Archives
-
Using IMetadataInfo::GetModuleContextContainer to store configuration data
If you write an IIS7 module, you would typically want to control its behavior based on some configuration data. IIS7 makes it really easy for developers to extend configuration schema so that their customers can put configuration data for their modules with other IIS configuration in applicationHost.config and web.config. Native module developers can then use AhAdmin APIs to read this configuration data. Reading configuration data for each request can be expensive. Developers would typically think of improving the performance by reading the configuration data once and then keeping the data in memory which can be used for other requests. To do this right, you need to worry about following things.
- Keep unique data only for the paths where configuration changes and not for all possible configuration paths.
- Detect configuration changes so that module always behave as per the latest configuration.
- Only delete the configuration data of paths which are affected by the change and not throw everything.
- Make sure this configuration store is accessed in thread safe manner.
// Always call this method to get configuration data
//
pModuleConfig = NULL;
//
)
BSTR bstrSectionName = NULL;
Kanwal - Keep unique data only for the paths where configuration changes and not for all possible configuration paths.
-
Generating configuration to allow/deny access to countries
There have been few requests on forums where people wanted to control access to sites based on country from where request originated. We recommended people to use IP restriction module functionality which required people to add IP address ranges of the countries they want to grant or deny access in ipSecurity section. This is easier said than done. There are a number of IP-to-country mapping lists available for free and updated frequently. These lists are usually in CSV format and identify countries (and sometimes even regions in the country) to which a particular IP-range is assigned. One such list can be downloaded from here. Entries in the CSV file go from 0 to max 32-bit unsigned integer. As the IP ranges assigned to a country are not contiguous, there are many entries (sometimes thousands) for one country. IIS7 IPRestriction module let you specify an IP-range using start-IP address and subnet mask. To move a single entry from CSV to IIS configuration you are required to create start IP address from a 32-bit integer and also create a subnet mask from IP-range both of which are not trivial. Also because most countries have hundreds of IP ranges assigned to them, going through CSV picking up these entries and then calculating start IP address and subnet mask manually is extremely difficult. Few days ago I wrote a script which does this for you. You can download the IP-to-country mapping list from here, unzip it (to say ip-to-country.csv) and then use the attached script (save ipres.js.txt as ipres.js).
In IIS7, ipSecurity section is locked by default. If you want to block access to a site, unlock ipSecurity section and add configuration for the site only. If you are adding the entries in web.config, you can use configSource option to keep the ipSecurity configuration in a separate file. Keep in mind that changes to configSource target file are not automatically picked up unless web.config file containing configSource attribute is changed. Also if you run into web.config file size limit, you can increase it by changing MaxWebConfigFileSizeInKB as specified in this blog.
Kanwal -
GenSCode updated to help use AhAdmin in C#, JavaScript
As promised in my previous post, I updated genscode tool to provide intellisense for AhAdmin code in C# and JavaScript. GenSCode now accepts an optional codetype switch which can be AhAJavaScript to help use AhAdmin in JavaScript, AhACSharp to help use AhAdmin in C# or MWACSharp (which is the default value) to ease using MWA in C#. Click here to download the updated tool. Read more ...
View the original post -
Enabling intellisense for AhAdmin code in scripts
MWA (Microsoft.Web.Administration) is pretty popular among developers who wish to read/write IIS configuration because of ease of writing managed code (which enables its use in powershell as well) and also because it provides a more intuitive wrapper over the IIS configuration system which is easier to work with. MWA has concept of application pool collection, sites, bindings etc while IIS configuration system only understands sections, elements, properties, location paths etc and not application pools, virtual directories which makes life of developers writing AhAdmin code very difficult. If you disagree, try adding a binding using MWA and then using AhAdmin. Presence of tools like genscode makes using MWA even more easier. Read more ...
View the original post -
Tool to generate AhAdmin code for actions in IIS7 UI
If you ever write AhAdmin code, this is for you.I have written a tool which generates equivalent JavaScript/C#/VB.Net AhAdmin code for actions done in IIS7 UI.
IIS7 configuration system gives access to IIS config files via a set of COM APIs. You can read/write to IIS configuration using these APIs in a script or C/C++ or using any of the managed language. All the tools which are shipped with IIS like managed APIs (Microsoft.Web.Administration), UI (IIS Manager), WMI provider uses these COM APIs internally to perform all the configuration operations. When you do an action in the UI, UI is making calls to these COM APIs (actually via MWA). Programming against COM APIs provided by IIS configuration system requires extensive understanding of these APIs and also IIS schema. Also you are required to know what exactly you want to change in the configuration. So when if you want to enable IIS detailed error messages programmatically, you are required to know which property should be changed to what value to have the desired effect. IIS Manager does present the properties in more readable form which makes it easier to decide what changes you want to make to the system which is helpful to the administrators but not developers. Imagine if you could just do an operation using IIS Manager and get the equivalent AhAdmin code which you can copy-paste in your application. This is exactly what AhAdminCodeGenerator is written to do. In the snapshot below, you are looking at JavaScript code generated when I created a site using IIS Manager.
-
Exposing runtime data from IIS worker processes
Dynamic properties feature in IIS7 configurtion system lets you expose dynamic data as configuration system properties. RscaExt.xml which is part of IIS7 has all the RSCA (runtime status and control APIs) functionality exposed as dynamic properties through configuration system (read more here). One of the things RSCA let you do is expose custom runtime data from a worker process using GetCustomData method. You can call GetCustomData method for a worker process instance which sends a GL_RSCA_QUERY notification to the worker process. Once this notification is generated, IIS core engine then calls all the modules which subscribed to GL_RSCA_QUERY global notification. These modules can then return any runtime data they want to which is seen as the return value of GetCustomData method. RequestMonitorModule is one example of such module which subscribes to RQ_BEGIN_REQUEST, RQ_END_REQUEST to keep track of requests getting processed and also subscribes to GL_RSCA_QUERY to expose this requests in flight data through RSCA. CGlobalModule::OnGlobalRscaQuery method which gets invoked on GL_RSCA_QUERY event accepts IGlobalRSCAQueryProvider as an argument which can be used to get the function name (referred to as GuidOfFunctionCall in rscaext.xml), function parameters and also to set the return value of GetCustomData. For more information on IGlobalRSCAQueryProvider, go here. Read more ...
View the original post -
What to expect from IIS7 custom error module
Kanwal
-
How configuration system merges sections
-Kanwal