In the left column, select the Web site where you would like to create a virtual directory.. In the left column, select the Web site where you would like to create a virtual directory..
Trang 1slightly different than in previous versions of IIS The important change is that virtual directories in
IIS 6.0 were typically assigned to the application of their parent, where IIS 7.0 creates a new root
application
To create a new virtual directory, you do the following:
1 In the left column, select the Web site where you would like to create a virtual directory
2 Right-click the Web site—for example, Default Web Site
3 Click Add Virtual Directory…
4 In the Add Virtual Directory Wizard , type alias and enter the path.
5 Click OK
Creating Applications
Many veteran IIS administrators were very familiar with the concepts sites and virtual directories,
though, not nearly as familiar with applications On the other hand, Web developers typically
are the opposite and are focused on applications IIS 7.0 brings the concept of applications to
the forefront and makes applications fi rst-class citizens This isn’t to say they haven’t been important
in the past, just that they typically weren’t the focal point—something that is certainly different
in IIS 7.0
The key concept to grasp about applications is that applications are the fundamental building
blocks of your Web sites They are where your developers or Web business-logic is executed and
where applications are assigned to a specifi c application pool To isolate them fully, you would have
one application per application pool, though you can certainly have many applications all participating
in the same application pool
To create a new application, do the following:
1 In the left column, select the Web site where you would like to create a virtual directory
2 Right-click the Web site—for example, Default Web Site
3 Click Add Application…
4 In the Add Application Wizard , type alias, select an application pool, and
enter the path
5 Click OK
Creating Application Pools
Application pools is a concept that was added in IIS 6.0 In IIS 7.0, it changed very little and is
basically the same and defi nes what applications run within what worker process This is IIS’s isolation functionality and is where you can recycle, change process identity security, and view health and
diagnostics information By default, IIS 7.0 provides you with a single application pool called
DefaultAppPool
Trang 2To create an application pool, do the following:
1 In the IIS Manager Connections pane, expand the server node and click Application Pools
2 On the Application Pools node, right-click and choose Add Application Pool…
3 In the Add Application Pool dialog, provide a name for the application pool in the
Name fi eld
4 From the .NET Framework version list, select the version required by your managed
applications Otherwise, choose No Managed Code if the applications in this pool don’t
require the NET Framework
5 From the Managed pipeline mode list, select the ASP request processing mode
6 Select the Start application pool immediately check box to start the pool when the WWW service is started
7 Click OK to create the new Application Pool
SOME INDEPENDENT ADVICE
The default behavior for adding new Web sites in Windows Vista is to add it to the DefaultAppPool This behavior is by design since Windows Vista is a client
environment and isolating each Web site and its root application into its own
application pool would hinder the performance of the client
In Windows Server “Codenamed” Longhorn, though, each time you create a new Web site using IIS Manager it will create a new application pool This behavior is expected and creates maximum isolation of your Web applications and is a good security practice
NOTE
The Actions pane provides the same “right click” functionality for the Application Pools
Changing Authentication Settings
You can take several actions in the security space, such as changing the authentication type for your Web site or application The needs of your Web applications often differ even though they are running on the same server and it is important to understand how to change authentication
settings
Trang 3Authentication in IIS 7.0
IIS 7.0 offers several options like previous versions of IIS for authenticating to your Web server The default behavior for a typical installation of IIS 7.0 is to have all authentication types disabled except anonymous authentication
Enabling Basic Authentication
Basic authentication is a standards-based authentication for HTTP clients It is a popular
authentication when protected by SSL, but should not be used on the Internet without protecting
the authentication with SSL since it will expose your user’s credentials, given it is an insecure
protocol
To enable Basic authentication, click the left column of your Web site, then follow these steps:
