370 likes | 664 Views
Code C a mp 8: A Lap Around IIS7. Allan da Costa Pinto Microsoft Developer Evangelist http://blogs.msdn.com/allandcp. Why Should Developers Care. Rapidly Troubleshoot Failing Apps Scale your .NET Skills with IIS7/Windows Server 2008 ASP.NET Integration Extend the core web server
E N D
Code Camp 8: A Lap Around IIS7 Allan da Costa Pinto Microsoft Developer Evangelist http://blogs.msdn.com/allandcp
Why Should Developers Care • Rapidly Troubleshoot Failing Apps • Scale your .NET Skills with IIS7/Windows Server 2008 • ASP.NET Integration • Extend the core web server • Extend management platform – UI, PowerShell • Host non-HTTP WCF services • on-demand process activation, health-monitoring, and automatic failure detection and recycling
IIS 6 Today: A Proven Platform • Proven Scalability • MySpace - 23 Billion Page* Views/Month • Microsoft.com - 10k Req/sec & 300K ConConnections • Match.com 30 million page view daily • Proven Security • No critical IIS 6 hotfixes since RTM • Proven Trust • 54% of Fortune 1000 use IIS (port80software.com) A solid foundation to build on
microsoft.com TOP 10 http://blogs.technet.com/mscom/archive/2007/09/07/the-tasty-morsels-found-in-dogfood-mscom-ops-top-10-changes-in-iis7-0.aspx • Simple, Configurable Command Line Setup • Great Compatibility Story • No More Metabase! • Centralized Configuration • Delegated Configuration • AppCmd and Other New Management Options • Failed Request Tracing • Request Filtering • UNC Content • Output Caching of Dynamic Content
IIS6 Architecture • Monolithic server implementation • Limited customization • Fixed functionality • Limited ISAPI Filter extensibility
IIS7 Architecture • Componentized server • Pluggable modular functionality • Small generic request pipeline • Enables • Lightweight servers • Custom / specialized servers
IIS6 + ASP.NET • ISAPI Extension • Only processes ASP.NET requests • Runtime limitations • Feature duplication
IIS7 ASP.NET Integration • Classic Mode • For compatibility • Integrated Mode • Can process all requests • Enhanced functionality
IIS 7 Integrated Application Pool • Application Pool architecture based on IIS 6 • Familiar settings for recycling, health monitoring, and process identity are the same • Two pool types in IIS 7 • Integrated • Allows use of managed code to provide pipeline services for all requests • Example: .NET Forms authentication for static content, non-ASP.NET content • Integrated is the default for new pools • Classic • Works same as IIS 6 • Ensures .NET compatibility
Why WAS? • To provide Infrastructure Services for non-HTTP WCF Services • IIS • Health monitoring, recycling, idle-timeout, rapid fail protection, isolation, configuration etc. • ASP.NET infrastructure services • Compilation, Membership, configuration • Shared AppDomains
IIS7: Total Platform Extensibility • Build and deploy custom server components • Leverage powerful modular server architecture • Robust native (C++) server features • Powerful managed (.NET) server features • Extend the configuration and administration tools • Create new schematized configuration sections • Plug into inetmgr as a first-class citizen
Handlers vs Modules • Modules provide services to all requests • Basic Authentication, Compression, etc. • Handlers provide services to specific extensions • ISAPI handler (.dll) • Static handler (.htm, .jpg, .gif, etc) • IIS 7 pipeline allows native and managed modules and handlers • “Integrated” Application Pool mode • “Classic” Application Pool
Moved from Metabase.xml (and .bin) to Applicationhost.config File based configuration improves manageability Config can be copied to other servers Easier to read Facilitates backup, restore and editing You now have choices about how to manage IIS configuration, e.g. Central vs. Distributed Delegated Shared (UNC!) IIS 7 Configuration System
Contoso.com root Configuration System (IIS7+.NET) Contoso.com \ Orders .NET Framework Machine.config Root web.config Site web.config <system.web>.NET settings .. ASP.net global settings NET global settings IIS 7 Applicationhost.config .. .. <system.webServer>IIS7 Delegated settings .. Global settings and location tags
Extending Configuration • IIS settings can now live in web.config • All settings are schematized in XML • Schema files live in %windir%\system32\inetsrv\config\schema • Extending configuration • Drop a .xml file into the schema directory • Add a section to applicationHost.config • Custom extensibility
Shared Configuration • Designed for web farm scenario from the start • Multiple servers to share a single configuration file • UNC share is created for master config • When configured, servers direct config requests to share location • A local or domain user is specified as identify for remote access
