Nitasha's blog

IIS6.0 UI vs. IIS7.x UI Series: Directory Browsing

NitashaV — Thu, 13 May 2010 22:32:53 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Directory Browsing feature.

Default document feature enables a default document that’s served when a client requests the site directly (without a specific file).

When directory browsing is enabled (and default document is disabled or not configured), request to the web site (not a specific file) will list all the files and directories under the site’s physical path. This feature is disabled by default.

Directory Browsing feature in IIS 6.0

IIS6 UI – Directory Browsing

To enable/disable directory browse in IIS 6.0 UI, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to configure/enable default content page for and click on “Properties” from the context menu.

- Click on Home Directory tab.

- You can now Enable/Disable directory browsing for your site by checking/un-checking the checkbox next to “Directory Browsing”

- Click on all the “Ok” buttons after configuring this feature

Directory Browsing feature in IIS 7.x

In IIS7.x UI, Directory Browsing feature is used to enable directory listing and also to configure information to display for the list.

IIS7 UI – Directory Browsing

To configure directory browse using IIS7.x UI, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable directory browsing for in the tree view and click.

- Open “Directory Browsing” feature from the Home Page.

- From the Actions Menu, you can now Enable/Disable Directory Browsing

- Additionally, you can also Configure information that you would to display in the directory listing on the feature home page like Time, Size, Extension, Date

Next blog in the series: Custom Errors

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.x UI Series: Default Document

NitashaV — Tue, 20 Apr 2010 04:37:55 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Default Documents

Default Document feature is for client requests to a Web site that do not specify a file, like, www.contoso.com. The default document is the file the server returns for such a request (based on the list of default documents specified for the server).

IIS6 UI – Default Documents

To configure default content page in IIS 6.0 UI, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to configure/enable default content page for and click on “Properties” from the context menu.

- Click on Documents tab.

- You can now Enable/Disable default content page for your site by checking/un-checking the checkbox next to “Enable default content page”

- Note that there are a list of documents that you can “Add…” to or “Remove” from. Also this is an ordered list of documents. You can Move a document in this list Up or Down

- Click on all the “Ok” buttons after configuring this feature

Default Documents feature in IIS 7.x

IIS7 UI – Default Documents

To configure default document using IIS7.x UI, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable default document for in the tree view and click.

- Open “Default Documents” feature from the Home Page.

- From the Actions Menu, you can now Enable/Disable Default Documents

- Additionally, you can also Add a new Default Document or Remove one from the list.

- The default document continues to be an ordered collection in IIS7 as well. You can select a document in the list view and Move it Up or Down in the list

Quick note about default documents and performance: For each request made to the server without a specific document, the web server reads the list of default documents and looks for each file in the content path until it finds the first match. If you use one default document or use the first document in the list, this speeds up the request time.

Next blog in the series: Directory Browsing

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.x UI Series: Authentication Methods Wrap!

NitashaV — Mon, 29 Mar 2010 21:19:25 GMT

This week in the blog series (Introduction to the series – here), let’s wrap up side by side UI comparison between IIS6.0 and IIS7.x authentication methods.

For side by side comparison on Authentication methods, we have covered Anonymous Authentication, Basic Authentication, Digest Authentication and Integrated Windows Authentication.

There are a couple of IIS6.0 Authentication methods that are not supported on IIS7.x:

- .Net Passport authentication was retired in W2K8. Passport support is not included in W2K8 and so .Net Passport authentication is not supported on IIS7.x

- IIS 6.0 Digest Authentication is not supported on W2K8, only Advanced Digest authentication is supported. Digest Authentication in IIS7.x maps to Advanced Digest Authentication in IIS 6.0

In addition, IIS7.0 applications using ASP.Net Integrated mode use a unified (between IIS and ASP.NET) authentication model. When ASP.Net is installed, another authentication method is also available:

- Forms Authentication: Forms authentication uses client-side redirection to forward unauthenticated users to an HTML form where they can enter their credentials, which are usually a user name and password. After the credentials are validated, users are redirected to the page they originally requested. You can learn more about forms authentication at: http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis7-integrated-pipeline/

As I wrap up Authentication methods, quick note about Client Certificate Authentication. This authentication methods adds SSL security through client and server certificates. It requires SSL to be configured for the site. This feature surfaces under Secure Communications section in IIS6 UI and split in IIS7 UI between SSL Settings and Server Certificates. I will cover side by side comparison of these sections in a separate blog.

Next blog in the series: Default Document

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.x UI Series: Integrated Windows Authentication

NitashaV — Sat, 13 Mar 2010 00:39:54 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Integrated Windows Authentication feature in IIS6 UI and compare it to IIS7.x UI.

Integrated windows authentication was known as NTLM in previous (before IIS6.0) IIS versions. This is a form of authentication that hashes the user credentials before sending across the network.

Integrated Windows authentication uses Kerberos authentication and NTLM authentication. When you enable windows auth, the client submits password through cryptographic exchange with your web server that involves hashing.

Windows auth is best suited for intranet where machines client and server are all on same domain and might not work over http connections.

Integrated Windows Authentication feature in IIS6.0

Integrated Windows Authentication is the Default Authentication in W2k3 (IIS6.0). More about Integrated Windows auth in IIS6 here.

IIS6 UI – Integrated Windows Authentication

To enable, disable integrated windows authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to enable basic authentication for and click on “Properties” from the context menu.

