IIS 6: The Complete Reference

Hethe Henrickson Scott Hofmann

HLllHB DarmStddt

urn1111 iiurnii
15905980

McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City

,f

Seoul Singapore Sydney Toronto

Contents
Acknowledgments Introduction xvii xix

D3I

IIS Fundamentals
About Windows Server 2003 Hardware Support in Windows 2003 Installing Windows 2003 Installing IIS The IIS Subcomponents IIS Services The IIS Directory Structure The Administration Web Site IIS Help Files The Inetpub Directory Accounts Used by IIS IUSR_COMPUTERNAME IWAM_COMPUTERNAME IIS WPG

3
4 4 5 6 6 8 9 9 10 10 10 10 10 10

Mf

IIS 6 :The C o m p l e t e

Reference

Navigating IIS The Microsoft Management Console The Metabase Metabase History Backing Up and Restoring the Metabase Editing the Metabase The Metabase Schema IIS 6 Architecture Worker Process Isolation Mode Application Pools Health Monitoring Orphaning Worker Processes Scalability Web Gardens

11 11 13 14 14 16 17 17 18 19 19 20 20 20

D1I

The WWW Service

Using the IIS MMC Web Site Directories Creating Virtual Directories Saving a Web Site Configuration to a File Creating a New Site Accessing Configuration Tabs The Web Site Properties Tabs Web Site Tab The Performance Tab The ISAPI Filters Tab The Home Directory Tab The Documents Tab The Directory Security Tab The HTTP Headers Tab The Custom Errors Tab The BITS Server Extension Tab The Server Extensions 2002 Tab Global Web Sites Properties Tabs The Service Tab Other Tabs Directory Level Properties Tabs File Level Properties Tabs Application Pools Creating an Application Pool Application Pool Properties

21
22 22 23 24 25 26 26 26 31 32 34 44 46 56 60 62 64 70 70 73 74 74 75 75 76

Contents

vff

IZJII

The FTP Service

Managing the FTP Service Viewing FTP Service Status Starting and Stopping FTP Sites Current Sessions Managing FTP Site Contents Using the MMC Refresh Creating and Configuring FTP Sites FTP Site Creation Wizard Creating FTP Sites Using the iisftp Script Using Export Definition Files Creating Virtual FTP Directories FTP Sites Node Configuration Advanced IIS MMC Configurations Connections Directory SecurityIP Address Restrictions Directory Listing StyleMS-DOS or UNIX Messages Logging Configuration

83
84 86 87 88 89 91 91 92 97 100 102 103 103 104 104 105 105 105

The SMTP Service

Managing the SMTP Service Viewing SMTP Virtual Server's Status Starting, Pausing, and Stopping SMTP Virtual Servers . . . Starting, Pausing, and Stopping SMTP Service Creating and Configuring SMTP Virtual Servers New SMTP Virtual Server Wizard Configuring an SMTP Virtual Server Connection Settings Logging Configuration Managing Inbound Messages Managing Message Delivery SMTP Server Access Security User Administrative Permissions Authenticating Incoming Connections Restricting Based on IP Address or Domain Name LDAP Routing SMTP Domains Creating Domains Configuring Domains

109
110 Ill Ill 112 114 115 118 119 120 121 123 128 128 128 129 130 131 131 133

viii

US 6 : The C o m p l e t e

Reference

CI3ifi

TheNNTPService
Installing the NNTP Service Administering NNTP Administering NNTP Service Administering an NNTP Virtual Server Configuring an NNTP Virtual Server General Tab Settings Access Tab Settings Settings Tab Security Tab Creating a New NNTP Virtual Server Newsgroups Limit Groups Enumeration Create a New Newsgroup Configuring Newsgroup Properties Administering Newsgroups Expiration Policies New NNTP Expiration Policy Wizard Configuring Expiration Policies Virtual Directories Node New NNTP Virtual Directory Wizard Configuring an NNTP Virtual Directory Current Sessions

135
136 138 138 139 141 142 144 148 150 151 153 153 153 154 154 154 155 156 157 158 158 160

IIS Administration

Dll

Security
Internet Security Background Why Vulnerabilities Happen How You Can Protect Your System Common Types of Security Issues Viruses Trojan Horses Worms How to Protect Yourself from Attack The Secure Windows Initiative Patching Your System Securing IIS Don't Install Components You Don't Need Don't Turn On Directory Browsing Lock Down cmd.exe Set Execute Permissions for Your Web Site

