Internet Information Services (IIS) is Microsoft's premier Web server offering. As a product, it's available with almost all professional and enterprise versions of Microsoft's Windows operating system (OS). Table 2.1 lists the versions of IIS available with the various Windows OS versions.
Windows (OS) Version | Available IIS Version |
---|---|
Windows 2000 | IIS 5.0 |
Windows XP Professional Edition | IIS 5.1 |
Windows Server 2003 Family (Windows 2003 Web, Standard, Datacenter, and Enterprise editions) | IIS 6.0 (which can also be run in IIS 5.0 isolation mode) |
Windows Vista and Windows Server 2008 | IIS 7.0 |
Throughout this section, I discuss the concepts, settings, and configuration of IIS 6.0. Although at the time of this writing IIS 7.0 was available for use as a Web server, it was not heavily deployed, and most organizations were still developing strategies for possible upgrades and migration. I use IIS 6.0 as the Web server platform for this book simply because of its wide acceptance, its success, and its ability to host SharePoint environments. Also, while I discuss the most important concepts for IIS 6.0 (which help you understand SharePoint Designer components and features better), a detailed discussion of IIS 6.0 architecture and functionality is beyond the scope of this text.
The IIS 6.0 release for the Windows 2003 server family of operating systems is by far the most reliable, scalable, and secure version of IIS. It provides unparallel reliability and uptime to Web applications (and Web sites) through its application isolation environment, which allows Web applications to run in their own process space without interfering with each other. It includes a number of security features that ensure the protection and integrity of Web content and data presented by your Web sites. Also, it offers support for the latest Web standards, including HTTP 1.1, TCP/IP, FTP, SMTP, NNTP, and WebDAV.
The first question that might come to the mind of a Web site designer when discussing IIS is how to configure Web sites for use with SharePoint Designer. However, hold on to this feeling while I talk about some basic IIS concepts. I can assure you that once these concepts are clear, you should feel more comfortable working with the IIS interface. Obviously, you would want to know what an application pool is before you go ahead and create one.
As discussed later in this chapter, IIS can host multiple Web sites on a single Web server computer. Although that sounds fairly simple, identifying these multiple Web sites on a single computer as separate when viewed from the Internet involves some work on the part of site administrators.
To distinguish among multiple Web sites on a single computer and ensure that user requests for a Web site can be served from the correct physical location, IIS provides the identification options shown in Figure 2.1:
Multiple IP addresses: An IP address identifies a computer on a given network. If your Web server computer is configured for multiple IP addresses, you can set up Web sites using these multiple addresses. However, this approach requires that you have one unique, static IP address for each Web site hosted on the Web server. Because public static IP addresses are difficult to obtain, this approach might not necessarily be your one solution for identifying multiple Web sites on a single server. You can open a Web site configured with an IP address in SharePoint Designer by using the site name http://serveripaddress — for example, http://192.164.52.16.
Multiple ports: The standard port for Web-based HTTP operations is port 80. If a port is not specified manually, it's assumed that port 80 should be used. However, there are a number of TCP/IP ports that can be specified for Web site identification. For example, you can have three Web sites use a single IP address but three different ports. The downside of using this approach is that the Web site user needs to denote the IP address (or the name of the server) followed by the port number to reach the Web site. To open a Web site configured with a TCP port in SharePoint Designer, use the format http://serveripaddress:portnumber — for example, http://192.164.52.16:8000 — for the site name.
Multiple host headers names: This is the most recommended approach and is commonly followed by Internet-facing Web server machines. The host header is a friendly name (such as www.wiley.com) that can be associated with a Web site. Each Web site on the Web server can have a set of host headers associated with it that helps IIS identify the Web site when user requests are made. If your Web site is configured with a host header, you can open it in SharePoint Designer by using the site name format http://hostheader — for example, http://www.wiley.com.
This signature, or identification, of a Web site — which includes the combination of an IP address, a port, and a host header — is called the Web site's server binding and is stored in the IIS configuration file (called the metabase file).