- Click on Directory Security or File Security (for a file) tab.

- In the Authentication and access control section, Click on the button “Edit…”

- You can now Enable/Disable Integrated windows authentication by checking/un-checking the checkbox next to “Integrated Windows authentication”

- Click on all the “Ok” buttons

Integrated Windows Authentication feature in IIS 7.x

Integrated Windows authentication is not part of the default IIS install. You can install it from the Security feature category through Windows Feature On and Off on Client SKUs. You can also install it from Security role service of Web Server (IIS) role in Server Manager on Server SKUs.

IIS7 UI – Integrated Windows Authentication

To enable, disable integrated windows authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable Windows authentication for in the tree view and click.

- Open “Authentication” feature from the Home Page.

- Select “Windows Authentication” from the Authentication page list view, you can now Enable/Disable windows auth by clicking on the Enable/Disable (toggle) link label in the Actions Pane

- Optionally you can also Enable/Disable Kernel-mode authentication. By default kernel-mode auth is enabled. Click here for more information: http://blogs.msdn.com/webtopics/archive/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-0.aspx

- Click Ok on the Advanced Settings dialog when done.

Next blog in the series: Wrap up authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.x UI Series: Digest Authentication

NitashaV — Tue, 09 Mar 2010 02:16:00 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Digest Authentication feature in IIS6 UI and compare it to IIS7.x UI.

Digest Authentication feature in IIS6.0

Digest Authentication provides the same functionality as Basic Authentication, except that it provides a way to ensure the username and password are not send as plain text over the network. Digest Authentication sends credentials using MD5 hash, the username and password cannot be deciphered from these hashes.

IIS6 UI – Digest Authentication

To enable, disable digest authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to enable basic authentication for and click on “Properties” from the context menu.

- Click on Directory Security or File Security (for a file) tab.

- In the Authentication and access control section, Click on the button “Edit…”

- You can now Enable/Disable digest authentication by checking/un-checking the checkbox next to “Digest authentication for Windows domain servers”

- In the realm box, enter the realm name or click the “Select…” button to browse for Domain

- Click on all the “Ok” buttons

NOTE about Advanced Digest Authentication: Under Advanced Digest Auth, user credentials are stored on the domain controller as an MD5 hash.Advanced Authentication is enabled by default on a clean IIS6.0 install. UseDigestSSP metabase property should be set to TRUE for Advanced Digest auth to be enabled.

Digest Authentication feature in IIS 7.x

IIS7.x no longer supports the IIS 6.0 Digest Authentication, it supports Advanced Digest Authentication in IIS 6.0 instead. If successful, Digest Auth authenticates the request with a Windows token corresponding to the user’s Active Directory account.

Digest authentication is not part of the default IIS install. You can install it from the Security feature category through Windows Feature On and Off on Client SKUs. You can also install it from Security role service of Web Server (IIS) role in Server Manager on Server SKUs.

IIS7 UI – Digest Authentication

To enable, disable digest authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable digest authentication for in the tree view and click.

- Open “Authentication” feature from the Home Page.

- Select “Digest Authentication” from the Authentication page list view, you can now Enable/Disable digest auth by clicking on the Enable/Disable (toggle) link label in the Actions Pane

- Optionally you can also add a realm name using the Edit … action. This realm will be used by the web server to authenticate a client trying to access a URL with Digest auth enabled.

- Click Ok on the Edit Digest Authentication Settings dialog when done.

Next blog in the series: Integrated Windows Authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.x UI Series: Basic Authentication

NitashaV — Tue, 23 Feb 2010 03:18:12 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Basic Authentication feature in IIS6 UI and compare it to IIS7.x UI.

Basic Authentication feature in IIS6.0

Basic Authentication prompts the user for a username and password which is then sent unencrypted over the network. The password is sent in plain text Base64-encoding. If this password is intercepted over the network by a network sniffer, an unauthorized user can decide the username and password and re-use it. This authentication method is not recommended unless you (the user) are sure that the connection between the user and the web server is secured (using SSL or a direct connection for example)

IIS6 UI – Basic Authentication

To enable, disable basic authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to enable basic authentication for and click on “Properties” from the context menu.

- Click on Directory Security or File Security (for a file) tab.

- In the Authentication and access control section, Click on the button “Edit…”

- You can now Enable/Disable basic authentication by checking/un-checking the checkbox next to “Basic authentication (password is sent in clear text)”

- Click “Yes” on the pop-up dialog to confirm that you know the password will be sent across unencrypted and would like to proceed.

- In the “Default domain” textbox: either type the domain name you want to use or Select one using the Browse button. If the domain name is left blank, IIS uses the domain of the computer/server that is running IIS as the default domain.

- Click on all the “Ok” buttons

Basic Authentication feature in IIS 7.x

The key difference between IIS 6.x and IIS7.x: Basic authentication is not part of the default IIS install. You can install it from the Security feature category through Windows Feature On and Off on Client SKUs. You can also install it from Security role service of Web Server (IIS) role in Server Manager on Server SKUs.

IIS7 UI – Basic Authentication

To enable, disable basic authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable basic authentication for in the tree view and click.

- Open “Authentication” feature from the Home Page.

