|
|
These blog entries are written by industry experts and leaders. We consider this content to be a good read for any software developer or web technologist.
Browse by Tags
All Tags » IIS7 » ASP.NET (RSS)
-
One of the core priorities we focused on when building IIS 7 was to enable a rich .NET extensibility model that provides developers with the hooks to easily plug-in and extend the web server. These extensibility hooks are provided in the web-server pipeline (enabling scenarios like the new IIS7 Bit Rate Throttler), within the configuration system (enabling developers to create new web.config schema settings), within the health monitoring system (enabling developers to add custom trace events), and within the admin tool (enabling developers to plug-in new admin UI modules). We added these extensibility hooks so that anyone can easily extend and enhance the web server using .NET. We also selfishly wanted them so that we can ship regular feature packs that add additional features to the core web server. IIS 7 Admin Pack Preview 1 Released Last week the IIS team shipped the first technical preview of some really cool administration modules that I think web developers will find super useful. This preview adds several new features to the IIS7 Admin Tool: -
Database Manager: Built-in SQL Server database management, including the ability to create, delete, and edit tables and indexes, create/edit SPROCs and execute custom queries. Because it is integrated in the IIS administration tool it all works over HTTP/SSL - which means you can use the module to remotely manage your hosted applications (even with low-cost shared hosting accounts), without having to expose your database directly on the Internet. -
Log Reports: Built-in report visualization with charting support for log files data. Full range selection and custom chart creation is supported, as well as the ability to print or save reports. Like the database manager you can use this module remotely over HTTP/SSL - which means it works in remote shared hosting scenarios. Below are some screen-shots and simple walkthroughs of the Log Reporting and Database Manager administration UI modules: Log Reporting Admin Module Have you ever deployed a web application onto a server and wondered how much load it is getting?, what the average response time from the server is?, or whether many server errors are occurring (and if so on what URLs)? All of these settings are carefully logged by IIS in a text based log file. Today most people use command-line tools like the IIS Log Parser utility to query and analyze these files. The IIS 7 Admin Pack and the new "IIS Reports" admin module now enable you to also query and chart your reports graphically within the IIS admin tool: 
Out of the box the "IIS Reports" admin module comes with a bunch of pre-built logparser-based reports that you can easily run on your sites and applications: 
Below is a simple graphical report we could pull up that looks at the HTTP status codes being returned by my "TestSite" application (note how we are using the "bar graph" visualization option): 
Reports can optionally be filtered using a date range. You can also push the print or save buttons within the report page to generate a printer or a local saved version of the report. 
The IIS7 Admin Tool is a rich client application (built using WinForms) - but it does all of its remote access and work using HTTP based web-services that connect to the remote web-server. This means it will work through firewalls, and a hoster does not need to open up ports in their network in order to enable it. Once a hoster installs the IIS 7 Admin Pack on their web-servers, remote customers managing their hosted sites using the IIS admin tool (which is built-into Vista and available as a download for Windows XP clients) will automatically be prompted to enable the IIS Reports admin module (the install of the client-side module is seamless). They'll then be able to use the reports module inside their admin tool to pull up reports for their remote hosted sites. Note: hosters can optionally disable this feature if they want, or choose to restrict or customize the list of reports provided. Hopefully most hosters will chose to just make this a standard feature of all IIS and ASP.NET plans they offer. Database Manager Module Have you ever deployed your application and database to a remote hosting provider and wanted to make a quick change to the database (but your hosting provider didn't support accessing it using the SQL admin tool)? Using the new "database manager" module within the IIS admin tool you can now remotely access your database and make changes to it using HTTP/SSL through the web-server. Just connect your IIS administration tool to your remote site and click the new "Database Manager" icon: 
By default the Database Manager module will look at the <connectionStrings> section of your web application's web.config file, and allow you to easily access any of the databases your hosted application is using. For example, below my TestSite application has a "NorthwindConnectionString" setting in the <connectionStrings> section of my web.config (which is why it shows up in my list of connection nodes). When I click it I can view and edit my SPROCs and Table Schema (including indexes): 
We could right-click on any table to edit the row data within it, or alternatively perform a custom SQL query to retrieve a custom set of data: 