Practical Config coolnesshttp://blogs.iis.net/ksingla/archive/2006/06/13/1313980.aspx
Automating IIS 7 Management • APPCMD • General purpose command line tool • Query and control state, change settings, add sites and vdirs • Managed Code API • Microsoft.Web.Administration • WMI • Improved namespace for IIS7 • ADSI compatibility • PowerShell • use with Managed API and WMI
IIS7 Administration Tools • Configures both IIS and ASP.NET • Manages delegation • IIS Management tool client is firewall friendly • Supports .NET extensibility familiar tree view simplified tasks feature focused
Delegated Control to Site Owners Site Owners control designated settings without elevated server privileges Delegated settings written to Web.config files Site and/or application level Shared with ASP.net configuration XCopy deploy configuration and content Granular control over delegated settings allows precise locking Example: Always require Windows Authentication, but let site owner control Basic. Delegated Administration
Automating IIS 7 Management • APPCMD • General purpose command line tool • Query and control state, change settings, add sites and vdirs • Managed Code API • Microsoft.Web.Administration • WMI • Improved namespace for IIS7 • ADSI compatibility • Powershell • use with Managed API and WMI
Appcmd – Listing and Filtering C:\> appcmd list sites SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) C:\> appcmd list requests REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) C:\> appcmd list requests /apppool.name:DefaultAppPool C:\> appcmd list requests /wp.name:3567 C:\> appcmd list requests /site.id:1 Filter results by application pool, worker process, or site
Microsoft.Web.Administration ServerManageriisManager = newServerManager(); foreach(WorkerProcess w3wp iniisManager.WorkerProcesses) {Console.WriteLine("W3WP ({0})", w3wp.ProcessId);foreach(Request requestinw3wp.GetRequests(0)) {Console.WriteLine("{0} - {1},{2},{3}",request.Url,request.ClientIPAddr,request.TimeElapsed,request.TimeInState); }} • Strongly-typed .NET API • Powerful objects for configuration, runtime
Highlights: “I love IIS7 Diagnostics & Troubleshooting because…” • I can easily see the state of all Sites, AppPools, Worker Processes, and AppDomains • I can see the currently executing requests in real-time • I cantrace a request from start to finish in production • I can see both ASP.NET and IIS events in the same file • I can enable automatic tracing for all ‘failed’ requests • I can instrument my managed code using existing methods and see those events in the same file as my IIS events
Runtime Status and Control (RSCA) • RSCA provides means to obtain runtime status and control the following: • AppPools, Worker Processes, Web Sites, AppDomains • Goals • Provide means of obtaining current runtime state of Pools, Sites, AppDomains, and Worker Processes • Provide direct & consistent way to control above objects • Expose detailed runtime state • Examples • Current Request Listing • AppDomain Listing • Exposed via WMI and Managed Code
Runtime Data • Site, AppPool and AppDomain status • Real-time request monitoring • Script, cmd-line and admin tool support
Detailed Errors • New Verbose errors provides much more information • Provided by CustomErrors IIS7 module • Suggests Causes and Solutions – often suggests corrective action or lines of inquiry • Details include configuration section in question, module in use, page, etc. • Verbose errors only delivered to localhost by default
Rapid Fail Protection Actions • IIS 7 allows a configurable action to occur when RFP kicks in • See Application Pool, Advanced Settings
Automatic Failed Request Tracing • Enable no-repro instrumentation for “failed requests” • Turn tracing on, but only keep the events for “failed requests” • Allow for custom failure definitions per URL • Time taken • Status/substatuscodes • Event Verbosity (log on error, etc.) • Enable per-URL trace configuration • Allow me to define what to trace per URL • Example: only trace aspnet events for “*.aspx” • Persist failure log files beyond process lifetime
Test, Test, Test IIS7 kernel-mode authentication By default, IIS7 uses kernel-mode authentication, which happens to have a large performance benefit. There is a bug in kernel-mode authentication where requests that send credentials will fail unless an anonymous request has been made first. Once an anonymous request has been made, requests that send credentials will succeed (if the authentication is successful). This isn’t a problem for browsersthat send an anonymous request first and only send credentials when challenged, but it is often a problem for clients like that send credentials on the initial request… http://blogs.msdn.com/tmarq/archive/2007/08/29/iis7-kernel-mode-authentication.aspx
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.