230 likes | 395 Views
DSE 6770 Electronic Commerce. Microsoft Internet Information Server (IIS) Administration & Introduction to Active Server Page (ASP) Presented by Kelvin Liu 02/02/2000. Microsoft Internet Information Server (IIS). Latest Version is 4.0 Run on MS Windows NT Server 4.0
E N D
DSE 6770 Electronic Commerce Microsoft Internet Information Server (IIS) Administration & Introduction to Active Server Page (ASP) Presented by Kelvin Liu 02/02/2000
Microsoft Internet Information Server (IIS) • Latest Version is 4.0 • Run on MS Windows NT Server 4.0 • Web Server (Intranet or Internet) • FTP Server • Internet File and Application Server • Mail Server (Optional)
Advantage of MS IIS 4.0 • Free Download form Microsoft Web Site • Simple Installation Procedure • Easy to integrate with other Microsoft Back Office Products. E.g. MS Transaction Server, MS SQL Server, etc. • Easy to Administrate with existing NT Server Admin Tools • High Server and User Availability • Support Active Server Page (ASP)
Microsoft IIS 4.0 Installation • Pre-requisite - Microsoft Windows NT Server 4.0 with Service Pack 4 or above.- Enough Harddisk Space for your Web Site.- A Fixed IP Address.- A Registered Domain Name for Internet Web Server.- A Web Browser
Microsoft IIS 4.0 Installation • Folder Structure- InetPub- wwwroot - ftproot - script - iissamples - mail (Optional)
Microsoft IIS 4.0 Administration • Administration Tools- Microsoft Management Console (MMC)(Internet Service Manager Snap-in)- Web-based Internet Service ManagerURL: http://localhost/iisadmin/- FrontPage Explorer- MS Visual InterDev
Microsoft IIS 4.0 Administration • Usual Web Server Administrative Tasks - Create and Manage Multiple Web & FTP Site - Change Security Setting of a Site - Assign Operators to Tasks - Start and Stop Sites - Manage Transaction - View Statistics
Microsoft IIS 4.0 Security • IIS 4.0 is a service that runs on top of Windows NT. Therefore, it relies heavily on Windows NT user accounts and the Windows NT File System.
Microsoft IIS 4.0 Security • Windows NT File System (NTFS) • Unlike FAT, NTFS is not visible to DOS. This makes your resources secure from attacks using DOS commands. • NTFS allow you to configure the Access Control List (ACL) to grant or deny various forms of access to user and group accounts.
Microsoft IIS 4.0 Security • User Accounts for Web Server • IUSR_computernameused by IIS to grant anonymous access toWeb resources. • IWAM_computernameused by Microsoft Transaction Server (MTS) and various IIS entities to provide programmatic and transactional functions.
Microsoft IIS 4.0 Security • Web Permissions vs. NTFS Permissions • Web Permissions really control which HTTP verbs are allowed to be executed for HTTP resources. • NTFS Permissions control which user accounts have what type of access to resources on the hand disk.