What is nice is that a hoster can easily enable all of the above database admin features for both dedicated and shared hosting plans (even when there are hundreds or thousands of customers on a single server). Like all other modules in the admin tool, all communication between the rich client front-end and the backend at the hoster is done over HTTP/SSL based web-services (meaning it goes through firewalls and doesn't require the hoster to open any new ports - nor expose the SQL server directly on the Internet). Hopefully this database administration module will just be a standard feature that all IIS hosters enable - which will make remote hosted data management much easier going forward. Summary Over time you'll see even more admin UI modules be shipped in the IIS 7 Admin Pack and many more features enabled (Carlos, who runs the dev team building the admin tool, is actively asking for suggestions on what you'd like to see via his blog - so drop him a comment if you have a suggestion or want to provide some encouragement). You can download the first technical preview of IIS 7 Admin Pack release here as well as learn more about it via the online documentation here. The above modules work with both the IIS7 release in Vista SP1 as well as Windows Server 2008. Hope this helps, Scott 
|
-
MIX is a Microsoft web development conference we hold in Las Vegas each year. MIX tends to be a pretty fun event, both because it covers cutting edge content (we used MIX07 to announce our Silverlight plans), and also because it tends to attract a really diverse set of attendees (including both those who use Microsoft technology today, and a large % of attendees who don't). The conference structure includes a healthy blend of sessions and interactive panels, and the layout and organization is designed to facilitate great conversations. This year's MIX is being held March 5th-7th in Las Vegas. Ray Ozzie and I are both giving keynotes the first day of the event, and Steve Ballmer and Guy Kawasaki will be doing a keynote the second day of the event. The conference (and especially my keynote) is going to cover a lot of new web technology. Attendees will be able to attend sessions covering: - IE 8
- IIS 7.0
- ASP.NET (including ASP.NET 3.5, ASP.NET AJAX, ASP.NET MVC, and ASP.NET Dynamic Data)
- VS 2008 and Expression Studio
- WPF
- Silverlight 2
- And much more....
Channel 9 recently did an interview with me where I talked about some of these new technologies. In Part 1 of the interview I talked about IIS7, and in Part 2 of the interview I talked about ASP.NET, WPF and Silverlight 2. Register Soon Or You'll Miss Your Chance MIX is held at a smaller venue then some of our larger events like TechEd and PDC. This gives the conference a more intimate feel (which is fun). It also means that it sells out each year, and once it is sold out it is really sold out. Last year I received about 50 emails from people begging for tickets after it was full, and many people even flew to the event hoping to somehow be let in at the door (only to be unfortunately told they couldn't get in). Unfortunately because of size constraints (and fire marshal restrictions) once it is sold out there really are no more tickets to be had. Even my own team members get turned away if they haven't registered in time. This year's registration is filling up faster than any of the previous MIX conferences. If you want to attend I highly recommend registering really soon to ensure you can go. You can learn more about the event and register online here. Hope to see some of you there - it is going to be fun.... Scott 
|
-
I just arrived back from my trip from Asia, and decided to celebrate (since I'm jet-lagged and can't sleep) with a new post in my link-listing series. You can check out my ASP.NET Tips, Tricks and Tutorials page for links to popular articles I've done myself in the past. ASP.NET ASP.NET AJAX Visual Studio .NET -
Marshaling between Managed and Unmanaged Code: Yi Zhang and Xiaoying Guo from my team in Shanghai have written a great MSDN article that describes how to use the marshaling interop features of the CLR to call native code. One of the tools they highlight is an awesome P/Invoke Interop Assistant application they built that makes it much, much easier to generate p/invoke interop signatures when calling native methods. A must-have tool for anyone doing native/managed interop! IIS -
Microsoft Web Deployment Tool Technical Preview 1: Yesterday the IIS team posted the first preview of a new Microsoft Web Deployment tool. This tool works with both IIS6 and IIS7 and enables automated deployment, synchronization, and migrating of applications on web servers. If you are looking for a great way to automate the deployment of your ASP.NET applications then this tool is definitely one to check out. To learn more, read the walkthroughs at the bottom of this page (in particular the "Introduction to MS Deploy" one). This tool is awesome and should make automated deployment much easier. Hope this helps, Scott 
|
-
Here is the latest in my link-listing series. Also check out my ASP.NET Tips, Tricks and Tutorials page for links to popular articles I've done myself in the past. ASP.NET ASP.NET AJAX -
ASP.NET AJAX History How Do I Video: To learn more about the new ASP.NET AJAX history support, watch this great 15 minute video from Bertrand Le Roy of the ASP.NET team. He demonstrates how to AJAX enable an <asp:wizard> control, and then add history marker points to it. ASP.NET MVC -