- Select “Basic Authentication” from the Authentication page list view, you can now Enable/Disable basic auth by clicking on the Enable/Disable (toggle)link label in the Actions Pane

- If you would like to change the Default domain or Realm (will be indicated to the client for information only, not used by web server for logon), click the “Edit…” link label from the Actions pane.

- Click Ok on the Edit Basic Authentication Settings dialog when done.

Next blog in the series: Digest Authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.x UI Series: Anonymous Authentication

NitashaV — Mon, 15 Feb 2010 22:29:20 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Anonymous Authentication feature in IIS6 UI and compare it to IIS7.x UI.

Anonymous Authentication feature in IIS6.0

Anonymous authentication gives users access to the public areas of your Web/FTP site without prompting the user for username/password. When a user tries to connect to your site, the web server (IIS) assigns the connection to the Windows user account IUSR_computername (computername is the name of the machine where IIS is running). By default this user is included in the Users and Guests user groups.

IIS6 UI – Anonymous Authentication

To enable, disable anonymous authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Right click on the site, folder or file that you would like to enable anonymous authentication for and click on “Properties” from the context menu.

- Click on Directory Security or File Security (for a file) tab.

- In the Authentication and access control section, Click on the button “Edit…”

- You can now Enable/Disable anonymous access by checking/un-checking the checkbox next to “Enable anonymous access”

- If you would like to change the Windows user account for anonymous access (from IUSR_computername), click the “Browse…” button and specify the new anonymous user identity.

- Click on all the “Ok” buttons

Anonymous Authentication feature in IIS 7.x

There are a couple of security account changes in IIS7.x, the article http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-70/ talks about this change in more detail.

- IUSR: the anonymous user is now IUSR instead of IUSR_computername in IIS 6.0. The anonymous user is always the same and this account is built into Windows. IIS no longer needs to control the password - (it doesn't really have a password)

- IIS_IUSRS : is a new built-in user group, replaces the IIS_WPG user group in IIS 6.0

Apart from the account changes, IIS 7.x also enables designating the Application pool identity as the anonymous user account. This main advantage of using the application pool identity as the anonymous user is that you do not have to manage security for another user account.

IIS7 UI – Anonymous Authentication

To enable, disable anonymous authentication, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select the site, folder or file that you would like to enable anonymous authentication for in the tree view and click.

- Open “Authentication” feature from the Home Page.

- Select “Anonymous Authentication” from the Authentication page list view, you can now Enable/Disable anonymous access by clicking on the Enable/Disable (toggle)link label in the Actions Pane

- If you would like to change the Windows user account for anonymous access (from IUSR), click the “Edit…” link label from the Actions pane.

- You can either select the application pool identity to be the anonymous user identity or specify a specific user (clicking on the “Set…” button). Click Ok on the Edit Anonymous Authentication Credentials when done.

Next blog in the series: Basic Authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS 7.x UI Series: More about Web Service Extensions

NitashaV — Sat, 06 Feb 2010 02:46:09 GMT

This week in the blog series (Introduction to the series – here), let’s talk about Web Service Extensions feature in IIS6 UI and compare it to the IIS7.x ISAPI and CGI Restrictions feature.

Web Service Extensions feature in IIS6.0

By default, the IIS6.0 server only serves static content. Features like asp, asp.net, server side includes, webdav, front page server extensions would not work unless explicitly enabled. You can configure these features (also known as Web Service Extensions) using the Web Service Extensions node in the inetmgr tree view.

IIS6 UI – Web Service Extensions

To enable, disable a web service extension, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select “Web Service Extensions” node in the tree view

- You can now “Allow” or “Prohibit” any Web Service Extension.

This UI also lets you Add a new Web Service extension, allow all web service extensions for a specific application and disable (“prohibit”) all web service extensions.

ISAPI and CGI Restrictions feature in IIS 7.0

In IIS7/7.5 UI, the web service extensions made it as a feature on the Server Home Page. Select the local server node; double click on the ISAPI and CGI restrictions feature from the Server Home Page

IIS7 UI – ISAPI and CGI Restrictions

If you would like to add handler mappings to support ISAPI extensions or CGI programs, you would allow a specific CGI program (executable) or ISAPI extension (dll) by adding it to the ISAPI CGI Restrictions list. This feature determines the execution of 3 party ISAPI / CGI code.

To allow or restrict an ISAPI extension or CGI module, you would

- Launch IIS Manager (run inetmgr)

- Select and expand the local computer node in the tree view

- Select “ISAPI and CGI Restrictions” feature from the Server Home Page

- You can now “Allow” or “Deny” any ISAPI extension or CGI module.

This UI also lets you Add /Edit or Remove an ISAPI or CGI Restriction. This UI also lets you allow/deny of all unknown CGI and ISAPI extensions by selecting the “Edit Feature Settings…” task in the Actions pane.

Next blog in the series: Anonymous Authentication

As always, please drop a comment if there are any specific UI modules/properties you would like to be compared next and also if you have any feedback on the level of detail.

IIS6.0 UI vs. IIS7.0/IIS7.5 UI Series: Start Pages

NitashaV — Fri, 29 Jan 2010 19:53:57 GMT

Now that we have the series introduction out of the way, let’s start with the side by side comparison between the Start Pages for IIS6 vs. IIS7.

