Grouping of Components in IIS 6.0's Web Service Extensions
Script this, or script that...That is the latest buzz in my world. This could be because I scripted this & that in my some webcasts to demonstrate how to do some cool things with certain administrative tasks in IIS.
If you are are up and running on IIS 6.0 then you should have quickly realized that you don't get far these days without first "enabling" your dynamic application content such as ISAPI's or CGI's. This security mechanism implemented by Microsoft protects those running IIS from getting "surprised" when such vulnerabilities are announced relating to ISAPI's or malicious CGI's. A very popular complaint by admins is that the IIS 6.0 UI (IIS Manager) does not allow a user to create this notion of a family\group of components that comprise or make up a application.
This is tricky for sure, and you have to grab some script to make it happen but nevertheless it is a life saver in an environment of many websites with many web "applications." Now, don't get it confused that creating this notion of "applications" in Web Service Extensions does in fact create an application - nope, doesn't do this. Instead, this is a "logical" assignment of components to each other allowing ease of management rather than managing possibly 10 to 20 or so components independently. This logical grouping is only turning on the "light switch" to the server saying whether they are "allowed" or "disallowed." If you are an Active Directory admin, think of it as the difference between assigning rights individually to users as opposed to a single "group" - much easier, ay? :-)
With that said, we are going to be concerned with a couple of metabase properties:
-
WebSvcExtRestrictionList
-
ApplicationDependencie
When you create an entry for "WebSvcExtRestrictionList" then you have 5 pieces of information that you provide to that property:
0\1 - Allowed or Prohibted
Path - The full path to the component such as %windir%\system32\inetsrv\asp.dll
Deletable - Can a administrator using the IIS Manager delete this entry or not (0 or 1)
GroupId - Unique value for this component that assigns it to a application
Description - The friendly name for this component
So, for example, this is a valid entry in the metabase:
0,c:\windows\system32\inetsrv\asp.dll,0,ASP,Active Server Pages
There isn't anything you can do to avoid listing all the different components in this form in the metabase, hence, I am not posting to my blog this snazzy little way to save you effort, but I am posting something to help save you time :-)
Here is a script, which I used in my webcast last week, to create a application called "HR Web App 1" and components of the same GroupId "HR App" --
'
' This script shows how to add extensions to IIS and configure them
' so that all of them show up in the UI as a single entry under
' Web Service Extensions
'' First we add our individual extensions (ISAPIs and/or CGIs).
' The trick here is to assign them the same GroupID so that
' the system sees them as being part of the same application.
' The GroupID is the 4th field in the WebSvcExtRestrictionList entry
' and it can be any string you like.Set w3svc = GetObject( "IIS://localhost/w3svc" )
ext = w3svc.WebSvcExtRestrictionList' Redimension the array to add space for 3 more entries
arraySize = UBound( ext )
ReDim Preserve ext( arraySize + 3 )' Add our 1st new entry
enabled = 1
fullPath = "C:\webroot\MyISAPI1.dll"
uiDeletable = 0 ' Don't allow the UI to delete this entry
groupID = "HRApp"
description = "HR Web App 1"ext( arraySize + 1 ) = enabled & "," & fullPath & "," & uiDeletable & "," & groupID & "," & description
' Add our 2nd new entry
enabled = 1
fullPath = "C:\webroot\MyISAPI2.dll"
uiDeletable = 0 ' Don't allow the UI to delete this entry
groupID = "HRApp"
description = "HR Web App 1"ext( arraySize + 2 ) = enabled & "," & fullPath & "," & uiDeletable & "," & groupID & "," & description
' Add our 3rd new entry
enabled = 1
fullPath = "C:\HRApp\MyCGI1.exe"
uiDeletable = 0 ' Don't allow the UI to delete this entry
groupID = "HRApp"
description = "HR Web App 1"ext( arraySize + 3 ) = enabled & "," & fullPath & "," & uiDeletable & "," & groupID & "," & description
' Now we will add an entry in the ApplicationDependencies property
' so that the UI sees all 3 previous entry as a single application.
' Once that is done, you'll be able to enabled/disable the full app
' (all 3 extensions at once) instead of one by one.' Grab application dependencies property
deps = w3svc.ApplicationDependencies' Creates space for one more entry
ReDim Preserve deps( UBound( deps ) + 1 )' Add new entry. The format is:
' <Application Name>;<GroupID>[,<GroupID...]
deps( UBound( deps ) ) = "HR Web App 1;HRApp"' Write the new configuration back to IIS
w3svc.WebSvcExtRestrictionList = ext
w3svc.ApplicationDependencies = deps
w3svc.SetInfo
Now, as you can see, we are using some pretty nasty stuff here to create this data. Luckily, we went a step further and made sure that we made a smarter mechanism for entering data using ADSI or WMI (we are using vbscript with ADSI in the above). Thus, we created a a method called "AddExtensionFile" that you can easily call and also a easy "AddDependency" method to make your life that much easier. The below script will save you lines of code for sure -
'
' This script shows how to add extensions to IIS and configure them
' so that all of them show up in the UI as a single entry under
' Web Service Extensions' First we add our individual extensions (ISAPIs and/or CGIs).
' The trick here is to assign them the same GroupID so that
' the system sees them as being part of the same application.Set w3svc = GetObject( "IIS://localhost/w3svc" )
' Add our 1st new entry
fullPath = "C:\MyApp\MyISAPI1.dll"
enabled = 1
groupID = "MYAPP"
uiDeletable = 0 ' Don't allow the UI to delete this entry
description = "My Application"w3svc.AddExtensionFile fullPath, enabled, groupID, uiDeletable, description
' Add our 2nd new entry
fullPath = "C:\MyApp\MyISAPI2.dll"w3svc.AddExtensionFile fullPath, enabled, groupID, uiDeletable, description
' Add our 3rd new entry
fullPath = "C:\MyApp\MyCGI1.exe"w3svc.AddExtensionFile fullPath, enabled, groupID, uiDeletable, description
' Now we will add an entry in the ApplicationDependencies property
' so that the UI sees all 3 previous entry as a single application.
' Once that is done, you'll be able to enabled/disable the full app
' (all 3 extensions at once) instead of one by one.w3svc.AddDependency "My Application", groupID
' Enable the new application we just created
w3svc.EnableApplication "My Application"
Boom - we got us a brand new listing in the applications section of Web Service Extensions. This should save us lots of time and energy if you have a lot of application components.
Last, I don't want to leave you with this muddy, muddy mess if you decide that this application might want to be moved to another server...If this is the case, than you might want to know how to remove this application. Here is a little script that goes with the above listed (note that you will need to update this script with the correct names of the ISAPI\CGI for it remove it...
'
' This script shows how to remove extensions and applications from IIS.
' It assumes you ran adddep.vbs firstSet w3svc = GetObject( "IIS://localhost/w3svc" )
' Now remove the application dependencies entry
w3svc.RemoveApplication "My Application"' Remove all extension files from the server
w3svc.DeleteExtensionFileRecord "C:\MyApp\MyISAPI1.dll"
w3svc.DeleteExtensionFileRecord "C:\MyApp\MyISAPI2.dll"
w3svc.DeleteExtensionFileRecord "C:\MyApp\MyCGI1.exe"
Last, but not least...if you don't like this script because it is silent, add this easy error handling code and you will be good to go -
If err.number = 0 then
msgBox "Successfully added <application name>"
Else
msgBox "Failed to add application"
End if
Go Wildcats!,
~Chris