Later in this chapter, I take you through the steps for configuring multiple Web sites on a single Web server machine. As a matter of fact, you use this approach to set up four separate Web sites with FTP, WebDAV, FPSE, and SharePoint and then later use them to understand related SharePoint Designer features.
When you open a protected Web site in SharePoint Designer, you're prompted for a username and password, which are used by the Web server to identify you and then determine the operations that you can perform. The process of identifying a user before granting access to a resource is called authentication. Authorization, on the other hand, is the process of determining the level of access an authenticated user has. IIS offers these authentication mechanisms, as shown in Figure 2.2:
Anonymous authentication: Allows IIS to determine the kind of access for users who aren't known, such as those who don't have a username or password that can be used for authentication. If anonymous access is allowed, IIS uses the built-in IUSER_Machinename account (set up during the IIS installation process) for authentication.
Windows integrated authentication: This is the most secure form of authentication because users must use their Windows accounts to identify themselves with IIS 6.0. This form of authentication is point to point; that is, the user credentials can't be passed on from one machine to another. For example, once the Web server identifies the user with a username and password, it can't double-hop, which is using the credentials to connect to a different resource or computer on the network. Due to this, Windows integrated authentication is not suitable for Internet use, where the request might have to hop from one machine to another before reaching a Web server.
Basic authentication: As the name suggests, this is the most basic form of authentication, where the username and password are sent as clear text and are easily susceptible to security breaches and attacks. However, it's the most simple to set up and maintain and is the most common form of authentication used on the Internet. To increase protection, basic authentication is always used on a Secured Socket Layer (SSL) encryption channel.
Digest authentication: This offers functionality similar to basic authentication but increases security by providing better encryption of the user credentials across the network.
Passport authentication: This provides a .NET-based single sign-in service, where users have to type their credentials only once and then gain access to all Web sites and related resources.
While authentication is mostly provided to Web sites and Web applications by IIS 6.0, authorization can be either done manually or, as in the case of FPSE and SharePoint, by using a custom application. The most basic authorization involves adding (or removing) users and granting (or denying) them access by using the Security tab inside the folder's Properties dialog box in Windows Explorer, as shown in Figure 2.3.
In previous IIS versions, Web sites and Web applications were loosely packed; that is, Web applications could interfere with each other, and faulty code running in one Web application could bring down other Web applications running along with it or, in worst cases, IIS itself. IIS 6.0 introduced the concept of application isolation (worker process isolation mode) and allows Web site developers and administrators to separate Web sites and applications into application pools.
Worker process isolation mode ensures the protection and separation of the IIS base processes (such as inteinfo.exe) from the Web application processes. All Web sites and Web applications run inside separate worker processes (w3wp.exe) that can't interfere with the root functionality of IIS. So, if a Web application crashes or hangs because of faulty code, only the worker process associated with the Web application is affected, and other processes can still run and serve requests without problems.
You implement application protection by creating application pools and associating Web applications with application pools. (You can have an application pool that hosts one or more Web sites.) All the Web sites associated with an application pool run in a single worker process (or in multiple worker processes, in the case of Web gardening). If the application pool stops or becomes unhealthy, only Web sites associated with that particular application pool are affected.
For example, you can define the properties of the MSSharePointAppPool application pool by using the MSSharePointAppPool Properties dialog box, as shown in Figure 2.4. Using this dialog box, you can set up the recycling, performance, and health settings of the application pool. You can also define the credentials under which the worker process associated with the application pool run.
NOTE
IIS 5.0 isolation mode is a mechanism offered by IIS 6.0 to emulate IIS 5.0 behavior and operational architecture. SharePoint doesn't support IIS 6.0 running in IIS 5.0 isolation mode (provided in IIS 6.0 for backward-compatibility) and can only work with IIS 6.0 configured in the worker process isolation mode.
One more level of protection that's available to you for Web sites is to control the execute permissions for Web site content. These options are available under the Home Directory tab in the Web Site Properties dialog box, as shown in Figure 2.5:
None: No Scripts (ASP, ASP.NET, etc.) or executables (.exe, .dll, etc.) can be run.