IIS6 UI Start Page

On a W2K3 machine, run “inetmgr” (Internet Information Services (IIS) Manager)

IIS7/IIS7.5 UI Start Page

On a W2K8 machine, run “inetmgr” (Internet Information Services (IIS) Manager)

You will notice similar concepts between the 2 Start Pages:

- Tree view with local server connection as a parent node, with FTP Sites and Web Sites.

- Content Pane which provides basic information on the connections

- File Menu , Navigation Bar

The key differences between the 2 Start Pages:

1. The IIS7 UI has more features on the Start Page, specifically

- Tree view has Application Pools surfaced as a child node under Server connection node.

- The IIS7 UI has a Breadcrumb Bar that is always in sync with the tree view and helps with tree view Navigation

- The content pane has richer data – online resource links, IIS new feature (RSS feed from iis.net) and Connection tasks. No more right clicking on the node (Start Page in IIS7 and Internet Information Services in IIS 6) for the “Connect” task

2. Home Pages when Clicking on each node in the tree view on IIS7 UI vs IIS 6 UI

In IIS6 UI, clicking on each node provides a summary view of the node. The specific site node shows the content view of the site (same view when the site node is expanded in the tree view)

In IIS7 UI, clicking on each node provides a “Features View” by default. No more right click on a tree view node –> Properties to start updating the configuration. All configuration properties are surfaced as Features on the Home Page.Clicking on the “Content View” tab will show the same view as the expanded tree view (same behavior as IIS6 UI).

3. Where did my Web Service Extensions go from my tree view?

In IIS7/7.5 UI, the web service extensions made it as a feature on the Server Home Page. Select the local server node; double click on the ISAPI and CGI restrictions feature

IIS 6 UI – Web Service Extensions

IIS7 UI – ISAPI and CGI Restrictions

Next blog in this series: More about Web Service Extensions.

IIS6.0 UI vs. IIS7.0/IIS7.5 UI Series: Introduction

NitashaV — Fri, 29 Jan 2010 19:52:00 GMT

I tried to search for articles/blogs that do a side by side comparison between IIS 6.0 UI and IIS 7.0 UI but could not find one. Let’s fix that, shall we.

This is an introduction blog to the series of side by side comparison between IIS6.0 and IIS 7.0 UI. I plan to release at least one blog a week for this series addressing one UI feature at a time. I will be focusing on the inetmgr UI on the Server SKUs (W2K3, W2K8, W2K8 R2) for snapshots, but these blogs are applicable to the client SKUs as well (XP, Vista SP1, Windows 7).

This blog series will focus on a side by side comparison between the 2 Inetmgr versions (IIS6 vs. IIS7) and not on the new IIS7 features. I will talk about the backend configuration differences between the modules as well (snippets). There are some good articles on http://learn.iis.net that talk about the IIS 7 Module overview, IIS Manager overview and the *new* IIS7 UI features in great detail.

Please drop a comment if there are any specific UI modules/properties you would like to be compared next. Also if you have any feedback on the details.

Next blog in this series: IIS6 vs. IIS7 UI Start Pages

Yet another IIS Manager Module: Advertisement Module UI

NitashaV — Thu, 07 Jan 2010 01:54:00 GMT

This blog post talks about the IIS Manager module to configure Advertisement module we wrote in my previous blog.

There are many good blogs on iis.net that explain how to add a new IIS Manager module in detail. Few examples below:

- An End-to-End Extensibility Example for IIS7.0 Developers

- How to Create a Simple IIS Manager Module

- Understanding UI Extension Authoring

I will not go into detail and explain how to write a simple IIS Manager module. Instead will share the code for you all to download and try.

Here’s how you can Setup the module:

1) Build the UIAdvertisementModule project and copy the dll (UIAdvertisementModule.dll) under inetsrv folder

2) add the module to the gac

gacutil /i %windir%\System32\inetsrv\UIAdvertisementModule.dll

3) add the new UI module definition to administration.config (%windir%\system32\inetsrv\config\administration.config)

4) Now launch inetmgr and see the "Advertisements" feature page on the server home page - all ready to use.

Snapshots of the UI module in action:

Here’s how the inetmgr home page looks like on my Win7 client machine

Add NewAdvertisment dialog

The Advertisement module list page with a couple of ads specified

Well you get the idea :) Check it out, let me know if you have any questions or run into issues. Feel free to use it for writing your own IIS extensions.

Enjoy!

This posting is provided "AS IS" with no warranties, and confers no rights

Yet another IIS7 managed module: AdvertisementModule

NitashaV — Tue, 05 Jan 2010 22:05:38 GMT

This has got to be the most overdue blog ever (no kidding!) I wrote this managed module over 2 years ago using the then *new* IIS extensibility. Consider this post as my New Year resolution to get this published ;)

Advertisement Module: the idea

I wrote a managed module (called it advertisement module) which can be plugged into IIS7 and show cases a very simple example of how a customer can configure ads for a url and serve these when the url is requested. There are many features that can enhance this module capability like more configurable ad placement, video integration, richer content support, etc.

The idea is simple: the advertisements are configurable, so the customer can specify the ads to be served for a url. The advertisement managed module is registered for a url and will insert these ads to all the pages served by the url.

All the advertisements are specified in a collection in configuration. Each ad is assigned an impression (based on a criterion like level of service, money investment, business needs, etc). An ad with the highest impression has the highest probability of making it on the page when the url is requested.

