270 likes | 407 Views
IIS v7.0. Martin Parry Developer & Platform Group Microsoft Limited martin.parry@microsoft.com www.martinparry.com. Agenda. IIS architecture The request pipeline Configuration Building managed modules Diagnostics features Delegated administration. IIS 7.0 Introduction.
E N D
IIS v7.0 Martin Parry Developer & Platform Group Microsoft Limited martin.parry@microsoft.com www.martinparry.com
Agenda • IIS architecture • The request pipeline • Configuration • Building managed modules • Diagnostics features • Delegated administration
IIS 7.0 Introduction • Client version shipped with Windows Vista • Limited throughput • Server version will ship with WS2008 • Currently available in RC form • More features than client
Windows Process Activation Service • Manages configuration • What used to be the metabase • Responsible for starting worker processes... • w3wp.exe • ...and routing incoming requests to the appropriate worker process • Also hosts the new listener adapter interface • You can build your own listeners for WAS
IIS 6.0 Request Pipeline • IIS pipeline extensible using ISAPI • Native code • Can apply to all requests • ASP.NET pipeline extensible using IHttpModule • Managed code • Can only apply to requests routed via ASP.NET • Certain pipeline elements are “always there” • IIS authentication • Logging
IIS 7.0 Request Pipeline • Linear sequence of modules • Any module can be enabled/disabled • Including “built-in” ones • Modules can be managed or native code • Any type of module applies to any request
IIS 6.0 Configuration • IIS 6.0 (and earlier) use the metabase • Stores all configuration information • Originally in binary form, then in XML • Hard to allow management of separate apps by different groups of people
IIS 7.0 Configuration applicationHost.config machine.config “root” web.config web.config web.config web.config
Building Native Modules • Export a RegisterModule function from DLL • Define one or more other functions • To process request or response • Inside RegisterModule... • Hook up your other functions(s) at specific points in the pipeline • E.g. Begin, AuthN, AuthZ, ExecuteHandler, End
Building Managed Modules • Implement IHttpModule • Implement Init function • Attach event handlers for specific points in the pipeline • E.g. Begin, AuthN, AuthZ, ExecuteHandler, End • Same as existing ASP.NET HttpModules
IIS7 Diagnostics - RSCA • Runtime Status and Control API • Shows currently executing: - • Application Pools • Requests • Exposed via • IIS admin tool • Programmatically via WMI and Managed OM
IIS7 Diagnostics – Failed Requests • IIS7 allows you to log trace information just for requests that fail • For some definition of failure • Buffers all trace output • Only flushes to disk if the request fails • Log output is XML, with a stylesheet • Breaks down processing by module • Includes timing details for each module
IIS7 – Failed Request Tracing • Enable FREB at the Web Site level • Configure FREB rules at the application level • Each rule: - • Specifies the type of web content it applies to • Can specify a specific failure code • Can specify a duration in seconds • Can specify a trace event severity
IIS7 Delegated Administration • Can connect MMC to remote web server • Uses HTTPS, hopefully few firewall implications • Can delegate some or all admin activities • To any user: admin/non-admin/non-windows • Each activity can be: - • Not delegated, read-only, read/write • User’s view is trimmed according to permissions • Admin controls who sees what
Summary • New architecture • Worker process management separate from HTTP • Streamlined request pipeline • Potential to reduce attack surface • Simpler configuration • Better diagnostics • Delegated administration • For further information: http://www.iis.net
MSDN in the UK • Visit http://msdn.co.uk • Newsletter • Events • Screencasts • Blogs