements="add“> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
Elements cannot
be added
lockItem
Locks a single item
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true"> <files> <add value="index.htm" lockItem="true" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
<location path="MyWebSite" allowOverride="Allow"><system.webServer> <defaultDocument enabled="true"> <files> <add value="index.htm" lockItem="true" /> <add value="iisstart.htm" /> </files> </defaultDocument></system.webServer></location>
Locked
Locking Summary
lockAttributes
lockAllAttributesExcept
lockElements
lockAllElementsExcept
lockItem
IIS Manager and Delegation
Control feature delegation
Configuration section locking Permit users to use IIS manager IIS Manager features can be hidden from view
Manage site and application administrators
Manage IIS Manager users