Let me walk you through step by step…

Schema Definition:

The first thing to do is to define the schema for the configuration section. Below is the schema file for the advertisements section, this schema file is saved as %windir%\system32\inetsrv\config\schema\Advertisement_Schema.xml:

<configSchema>
  <sectionSchema name="system.webServer/advertisements" >                   
    <collection addElement="add" removeElement="remove" clearElement="clear">
      <attribute name="imageUrl" isUniqueKey="true" type="string" />
      <attribute name="navigateUrl" type="string" />
      <attribute name="toolTip" type="string" />
      <attribute name="impression" type="int" validationType="integerRange" validationParameter="0,1000" defaultValue="500"/>
    </collection>
  </sectionSchema>
</configSchema>

Each advertisement element contains:

- image url :path to the image aka the advertisement relative to the url (required)

- navigateUrl: a url to browse to when the advertisement is clicked

- tooltip : an alt text for the advertisement for when it is hovered on

- impression : this is an integer between 0 and 1000 (defaults to 500)

Add the section definition to applicationHost.config

Once you have saved the schema file under the inetsrv\config\schema file, we need to add this section’s definition to applicationHost.config. All you need to do is add the line <section name=”advertisements” /> to the sectionGroup with the name “system.webserver”. So the applicationHost.config will look like:

…
<sectionGroup name="system.webServer">
        <section name="advertisements" />
…

That’s all; the section is all defined and ready for some config data, a sample of how the configuration looks like for this section below:

<system.webserver>
    <advertisements>
            <add imageUrl="\welcome.png" navigateUrl="http://www.iis.net" toolTip="Click here to check out IIS7" impression="500" />
        </advertisements>
</system.webserver>

Advertisement module (details and code)

Let’s start the fun part! We have the configuration, we know how to configure and add advertisements for a url. Now let’s write the managed module that will use these configuration settings.

This managed module intercepts all responses to htm/html or aspx pages and places advertisements on the page. So we would need to register a post authorize event and write the event handler code.

Currently this module only supports images as ads; the images are added to a fixed position (top center) on the page.

The GetAdvertisement method gets all the advertisements from configuration, decides which advertisement to place on the page based on the impression number and reads that particular ad from the config. The ad is randomly picked from the collection of ads for the url. The probability of an individual ad being picked depends on its “impression” value. The higher the impression value, the higher the chance for the ad to be picked for the page.

Code:

using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using Microsoft.Web.Administration;

class AdvertisementModule : IHttpModule
{

    #region IHttpModule Members        
    int index, maxVal, randomVal, tempVal = 0;
    string adImageUrl, adNavigateUrl, adToolTip = string.Empty;    
    string html_addOn;   

    public void Dispose()
    {

    }

    public void Init(HttpApplication context)
    {     
        context.PostAuthorizeRequest += new EventHandler(this.GetAdvertisement);           
    }   
   
    public void GetAdvertisement(object sender, EventArgs e)
    {
        HttpApplication app = (HttpApplication)sender;
        HttpContext context = app.Context;
        HttpResponse response = context.Response;

        if ((app.Request.Path.EndsWith(".htm")) || (app.Request.Path.EndsWith(".html"))||(app.Request.Path.EndsWith(".aspx")))
        {       
            ConfigurationSection section = WebConfigurationManager.GetSection("system.webServer/advertisements");
            ConfigurationElementCollection coll = section.GetCollection();
            
            if (coll.Count > 0)
            {
                //getting the total of the impressions, using this as MaxVal for the random number generation                                        
                for (int i = 0; i < coll.Count; i++)
                {
                    maxVal += (int)coll[i].GetAttributeValue("impression");
                }
                Random random = new Random();
                randomVal = random.Next(0, maxVal + 1);
                
                //getting the index of the advertisement to read from config            
                for (int j = 0; j < coll.Count; j++)
                {
                    tempVal += (int)coll[j].GetAttributeValue("impression");
                    if (tempVal >= randomVal)
                    {
                        index = j;
                        break;
                    }
                }

                //reset
                maxVal = 0; 
                randomVal = 0;
                tempVal = 0;

                ReadAdFromConfig(index); //read ad details from config

                //form the html for the advertisement and add it to the response
                response.Write("<div align=\"center\" style=\"border: 0px width: 800px height: 254px overflow:visible\">");
                //objectCall = "<object classid=\"clsid:25336920-03F9-11CF-8FD0-00AA00686F13\" height=\"20%\" width=\"100%\" type=\"image/text\">"; //data=\"{0}\" >";
                
                if (adNavigateUrl == string.Empty)
                {
                    html_addOn = "<img border=\"0\" src=\"{0}\" width=\"800\" height=\"100\" alt=\"{1}\">";
                    response.Write(string.Format(html_addOn, adImageUrl, adToolTip));
                } else if (adToolTip == string.Empty){
                    html_addOn = "<img border=\"0\" src=\"{0}\" width=\"800\" height=\"100\" >";
                    response.Write(string.Format(html_addOn, adImageUrl));
                } else {
                    html_addOn = "<a href=\"{0}\"><img border=\"0\" src=\"{1}\" width=\"800\" height=\"100\" alt=\"{2}\"></a>";
                    response.Write(string.Format(html_addOn, adNavigateUrl, adImageUrl, adToolTip));
                }              
                response.Write("</div>");                
            }
        }
    }

    private void ReadAdFromConfig(int index)
    {
        //Get the url for the ad, insert the correct html text and return               
        ConfigurationSection section = WebConfigurationManager.GetSection("system.webServer/advertisements");
        ConfigurationElementCollection coll = section.GetCollection();               
        adImageUrl = coll[index].GetAttributeValue("imageUrl").ToString();
        adNavigateUrl = coll[index].GetAttributeValue("navigateUrl").ToString();
        adToolTip = coll[index].GetAttributeValue("toolTip").ToString();
        if (adToolTip == string.Empty)
        {
            adToolTip = adNavigateUrl;
        }               
    }       
   
