IIS 7 Extensibility & configuration
Download
Report
Transcript IIS 7 Extensibility & configuration
IIS7
The Future of Microsoft’s
Web Server Platform
<Name>
<Title>
<Email>
Agenda
•
•
•
•
•
•
•
•
Handlers and Modules
IIS UI
Extending the IIS Schema
Tracing and Diagnostics
Configuration Overview
Integrated Configuration
Delegation of Configuration
Configuration Extensibility
IIS7 – Built for Extensibility
•
•
•
•
•
Handlers and Modules
Role and Membership Providers
Extending the IIS Schema
IIS UI
Tracing and Diagnostics
Handlers vs Modules
•
•
•
•
Modules provide services to all requests
Basic Authentication module
Compression module (etc)
Handlers provide services to specific extensions
• ISAPI handler (.dll)
• Static handler (.htm, .jpg, .gif, etc)
• IIS 7 pipeline allows native and managed modules
and handlers
• "Integrated" Application Pool mode
•
Use the managed modules and handlers
• "Classic" Application Pool
•
IIS 6 style invocation of .NET
IIS7 Request Processing
Authentication
NTLM
Basic
Server functionality is split
into ~ 40 modules...
Anon
Authorization
…
ResolveCacheCGI
…
Determine
Static
File
Handler
ExecuteHandler
ISAPI
…
…
UpdateCache
Send
Response
SendResponse
Log
Compress
Modules plug into a
generic request pipeline…
Modules extend server
functionality through a
public module API.
Creating a Managed Module
• Identical to ASP.NET IHttpModule interface.
• How to:
• Create class to implement iHttpModule
• Write code for the Init Method
• Initialize module
• Subscribe to events
• Write code for the subscribed events
• Implement the Dispose method (required)
• Register the module in the Web.config or
Applicationhost.config file.
Creating a Class from
IHttpModule
public class BasicAuthenticationModule :
System.Web.IHttpModule
{
void Init(HttpApplication context)
{
}
void Dispose()
{
}
}
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebIHttpModuleClassTopic.asp
Integrated pipeline: Events
•
Request Events
•
•
•
•
•
•
•
•
•
•
•
•
•
Begin
Authenticate
Authorize
Resolve Cache
Map Handler
Acquire State
PreExecute Handler
Execute Handler
Release State
Update Cache
Log
End
On Demand Events
•
•
•
SendResponse
ReadEntityBody
MapPath
WindowsAuthenticationModule
BasicAuthenticationModule
System.Web.Security.
FormsAuthenticationModule
UrlAuthorizationModule
•
Global Events
•
•
•
•
•
http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=928&p=3 •
Initialize / Shutdown
Config Change / File Change
Application Start / Stop
Health Check
Trace Event
More
Subscribing to an Event
public void Init(HttpApplication context)
{
//
// Subscribe to the authenticate event to perform the
// authentication.
//
context.AuthenticateRequest += new
EventHandler(this.AuthenticateUser);
//
// Subscribe to the EndRequest event to issue the
// challenge if necessary.
//
context.EndRequest += new
EventHandler(this.IssueAuthenticationChallenge);
}
http://msdn2.microsoft.com/en-us/library/system.web.httpapplication.aspx
Add module to IIS 7
configuration
• Modules can be added to:
• Applicationhost.config as Global
• Applicaitonhost.config as Local with location tag
• Web.config
• The specific sequence of modules can matter
• Add modules with:
•
•
•
•
•
IIS Manager
APPCMD
WMI
Powershell
Microsoft.web.administration
Modules in Applicationhost.config
• In Applicatonhost.config:
• <Global Modules> - for native modules and Managed
Engine
<add name="HttpCacheModule"
image="%windir%\System32\inetsrv\cachhttp.dll" />
• <Modules> - Entries for all native and managed
modules
<add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModule"
preCondition="managedHandler" />
•
•
preCondition tells managed modules to work only for managed
code by default
List is customizable per application and can be delegated
• Modules defined in Applicationhost.config load for
all application unless in “location” tag.