165
166 166 167 167 167 168 168 170 170 171 174 174 175 175 175

C o n t e n t s : IX

Don't Set Up Write for Your Web Site Avoid Basic Authentication Set Up Logging Unmap Unneeded IS API Application Extensions Hide the Fact that You're Using Scripting Use SSL for Sensitive Web Sites Always Use NTFS Permissions Be on the Lookout for Hackers Try to Hack In Control IIS Servers Security Policies in Windows Server 2003 Creating a Local Security Policy Using the Local Security Policies User Account Security Force Strong Passwords Enable Account Lockout Force Periodic Password Changes Remember Past Passwords Set a Minimum Password Age Use One-Way Encryption for Password Storage Don't Create User Accounts with Easy Passwords Web Service Extensions Allowing Web Service Extensions to Run Prohibiting a Web Service Extension from Running Adding a New Web Service Extension Allow All Web Service Extensions for a Specific Application Prohibit All Web Service Extensions Modifying the Properties for a Web Service Extension . . .

176 176 176 176 177 177 178 178 178 178 178 179 180 181 181 182 183 183 184 185 185 185 186 186 187 187 187 188

Authentication
Anonymous Authentication Logon Types Subauthentication in IIS Basic Authentication Basic Authentication Tokens User Accounts and Basic Authentication Digest Authentication Advanced Digest Authentication Integrated Windows Authentication About Microsoft Negotiate About NTLM Authentication About Kerberos Authentication

189
190 191 191 192 192 193 193 194 196 196 196 197

IIS 6 : The C o m p l e t e

Reference

.NET Passport Authentication Establishing .NET Passport Service Setting Up the Site for .NET Passport Using Multiple Authentication Schemes

198 199 202 203

TCP/IP and DNS

The History of TCP/IP and the Internet The ARPANET Architectural Models for Communications Protocols The DoD Protocol Model The OSI Protocol Model Communicating Across the Layers Encapsulation Addressing in TCP/IP MAC Addresses IP Addresses IP Protocol Versions IPv4 IPv6 The TCP, UDP, and ICMP Protocols Using TCP/IP Choosing an IP Address Configuring IPv4 The IP Settings Tab The DNS Configuration Tab The WINS Configuration Tab The Options Tab Configuring IPv6 Installing IPv6 Using the NETSH Interface Changing the Primary DNS Suffix DNS and Windows Server 2003 History of DNS ABrief Overview of DNS and TLDs How DNS Names Are Resolved DNS Zone Storage Storing Your Zone Information in a Text File Storing Zone Information in Active Directory DNS Dynamic Updates Regular Dynamic Update Secure Dynamic Update Windows Server 2003 as a Caching Server Resource Record Types in DNS

205
206 206 206 207 208 209 209 210 210 210 211 211 212 213 213 214 214 214 217 218 220 221 221 222 222 223 223 223 226 227 227 229 230 231 231 231 231

Contents

x!

Installing DNS on Your WS03 Server The DNS MMC Event Viewer Forward Lookup Zones Reverse Lookup Zones Using Round Robin DNS Using a Hosts File for Name Resolution

234 235 235 235 236 240 241

DI3

Administration Tasks
Editing the XML Metabase File Editing While the Server Is Running Editing While the Server Is Stopped Using the ADSI Provider IIS ADSI Objects IIS ADSI Properties IIS ADSI Methods Using the WMI Provider WMI or ADSI? Scripting with WMI Using the VBScript Utilities Provided with IIS Remote Administration with the HTML Interface Using the Remote Administration Site

243
244 244 245 245 245 246 247 248 248 249 251 253 254

10

Encryption
About Digital Certificates Certificate Keys Who Are Certificate Authorities? How Server Certificates Work with SSL How Client Certificates Work Creating Your Own CA Choosing Which Type of CA to Install Installing the Certificate Services on Your Server Creating a Certificate Request with IIS Sending a Request to Your Own CA Sending an SSL Certificate Request to a Commercial CA Sending a Request for a Client Certificate from the Certification Authority MMC Snap-in Sending a Request for a Client Certificate from the Web Issuing or Denying Certificates from a Standalone CA . . . Downloading a Web Browser Certificate from the Web Installing an SSL Certificate

259
260 260 265 265 266 267 267 268 272 273 275 277 278 278 278 279

xil

IIS 6 : The C o m p l e t e

Reference

Configuring SSL Settings Requiring Secure Communication Mapping Client Certificates to User Accounts Backing Up and Restoring a Certificate

280 281 281 285

D l i 11

Logging
Log File Formats Enabling Logging for Your Site Log File Formats W3C Extended Log File Format Microsoft IIS Log Format NCSA Common Log File Format ODBC Logging Using Custom Logging Modules Setting Up a Custom Logging Module with IIS Centralized Binary Logging Setting Up Centralized Binary Logging Crunching the Data