    #endregion
}

Build and copy the module dll (AdvertisementModule.dll) to the bin folder under the site's physical path (for eg, for Default web site, this dll will be copied to %windir%\inetpub\wwwroot\bin)

Now, add this managed module to the site's web.config. Snapshot of the web.config file:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <modules>
            <add name="MyAdModule" type="AdvertisementModule" />
        </modules>             
      <advertisements>
            <add imageUrl="\welcome.png" navigateUrl="http://www.iis.net" toolTip="Click here to check out IIS7" impression="500" />
        </advertisements>
    </system.webServer>
</configuration>

Now, just make a request to an htm/html or aspx page on this site and watch your module go!

A snapshot of this module in action below…

Next up I will post the Advertisement inetmgr UI module to configure the advertisements section.

WebPI Contextual Install

NitashaV — Tue, 29 Dec 2009 23:46:56 GMT

As you all know, WebPI offers a rich set products and applications and continues to offer more. One of my favorite features in WebPI (it’s been in PI since its v1 days) is called Contextual Install. This feature provides a seamless experience for customers to get the product(s) they want from PI rather than searching for it in the ever growing PI offerings.

Contextual install opens WebPI directly on the product details page with the product(s) added to the WebPI install cart. If multiple products are specified, all of these are added to the install cart and WebPI opens on the details page of the first product in the list.

WebPI v2 RTW is localized and offers localized installers for products and applications. You can use WebPI contextual install feature to include non English installers to the install cart install. For each contextual install call, you can only specify a single language. The list of language ids supported by WebPI at the end of this blog.

This feature is not supported for custom feeds.

Snapshot of WebPI contextual install if the product (or application) is supported on the machine:

http://www.microsoft.com/web/gallery/install.aspx?appsxml=http%3a%2f%2fwww.microsoft.com%2fweb%2fwebpi%2f2.0%2fWebApplicationList.xml&appid=DasBlog

Snapshot of the WebPI contextual install if the product (application) is not supported:

http://www.microsoft.com/web/gallery/install.aspx?appid=FastCGIIIS6 on a w2k8 machine

There are a couple of ways this feature can be used by WebPI v2 RTW users, WebPI UI behavior is the same for all:

- using WebPI exe (WebPlatformInstaller.exe)

- using WebPI handler (wpi://)

- using Web App Gallery (http://www.microsoft.com/web/gallery/install.aspx). This is the recommended way and is currently used for all Installs on iis.net extensions , SQL and also all Web App Gallery apps

Read on to see few examples for each below…

Using the WebPI exe:

Syntax: WebPlatformInstaller.exe /id <product id>[&<product id>…][?<file id>[&<file id>…]][?<language id>]

Examples:

- Example 1: Install a product (VWD)

WebPlatformInstaller.exe /id VWD

- Example 2: Install products ()

WebPlatformInstaller.exe /id VWD&StaticContent

- Example 3: Install an app ()

WebPlatformInstaller.exe /id DasBlog

- Example 4: Install apps ()

WebPlatformInstaller.exe /id DasBlog&SugarCRM

- Example 7: Install a product and an app ()

WebPlatformInstaller.exe /id StaticContent&SugarCRM

- Example 5: Install product(s) from Media feed

WebPlatformInstaller.exe /id MediaPack&MediaServices3?http://www.microsoft.com/web/webpi/2.0/MediaProductList.xml

- Example 6: Install a product in German

WebPlatformInstaller.exe /id VWD??de

Using the WebPI handler:

Syntax: wpi://<product id>[&<product id>…][?<file id>[&<file id>…]][?<language id>]

Examples:

- Example 1: Install a product (VWD)

wpi://VWD

- Example 2: Install products ()

wpi:// VWD&StaticContent

- Example 3: Install an app ()

wpi://DasBlog

- Example 4: Install apps ()

wpi://DasBlog&SugarCRM

- Example 7: Install a product and an app ()

wpi:// StaticContent&SugarCRM

- Example 5: Install product(s) from Media feed

wpi://MediaPack&MediaServices3? http://www.microsoft.com/web/webpi/2.0/MediaProductList.xml

- Example 6: Install a product in German

wpi://VWD??de

For example, if your web page has a link wpi://VWD – clicking on which will launch Web PI on the client side landing on the details page for Visual Web Developer product, which will be included in the installation, since VWD is its productId. Now, you can even specify the language of the product in your hyperlink by adding ??<languageId> to the hyperlink. Thus, to make Web PI install VWD in French from a webpage, you create this link: wpi://VWD??fr

Using the /web install page:

Syntax: http://www.microsoft.com/web/gallery/install.aspx?[appsxml=<file id>][&appsxml=<file id>…]appid=<product id>[%3b<product id>…][&applang=<language id>]