Scripts Only: Only scripts can be run.
Scripts and Executables: Both scripts and executables can be run.
You use the execute permissions to determine the level of code execution that can be performed on a Web site. These options provide an added level of security for Web sites so that unwanted content can't run on the Web sites without proper configuration.
One more level of protection that IIS 6.0 offers is that it provides an interface to easily allow or prohibit any known or unknown Web Service extension. Web Service Extensions is a generic name for all Common Graphical Interface (CGI) and Internet Server Application Programming Interface (ISAPI) applications that can be installed and configured on IIS. Common ISAPI applications are ASP.NET, FPSE, and SharePoint. As shown in Figure 2.6, you can easily allow or prohibit Web Service extensions by using the IIS 6.0 interface.
IIS 6.0 follows the locked-down configuration so that all ISAPI extensions must be manually enabled before using them. Extensions such as WebDAV are disabled at the server level by default, and you have to manually enable them by using the Web Service Extensions interface before they can be used.
You can install IIS 6.0 on a Windows 2003 server using the following steps. While you're installing IIS 6.0, these steps also guide you to install the FTP service and FPSE 2002 on the machine:
NOTE
You might be requested to provide the Windows 2003 or Windows 2003 Service Pack (SP) 1 installation media during the installation of IIS 6.0.
Choose Application Server from the list of components and then click Details. The Application Server dialog box opens.
Along with the options selected by default, ensure that the ASP.NET check box is selected.
Click Internet Information Services (IIS) and then click Details. The Internet Information Services (IIS) dialog box, as shown in Figure 2.7, opens.
Click Next to allow the wizard to install the requested components.
After the setup is complete, the new Internet Information Services (IIS) Manager shortcut appears inside Start Administrative Tools. The IIS administrative interface, as shown in Figure 2.8, is called the Internet Information Services (IIS) Manager and is a snap-in added to the Microsoft Management Console (MMC). You can also access the IIS Manager by typing inetmgr in the Start Run dialog box. The console provides the interface to change Web server settings for IIS, create and manage Web sites and virtual directories, set up application pools, and perform other management operations for the Web server.
Although the IIS Manager can be used to connect to the IIS Web Service running on any computer (right-click on Internet Information Services in the left pane and then choose Connect from the popup menu), it connects to the IIS Web Service running on your local computer by default. So, when you open the IIS Manager on your Web server, it displays the list of application pools and Web sites hosted by the local Web server in a treeview under the machine name.
You can enable the Web Service Extensions that you want to use on the Web server by clicking on the Web Service Extensions folder in the left pane of the IIS Manager. Right-clicking on the extension opens a popup menu that allows you to enable/disable the extension.
|
The master properties that affect all new Web sites and application pools for the Web sites (and application pools) can be set by right-clicking on the Web Sites (and Application Pools) folder in the left pane of the IIS Manager and then choosing Properties from the popup menu. When you create a new Web site (or an application pool), these properties are copied to form the properties of the newly created Web site (or application pool).
To create a new Web site by using the IIS Manager, follow these steps:
Right-click on the Web Sites folder and then choose New Web Site from the popup menu. The Web Site Creation Wizard, as shown in Figure 2.9, opens.
Click Next to start the wizard.
In the IP Address and Port Settings window, specify the IP address, port, or host header that you want to use to identify the Web site. For example, for this exercise, set the IP address to All Unassigned, change the port to 8000, and leave the host header blank. This makes the server binding so that the Web site is accessible by using the address http://servername:8000.
Click Next.
In the Web Site Home Directory window, specify the folder that you want to set as the root folder for the Web site. You can use the Browse button to either choose the location or create a new folder at the location of your choice. Keep the Allow anonymous access to this Web site check box selected if you want to allow anonymous access to Web sites.
Click Next and then click Finish to complete the creation of your Web site.
If your Web site's server binding already exists — that is, if another Web site uses the IP address, port, and host header combination you specified for your Web site — you receive a message indicating that a Web site already exists. Although the Web site is created in such a case, it can't be started until the server binding is unique.