289
291 291 295 295 302 303 306 312 312 315 315 315

IIS Programming

12

ASP Programming
Overall Architecture of ASP Editing ASP files Setting Up IIS to Host ASP ASP Fundamentals ASP Objects Response Object Application Object Request Object Session Object Server Object Using XML Making a Transformation Using XSL ,

319
320 321 324 327 328 329 329 330 338 343 356 357

13

COM Web Programming

Introduction to VB6 Setting Up an ActiveX DLL Project Creating a Class Interface in an ActiveX DLL Object Browser Building a Test Harness

363
365 366 369 369 372

Contents !

xiii

Deploying a COM DLL Using regsvr32 Using Component Services Unit Test a COM DLL Using VB in COM Building a COM Object in VB6 with Data Access Support Properties in Classes Database Connection Credentials Error Handling Writing to Database Serializing into XML Enhanced Test Harness Deploy to COM+ with Constructor String Integrating XML and XSL

374 375 375 386 388 389 391 391 395 397 406 408 410 412

II 14

ASP.NET Web Forms

Overview of the Web Forms Architecture Getting Started in Visual Studio .NET Web Form FileASPX Web Form Codebehind Fileaspx.cs Assemblylnfo.es File Project Filecsproj Project Weblnfo Filecsproj .webinfo Discovery Information Filevsdisco Web Configuration Fileweb.config Building Web Forms Editing Code for a Data-Oriented Web Form Data Form Wizard Using XML

421
422 424 426 430 433 433 434 434 435 436 438 449 453

Ii 15

ASP.NET Web Services

Web Services Architecture Creating a Web Service Using Visual Studio .NET Using the Component Designer Event Log Component Application Security Testing the Web Service Writing a Test Harness

457
458 459 462 480 482 486 489

II 16

ATLServer
ATL Server Architecture Overview Create a Simple ATL Server Project

493
494 497

xiv

. IIS 6 : The C o m p l e t e

Reference

Using the ATL Server Project Wizard Project Settings Server Options in the ATL Server Project Wizard Application Options in the ATL Server Project Wizard . . . Developer Support Options in the ATL Server Project Wizard ATL Server Project Wizard Completion Server Response Files Tags in Server Response Files Request Handler DLL

503 503 504 509 512 514 514 514 518

17

ISAPI Extensions
ISAPI Architecture Overview URL Anatomy ISAPI Extensions Interacting with IIS ISAPI Compared to ATL Server Building a Simple ISAPI Extension Definition Export File ISAPI Extension Main Entry Point Deploy the HelloWorld ISAPI Extracting Information from IIS Building XML Representing the Server Variables Values Special Case of ALL_HTTP Server Variable Parsing the Header-Value Pair Assembling the Remaining XML Elements ISAPI Project Template Wizard Creating an ISAPI Extension in Visual Studio .NET

523
525 525 526 528 528 533 534 538 542 545 545 555 557 563 564

;j:y ':. , ,;

IIS Extras

,.

. , :

_J

18

Software Process and Methodology for Web Applications

Definition of Terms The Unified Process An Adaptation of the Unified Process Define Project Scope Statement of Work Scope Estimate Scope Project Plan

571
572 573 574 576 577 578 578

Contents

XV

Define Functionality Functional Specification Gathering Functional Requirements Define the Design What Is a Facade? Produce the Facade Presenting the Facade Write the Technical Specification Technical Specification Template Functional Test Scripts Build the Solution Test the Solution Deploy the Solution After the Project Completion

581 582 590 591 592 594 595 597 598 600 601 603 604 605

19

Bringing It All Together: Creating Your Own Web Site Using IIS
Get a Domain Name Get an IP Address Set Up DNS Prepare the Server Checking Server Hardening Setting Up the Directory for the Web Site Securing the NTFS Permissions for the Site Add the Web Sites to IIS Enable ASP Configure the Application Pool Make the Code Make a Database Get a Certificate for the Test Site Get a Certificate for the Production Site Set Up the Web Site Security Create a User Account Set Up NTFS Permissions Set Up the Authentication Options Test the Code Roll into Production

607
608 609 610 612 612 613 613 616 616 616 617 622 623 625 626 626 627 628 629 629

20

Troubleshooting
Log Files About W3C Logging The Windows Event Viewer MIME Mappings

631
632 632 636 638

xvi

MS 6 : The C o m p l e t e

Reference

Dynamic Web Content Permissions Issues Worker Processes Worker Process Identity Worker Process Recycling Web Service Shutdown Performance Monitoring Real-Time Monitoring Using Counter Logs Using Alerts in Performance Monitor The General Tab The Action Tab The Schedule Tab

639 640 640 640 641 641 642 644 644 648 648 650 651

GH H

Appendix: XML Index ....'.

Escape Values

653 675