Examples:

- Example 1: Install a product (VWD)

http://www.microsoft.com/web/gallery/install.aspx?appid=VWD

- Example 2: Install products (VWD and Static Content)

http://www.microsoft.com/web/gallery/install.aspx?appid=VWD%3bStaticContent

- Example 3: Install an app (Gallery)

http://www.microsoft.com/web/gallery/install.aspx?appsxml=http%3a%2f%2fwww.microsoft.com%2fweb%2fwebpi%2f2.0%2fWebApplicationList.xml&appid=Gallery

- Example 4: Install apps (DasBlog and SugarCRM)

http://www.microsoft.com/web/gallery/install.aspx?appsxml=http%3a%2f%2fwww.microsoft.com%2fweb%2fwebpi%2f2.0%2fWebApplicationList.xml&appid=DasBlog%3bSugarCRM

- Example 7: Install a product and an app (Tracing and DasBlog)

http://www.microsoft.com/web/gallery/install.aspx?appsxml=http%3a%2f%2fwww.microsoft.com%2fweb%2fwebpi%2f2.0%2fWebProductList.xml&appsxml=http%3a%2f%2fwww.microsoft.com%2fweb%2fwebpi%2f2.0%2fWebApplicationList.xml&appid=Tracing%3bDasBlog

- Example 5: Install product(s) from Media feed

http://www.microsoft.com/web/gallery/install.aspx?appsxml=http%3a%2f%2fwww.microsoft.com%2fweb%2fwebpi%2f2.0%2fMediaProductList.xml&appid=MediaPack

- Example 6: Install a product in German

http://www.microsoft.com/web/gallery/install.aspx?appid=VWD&applang=de

List of all language ids supported by WebPI:

en (English)
fr (French)
es (Spanish)
de (German)
it (Italian)
ja (Japanese)
ko (Korean)
ru (Russian)
zh-cn (Simplified Chinise)
zh-tw (Traditional Chinese)

Try these out =)

Is there a way to get WebPI to install Products in an offline way?

NitashaV — Tue, 29 Dec 2009 05:24:00 GMT

FAQ: Do I always need to be online for WebPI to download and install all the products it offers?

Short answer: Yes

FAQ: Is there a way to get webpi to install products in an offline way?

Many WebPI customers have requested for this feature. While WebPI does *not* offer an offline install feature yet, there is a way to get WebPI to install products in an offline way (and help customers save some bandwidth). Read on for a few options …

Connect machine to the internet and download all the msi components you want to install locally. Note the physical path for each of these msi components. Now you have two options to get WebPI to install all these components offline.

Option 1: Recommended if the product(s) you are trying to install already exists in webpi feed

Copy the webproductList.xml from http://www.microsoft.com/web/webpi/2.0/WebProductList.xml to your local machine
For each Installer downloaded on your local machine, update the local copy of WebProductList.xml. Specifically, update the <installerURL> to point to the msi downloaded on the local machine. XML Snippet using SEOToolkit as an example in the webproductList.xml feed below:

<installerFile>
    <fileSize>720</fileSize>
    <installerURL>http://download.microsoft.com/download/A/C/A/ACA8D740-A59D-4D25-A2D5-1DCFD1D9A01F/IISSEO_amd64.msi </installerURL> //location on the machine where the msi is downloaded
    <sha1>96306F47159E1B348075629A3FCF2D66DD221883</sha1> //SHA1 hash for the installer
</installerFile>

To:

<installerFile>
    <fileSize>720</fileSize>
    <installerURL>C:\Users\nitashav\AppData\Local\Temp\IISSEO_amd64.msi </installerURL> //location on the machine where the msi is downloaded
    <sha1>96306F47159E1B348075629A3FCF2D66DD221883</sha1> //SHA1 hash for the installer
</installerFile>

3. Save the updated WebProductList.xml file locally

4. Run the following commands

Clear local cache: %ProgramFiles%\Microsoft\Web Platform Installer\WebPlatformInstaller.exe /reset
Launch WebPI with local WebProductList.xml: : %ProgramFiles%\Microsoft\Web Platform Installer\WebPlatformInstaller.exe <Path to the local WebProductList.xml file>

5. Now you can disconnect your machine from the internet and use WebPI to install the msi

Option 2: Recommended for products that are not offered using webpi

Craft your own webpi feed for the products you would like webpi to install
For each Installer downloaded on your local machine, update the <installerURL> to point to the msi downloaded on the local machine. XML Snippet using the custom sampleProductFeed.xml shared here below:

<installerFile>
    <!-- size in KBs -->          
    <fileSize>1024</fileSize>

    <installerURL>http://www.contoso.com/SampleProduct_x86.msi </installerURL>

    <sha1>111222FFF000BBB444555EEEAAA777888999DDDD</sha1> 
</installerFile>

<installerFile> 
    <!-- size in KBs -->
    <fileSize>1024</fileSize>
    <installerURL>C:\Users\nitashav\AppData\Local\Temp\SampleProduct_x86.msi</installerURL>

    <sha1>111222FFF000BBB444555EEEAAA777888999DDDD</sha1>
</installerFile>

3. Save the SampleProductFeed.xml file locally

4. Run the following commands

Clear local cache: %ProgramFiles%\Microsoft\Web Platform Installer\Webplatforminstaller.exe /reset
Launch WebPI, go to the Options dialog (click the “Options” link on the main window), type the location of the SampleProductFeed.xml file and click “Add Feed” and close the dialog.