1 On the Web site home page, double-click Authentication.
2 Select Basic Authentication by clicking it
3 In the right-column, click Enable in the Actions.
Enabling Windows Authentication
In Intranet environments, it is common to disable anonymous authentication and enable Windows
authentication In IIS 6.0, Windows authentication was enabled by default but this isn’t the case in
IIS 7.0 There is often a lot of confusion around Windows authentication because it has a couple of
authentication protocols in it, namely NT Challenge\Response (NTLM) and Kerberos The default setting is to allow both in IIS 7.0 and let the client select the protocol to use
To enable Windows authentication:
1 Click your Web site in the left column
2 On the Web site home page, double-click Authentication.
3 Select Windows Authentication by clicking it
4 In the right-column, click Enable in the Actions.
SOME INDEPENDENT ADVICE
It is possible that when viewing Authentication in IIS Manager you will not see all
the supported IIS 7.0 authentications in the list This is what happens when you have chosen not to install the authentication during setup If you do not see the
authentication type you want, use setup to add the features binaries and then
restart IIS Manager
Trang 4Enabling Digest Authentication
Digest authentication is a standards-based authentication protocol defi ned in RFC 2617
(www.ietf.org/rfc/rfc2617.txt) In IIS 7.0, there is only one version of digest authentication, unlike in IIS 6.0 For more information on digest authentication, see the following Microsoft Webcast www.iis.net/default.aspx?tabid=2&subtabid=26&i=67
To enable Digest authentication:
1 Click the left column of your Web site
2 On the Web site home page, double-click Authentication.
3 Select Digest Authentication by clicking it
4 In the right-column, click Enable in the Actions pane.
Enabling Forms Authentication
The integration between IIS and ASP.NET is unprecedented in IIS 7.0 This integration lets you protect all your content using ASP.NET’s forms-based authentication This cookie or cookie-less-based authentication allows Web applications to be authenticated using credentials other than Windows For more information on forms authentication, see the following http://msdn2.microsoft com/en-us/library/aa480476.aspx
To enable forms authentication:
1 Click the left column of your Web site
2 On the Web site home page, double-click Authentication.
3 Select Forms Authentication by clicking it
4 In the right-column, click Enable in the Actions pane.
SOME INDEPENDENT ADVICE
When using Forms Authentication, you will need to do a bit more work than just enabling it in IIS You are required to create a default login page using ASP.NET’s login control and save that page The default settings for Forms Authentication are available in IIS Manager by clicking Edit after selecting Forms Authentication
Viewing Worker Process Details
IIS 7.0 gives administrators some incredible information about what is occurring in IIS’s worker processes This includes giving you the ability to see what requests are currently executing within
a worker process and other details, like how long it has been executing This is all available by viewing worker process details in IIS Manager
Trang 5To view currently executing requests within a worker process:
1 Click the left column of the server
2 Select Worker Processes on the home page
3 Click DefaultAppPool
4 In the Actions pane, click View Current Requests.
Changing Diagnostic Settings
IIS 7.0 offers some powerful diagnostics capabilities, in particular the all-new Failed Request Tracing You will learn more about failed request tracing in Chapter 17, but for our purposes here we will
show you how to enable failed request tracing to assist you in troubleshooting your Web applications Failed request tracing is a two-step process when using IIS Manager The fi rst step is to enable
tracing for the server, and then confi gure your rule for tracing to capture the data
Do the following to enable Failed Request Tracing:
1 Click the left column of your Web site
2 In the right column, click Failed Request Tracing under Confi gure.
3 In the Edit Web Site Failed Request Tracing Settings , check Enable and choose
a path for your log fi les
4 Choose the number of log fi les to maintain in the Maximum number of trace fi les
5 Click OK
BEST PRACTICES FROM MICROSOFT
For Web sites that are heavily used with hundreds of requests per second, it is
recommended you set the Maximum number of trace fi les much higher than the
default of 50 This will aid you in ensuring that when your problem occurs you will
not have lost the data because of the busy nature of the site
Selecting Rules for Failed Request Tracing
The key step to ensuring you capture the right data is to set up the right rule You will learn later
that you can set up multiple rules for your server, site, or application to assist you in troubleshooting your problem The key step to understand is how to narrow your rule to capture only the data you
need, nothing more
In our example, we will show how to use a simple rule for capturing data when a HTTP 500
error occurs HTTP 500 errors are defi ned as server failures and come in various fl avors