Modules in Web.config
• Note System.webServer rather than System.web
•
IIS 7 reads System.webServer, ASP.net reads System.web
• Delegation for managed most managed modules is
enabled by default
• Native modules cannot be loaded in web.config
<configuration>
<system.webServer>
<modules>
<add name="MyBasicAuthenticationModule“
type="IIS7Demos.BasicAuthenticationModule" />
</modules>
</system.webServer>
</configuration>
Options for Code Placement
• If loaded in Applicationhost.config:
• Compile and place managed code in GAC
• Can then service all requests in the server pipeline
• Native modules/handlers in system32\inetsrv
• Specify location in configuration
• In Web.config
• GAC
• Locally in \App_Code as uncompiled code
• Locally \bin as .dll
• If locally stored, Xcopy deployment will insure
correct code and configuration
Creating a Managed
Module
Creating a Managed Handler
• Identical to ASP.NET IHttpHandler
• Steps:
• Create Class that implements iHttpHandler
• Add code for ProcessRequest method
•
This method receives a parameter of type HttpContext. Allows
you to access the intrinsic objects such as Request and
Response
• Set property IsReusable
•
Determines if other request can use the handler
• Configure Handler in Applicationhost.config or
web.config
http://msdn2.microsoft.com/en-us/library/system.web.ihttphandler.processrequest.aspx
Examining a Custom
Managed Handler
Extending the IIS Manager UI
• IIS 6 MMC was not easy to extend
• IIS 7 Manager (IISMGR) has a modular
design
• Add new controls, remove, or hide features
• Administration.config is xml config store
• IIS Manager features are Winform apps
• Integrate your application configuration
into IISManager and IIS 7 confiig system
Extending the IIS 7 Schema
• Add app config settings to IIS 7 schema
• Add xml file to
%SystemDir%\inetsrv\config\schema
• Automatically incorporated by IIS 7
• Read with Microsoft.Web.Administration
<configSchema>
<sectionSchema name="system.webServer/imageCopyright">
<attribute name="enabled" type="bool" defaultValue="false" />
<attribute name="message" type="string“
defaultValue="Copyright Message" />
<attribute name="color" type="string" defaultValue="Red"/>
<attribute name="cacheDuration" type="int" defaultValue="20" />
</sectionSchema>
</configSchema>
Extending the IIS
Manager
Add Tracing Events to Modules
• Integrate your apps with IIS 7 tracing
• Emit trace events that are logged in IIS
trace logs
• Shows your modules events timestamped
and in sequence with other pipleline
events
• Quickly diagnose hangups, bottlenecks
• Can also add events in ASP.NET code
Add Trace Events to
Modules
Configuration Overview
• New configuration system
• Before: System for a server
• Now: System for a platform
• IIS 7 uses ASP.NET style grammar and syntax
• File based config: No intervening service
• Root file for central record
• Child files for setting properties at the site or app level
• Rich API support means easier to manage
• Rich extensibility means easier to integrate
• Even the IIS UI is modular and extensible
Introduction to IIS 7
Configuration
IIS7 Configuration System
.NET
Framework
ASP.NET
IIS +
ASP.NET +
.NET Framework
Machine.config
NET global
Root Web.config
ASP.net global
IIS7
Web.config
Per Application
ApplicationHost.config
IIS7 Global and Location
settings
Integration
Unifying technologies
• Across technologies
• Same file and format for IIS, ASP.NET, WCF
and third parties
• Across features
• Settings like authentication are set in a single
place
• Same API concepts and tool usage across
platform
IIS7 ASP.NET Integration
Basic
Anon
Authentication
ExecuteHandler
…
Static
File
ISAPI
UpdateCache
SendResponse
• Runs as ISAPI
• Integrated Mode
Authorization
ResolveCache
…
• Classic Mode
Compress
Log
• aspnet_isapi.dl
.NET modules /
l
Authentication
handlers plug
Forms
Windows
directly
into pipeline
…
ASPX all
• Map
Process
Trace
Handler
requests
…
• Full…runtime fidelity
Delegation
Distributing Configuration
• Administrators: control global and specific
settings. Controls delegation
• Site operators: modify settings for their
site/app – if permitted
• Developers: store app settings with
website config to enable Xcopydeployment of applications
• Locking permits granular control of config
Locking
• Non-administrators can modify/override properties.
• A special internal section: <configSections>
• Schema-related information that can be edited.
• Registration point for adding sections.
• Attributes:
• overrideMode: Defines the lockdown state of a
configuration section.
<configSections>
...
<section name="defaultDocument"
overrideModeDefault="Allow" />
...
</configSections>
Locking
Delegation Control with
Location
allowOverride="Allow”
• Use to specifically permit delegated control
• Allows changes in Applicationhost &
web.config for the section
<location path="MyWebSite" allowOverride="Allow">
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="index.htm" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
</location>
Delegation Control with
Location
allowOverride=“Deny”
• Use to centralize configuration control
• Can Deny specific paths and Allow others
• Permits changes for location only in
Applicationhost.config
<location path="MyWebSite" allowOverride=“Deny">
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="index.htm" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
</system.webServer>
</location>
Using the Location Tag
Granular Locking
• Unlocking a section opens up the whole section
for site/application owners to change.
• Granular locking can restrict specific elements or
attribute settings from being added, edited or
removed.
• Directives
•
•
•
•
•
lockAttributes
lockAllAttributesExcept
lockElements
lockAllElementsExcept
lockItem
Granular Locking
IIS 7 Schema
• Declarative schema that defines the configuration
properties and its logical groupings.
• Different from IIS 6 and ASP.NET.
• Specifies structure as well as names, types and
default values for settings of the section.
• Files
•
•
•
•
IIS_schema.xml
ASPNET_schema.xml
FX_schema.xml
optional custom schema.xml
• Extensible
Schema
• A configuration section
<defaultDocument enabled="true">
<files>
<add value="Default.htm" />
</files>
</defaultDocument>
• Its corresponding schema
<sectionSchema name="system.webServer/defaultDocument">
...
<attribute name="value" type="string" isUniqueKey="true"/>
...
</sectionSchema>
Reading the Schema
• Schema definition for defaultDocument
• Shows rules for configuration in
applicationhost.config
• Attribute “Enabled” is Boolean with default of
True
• Files Element
• Collection for add, clear, remove,
mergeAppend
• You can read the Schema for rules,
options, and defaults
Extending the Schema
• Store application config with IIS settings to
simplify site deployment
• IIS 7 Schema located in inetsrv\config
• Extend Schema by adding custom XML
schema files to the config folder
• Will automatically be added to the IIS 7
Schema
• Application can read schema settings
using Managed API
Summary
• Custom modules and handlers
• Extend reach of existing .NET handlers and
modules to non ASP.NET content
• Extend UI / Schema: integrated
administration
• Manage with granular delegated
administration
• Diagnose with built in / extensible tracing