5. Now you can disconnect your machine from the internet and use WebPI to install the sampleProduct!

A note about product Dependencies: If the product has any dependencies, follow the same steps to install the dependencies offline too (download each dependency and update the installerURL with the local msi location). However, if the dependency is an iisComponent, it can be installed offline (there is no need to download anything for it)

Diagnose Failures with Remote Management

NitashaV — Tue, 18 Dec 2007 21:52:00 GMT

Diagnose Failures with Remote Management

Good place to start if you want to learn about how to configure remote administration for IIS Manager: http://learn.iis.net/page.aspx/158

This is a long overdue blog entry. It's an attempt to help you all diagnose any issues you might come across while using Remote Manager. My assumption is that you know how to get started and have run into issues while using the Remote Manager. This is based on frequently asked questions on iis.net forums. This troubleshooting applies to all remote management (i.e. downlevel --> 2K8 and 2k8-->2k8).

1) Cannot connect to the remote server?

Make sure the client and the server are using the same build. For example, Server Beta 3 Remote Manager client will not work with a RC1 server build and so on...
Refer to the blog about Remote Management Behavior Matrix located at: http://blogs.iis.net/nitashav/archive/2007/04/23/remote-management-behavior-matrix.aspx ; there might be problems because of acls.
Look at the Event Viewer (eventvwr.msc) log: *wmsvc has a good supportability story; events are logged with detailed error message and stack trace. Most of the time, looking at the Event Viewer will tell you what the problem might be.

2) Cannot connect to the remote server after updating *wmsvc bindings?

If this happens after you updated the port on which wmsvc is configured to run, check if the firewall is turned on for the server. If it is, add a new exception rule for the port on which wmsvc is running (default value: 8172). Now try connecting to the server again.

If this does not solve the problem, run the following commands from cmdline

netsh http show sslcert

Ensure that the port 8172 (the one on which wmsvc is running) has ssl certificate bindings. Also make sure the cert hash matches the one to which wmsvc is bound to (in the Management Service UI)

Sample output:

c:\>netsh http show sslcert

SSL Certificate bindings:

-------------------------

IP:port                 : 0.0.0.0:8172

Certificate Hash        : f06ae62a5275a818338f05ecc80707335be1e204

Application ID          : {00000000-0000-0000-0000-000000000000}

Certificate Store Name: MY

Verify Client Certificate Revocation    : Enabled

Verify Revocation Using Cached Client Certificate Only: Disabled

Usage Check    : Enabled

Revocation Freshness Time: 0

URL Retrieval Timeout   : 0

Ctl Identifier          : (null)

Ctl Store Name          : (null)

DS Mapper Usage    : Disabled

Negotiate Client Certificate    : Disabled

netsh http show urlacl

Ensure that the url https://*:8172/ (port on which wmsvc is configured to run on) shows up in the list of reserved urls

Sample output:

c:\>netsh http show urlacl

URL Reservations:

-----------------

Reserved URL : https://*:8172/

User: NT SERVICE\WMSvc

Listen: Yes

Delegate: No

SDDL: D:(A;;GX;;;S-1-5-80-257763619-1023834443-750927789-3464696139-1457670516)

If you see that bindings are not correctly configured (using netsh commands in the previous paragraph), the problem might be that the machine key does not have permissions for the administrator trying to tweak wmsvc bindings. In that case, try the following --

Take ownership for the machine key

takeown /F %ProgramData%\Microsoft\Crypto\RSA\MachineKeys\bedbf0b4da5f8061b6444baedf4c00b1* /R

Acl the machine key such that administrators group has read permissions

icacls %ProgramData%\Microsoft\Crypto\RSA\MachineKeys\bedbf0b4da5f8061b6444baedf4c00b1* /grant Administrators:(R)

Reserve the port 8172 for wmsvc

netsh http add urlacl url="https://*:8172/" User="NT SERVICE\wmsvc"

Associate the cert with the port

netsh http add sslcert ipport=0.0.0.0:8172 certhash=<certHash> appid={d7d72267-fcf9-4424-9eec-7e1d8dcec9a9}

3) Do not want to see the prompt on client every time you connect to the remote server?

Make sure your server uses a trusted root certificate for wmsvc. Basically create a trusted root certificate (if you don't already have it) and on the Management Service feature page assign this certificate to be used by the service. This will ensure the client does not get a prompt asking if they trust the server (since the certificate isn't trusted).

4) If all else fails:

Post your issue on iis.net forums (http://forums.iis.net/) with repro steps and details. It would be great if you could send the eventvwr.msc log along with exception and call stack (see below for details on how to get the exception and call stack)

Attach windbg to wmsvc.exe

windbg -pn wmsvc.exe

Load the sos.dll and set a break point if a managed exception happens

.loadby sos mscorwks

sxe clr

Then hit go

g

When it breaks, print the exception and the call stack and send it to us @ iis.net/forums.

!pe

!clrstack

*WMSVC is the service for Remote administration on the server side and can be configured in the UI in the Management Service Page. You can get some more information about this at http://learn.iis.net/page.aspx/158/remote-administration-for-iis-manager/