Microsoft IIS 4.0 Security • Authentication Method • Windows NT Challenge /Response authentication • Basic Authentication • Client Certificate mapping • For more details, please visit:http://www.cuhk.edu.hk/ca/ • Custom Authentication Application • such as an ISAPI filter, ASP Applications, Java Applets, etc
Microsoft IIS 4.0 Performance Optimization • Server Security • Server Network Throughput • Connection Limitation • Connection Time Limitation • For more details: • http://www.microsoft.com/backstage/whitepaper.htm
Introduction to Active Server Page (ASP) • Microsoft Technology • Run on Microsoft IIS Only • Server Side Scripting Technology • Like CGI Perl Script on Linux Apache Server • Web Page with “.asp” extension • VBScript is the default scripting language for ASP
Active Server Page - Example 1 My first ASP program -- “Hello World” <%@ Language=VBScript %> <html> <head> <title>Creating Hello World with Incremental Text Size Increase</title> </head> <body BGCOLOR="#FFFFFF"> <p><% For i = 1 to 7 %> <font size="<%=i%>">Hello World! <br> <% Next %></font></p> </body> </html>
Active Server Page - Example 2 Show Current Time and Date <%@ Language=VBScript %> <html> <head> <title>Show Current Time</title> </head> <body> <p align="center"><u><font color="red" size="2"><br> </font><strong><font face="Arial" color="red" size="3">Current Time & Date is <%=time%>; <%=date%> </font></strong></u></p> </body> </html>
Request example3.asp Open RecordSet & Display Data in HTML Format Establish a Connection with Database Send SQL Statement to database Retrieve Data from Database by using RecordSets Active Server Page - Example 3 Web Browser Web Server Database
Active Server Page - Example 3 Query Result from an Access Database <html> ……….. <body> <% Param = Request.QueryString("Param") Data = Request.QueryString("Data") %> <% If IsObject(Session("Sales_conn")) Then Set conn = Session("Sales_conn") Else Set conn = Server.CreateObject("ADODB.Connection") conn.open "Sales","","" Set Session("Sales_conn") = conn End If %>
Active Server Page - Example 3 <% sql = "SELECT [Sales Persons].FirstName, [Sales Persons].LastName, Sum([Products]![UnitPrice]*[Order Details]![Quantity on Order]) AS [Total Sales] FROM Products INNER JOIN ([Sales Persons] INNER JOIN (Customers INNER JOIN [Order Details] ON (Customers.CustomerID = [Order Details].CustomerID) AND (Customers.CustomerID = [Order Details].CustomerID)) ON ([Sales Persons].EmployeeID = [Order Details].EmployeeID) AND ([Sales Persons].EmployeeID = [Order Details].EmployeeID)) ON Products.ProductID = [Order Details].ProductID " If cstr(Param) <> "" And cstr(Data) <> "" Then sql = sql & " WHERE [" & cstr(Param) & "] = " & cstr(Data) End If sql = sql & " GROUP BY [Sales Persons].FirstName, [Sales Persons].LastName ORDER BY Sum([Products]![UnitPrice]*[Order Details]![Quantity on Order]) DESC " Set rs = Server.CreateObject("ADODB.Recordset") rs.Open sql, conn, 3, 3 %>
Active Server Page - Example 3 ……….. <% On Error Resume Next rs.MoveFirst do while Not rs.eof %> ………... <% rs.MoveNext loop%> ………... </body> </html>
Active Server Page - Example 4 Adding Records to an Access Database <%@ LANGUAGE="VBScript" %> <% LastName = Replace(Request("LastName"), "'", "''") FirstName = Replace(Request("FirstName"), "'", "''") Set Connection = Server.CreateObject("ADODB.Connection") Connection.Open "Name" SQLStmt = "INSERT INTO NameDB (LastName, FirstName) " SQLStmt = SQLStmt & "VALUES ('" & LastName & "','" & FirstName & "') " Set RS = Connection.Execute(SQLStmt) %> <html> …... </html> <% Connection.Close %>
Active Server Page - Example 5 Display an Excel Spreadsheet(without ODBC setting) <%@Language=VBScript %> <html> <body> <% Set oConn = Server.CreateObject("ADODB.Connection") strConn = "Driver={Microsoft Excel Driver (*.xls)}; DBQ=C:\DSE6770\example\asp\excel.xls;" oConn.Open strConn strCmd = "SELECT * from excel" Set oRS = Server.CreateObject("ADODB.Recordset") oRS.Open strCmd, oConn Response.Write "<center><table border=1 cellpadding=3><tr><td>Student Name</td><td>Student ID</td></tr><tr><td>" Response.Write oRS.GetString (, , "</td><td>", "</td></tr><tr><td>", NBSPACE) Response.Write "</center>" %> </body> </html>