By default, the new Web site inherits the master properties configured for new Web sites by using the IIS Manager. If you use the default master properties for Web sites, the new Web site is configured to use the DefaultAppPool application pool (created by default during initial IIS configuration). To create a new application pool and associate your Web site with the new application pool, follow these steps:
Right-click on the Application Pools folder in the left page in IIS Manager and then choose New Application Pool from the popup menu. The Add New Application Pool dialog box, as shown in Figure 2.10, opens.
Using the Application Pool ID text field, type a name for the application pool. Using the application pool settings, you can choose whether to use the master application pool settings or use settings of an existing application pool for new application pool creation.
Click OK. The new application pool appears in the list of application pools under the Application Pools folder. Click the new application pool, and the right pane in the IIS Manager is empty. This indicates that the application pool doesn't yet have a Web site associated with it.
Right-click on the Web site you just created in the previous steps and then choose Properties from the popup menu. The Properties dialog box for the new Web site opens.
Click the Home Directory tab. In the Application Settings, click the Application pool dropdown menu and then click the newly created application pool.
Click Apply and then click OK.
The newly created Web site appears in the right pane of the IIS Manager when you click the newly created application pool. This list always shows all the Web sites that use the application pool. If you right-click on the application pool on the left pane in the IIS Manager, you can start, stop, or recycle the application pool. Recycling the application pool is a process where the application pool is restarted without actually causing the associated Web applications to stop working. IIS does this by creating a new worker process for the application pool before terminating the existing one. After the new worker process is created, all user requests are redirected to the new worker process, and the old one is then terminated. This configuration helps in increasing the uptime for the Web sites while the application pools remain healthy and badly used resources recovered.
You can specify recycling settings for an application pool by right-clicking on it and then choosing Properties from the popup menu. The Properties dialog box allows you to perform these operations:
Recycling: Provides the settings for configuring the recycling of worker processes associated with the application pool
Performance: Offers the settings to enable CPU monitoring and Web gardening
Health: Allows you to configure settings for rapid-fail protection for application pools. Rapid-fail protection facilitates that the application pool can be disabled after it fails for a particular number of times.
Identity: Allows you to set up the user account that the worker process associated with the application pool runs under
If you need to change the properties of a Web site itself, you can do so by using the Web Site Properties dialog box (which you can open by right-clicking on the Web site and then choosing Properties from the popup menu). Using the Web Site Properties dialog box, you can change these settings:
Web Site: Offers an interface to change the Web site's server binding and enable IIS logging for the Web site
Performance: Allows you to set bandwidth throttling and change the number of allowed Web site connections
ISAPI Filters: Shows (and allows addition/removal of) the ISAPI filters that are active for the Web site
Home Directory: Allows you to change the Web site root folder location, set general application settings, change application pools association, and set execute permissions for the Web site
Documents: Allows you to set a list of default documents for a Web site. If it exists in the site content location, the top document in this list becomes the home page of the Web site.
Directory Security: Allows you to change the authentication mechanisms that the Web site uses, configure restrictions, and set up SSL
HTTP Headers: Lists the custom HTTP headers and provides settings for content expiration, rating, and MIME types
Custom Errors: Lists the default error messages that IIS shows when an issue occurs while accessing a Web site. You can use this tab to change the default Web pages associated with the various IIS error codes.
ASP.NET: Allows you to set the version of ASP.NET to be used for the Web site
Server Extensions 2002: If the Web server is configured with FPSE 2002, this tab provides the mechanism to open the administration Web pages for configuring FPSE settings related to the Web site.
Although you just created a Web site by using the IIS Manager, the Web site still isn't completely ready for SharePoint Designer because this Web site doesn't have a publishing or remote authoring mechanism set up for it. You can't yet open or publish this site in SharePoint Designer with an Internet-based HTTP address.
The best you can do as far as pushing Web content into this Web site is to copy the Web pages and files you created with SharePoint Designer from your local root folder to the root folder of this Web site. However, this isn't a recommended method, especially when you're using FPSE features, and it's not applicable for SharePoint sites.
3.138.137.143