Accessing Server Controls from CodeBehind with ASP.NET MVC Views: David Hayden has a good post that discusses a workaround for a bug with the current ASP.NET MVC CTP view templates - which prevents you from coding against server controls in view template code behind classes. You can right-click on the MVC view files and select "Convert to Web Application" to fix it. Alternatively, you can download updated MVC Templates that Troy Goode recently posted here. This issue will be fixed with the next MVC update. Visual Studio IIS 7.0 Hope this helps, Scott 
|
-
Last week we shipped Visual Studio 2008 and .NET 3.5. This release is a big one for .NET, and delivers a ton of new capabilities and improvements for web, client, office and mobile development. Over the next few months we'll be delivering a series of additional products that build on top of this VS 2008 and .NET 3.5 foundation, and make .NET development even better. Below is a road-map of some of the upcoming initiatives and releases for .NET web development that my team is currently working on for the months ahead: Releasing the Source Code for the .NET Framework Libraries We announced last month that we'll provide the ability for developers to download and browse the source code of the .NET Framework libraries, as well as enable integrated source debugging of them using Visual Studio 2008. You can learn more about this in my blog post here. We are finishing up the final deployment of the source servers that host this now, and will be publishing instructions on how to enable the integrated debugging experience within Visual Studio 2008 shortly. I'll blog detailed steps on how to turn this feature on once it is available. ASP.NET 3.5 Extensions Release VS 2008 and .NET 3.5 include a ton of new features for ASP.NET development. We are planning to deliver even more ASP.NET functionality next year with a "ASP.NET 3.5 Extensions" release. The first public preview of this will be available for download next week on the web. Next week's ASP.NET 3.5 Extensions preview release will include: - ASP.NET MVC: This model view controller (MVC) framework for ASP.NET provides a structured model that enables a clear separation of concerns within web applications, and makes it easier to unit test your code and support a TDD workflow. It also helps provide more control over the URLs you publish in your applications, and more control over the HTML that is emitted from them. You can learn more about it from Part 1 of my ASP.NET MVC Tutorial series. I'm hoping to find time this weekend to write and post Part 2 of the series.
- ASP.NET AJAX Improvements: New ASP.NET AJAX features in the ASP.NET 3.5 Extensions release will include better browser history support (back/forward button integration, and server-side history management support via a new <asp:history> server control), improved AJAX content linking support with permalinks, and additional JavaScript library improvements.
- ASP.NET Dynamic Data Support: The ASP.NET 3.5 Extensions release will deliver new features that enable faster creation of data driven web sites. It provides a rich scaffolding framework, and enables rapid data driven site development using both ASP.NET WebForms and ASP.NET MVC.
- ASP.NET Silverlight Support: With the ASP.NET 3.5 Extensions release we'll deliver support for easily integrating Silverlight within your ASP.NET applications. Included will be new controls that make it easy to integrate Silverlight video/media and interactive content within your sites.
- ADO.NET Data Services: In parallel with the ASP.NET Extensions release we will also be releasing the ADO.NET Entity Framework. This provides a new modeling framework that enables developers to define a conceptual model of a database schema that closely aligns to a real world view of the information. We will also be shipping a new set of data services (codename "Astoria") that make it easy to expose REST based API endpoints from within your ASP.NET applications.
Silverlight 2.0 Release Two months ago we shipped Silverlight 1.0 for Mac and Windows, and announced our plans to deliver Silverlight on Linux. Silverlight 1.0 is focused on enabling rich media scenarios in a browser, and supports a JavaScript/AJAX programming model. Next year we will be releasing a major update of Silverlight that focuses on enabling rich Internet applications. This release will include a cross-platform, cross-browser version of the .NET Framework, and will enable a rich .NET development platform in the browser. Earlier this year we shipped an early Alpha containing some of the basic functionality of the release. Our next public preview will add considerably to this feature set. Some of the new .NET specific features in the next public Silverlight preview will include: -
WPF UI Framework: The current Silverlight Alpha release only includes basic controls support and a managed API for UI drawing. The next public Silverlight preview will add support for the higher level features of the WPF UI framework. These include: the extensible control framework model, layout manager support, two-way data-binding support, and control template and skinning support. The WPF UI Framework features in Silverlight will be a compatible subset of the WPF UI Framework features in last week's .NET Framework 3.5 release. -
Rich Controls: Silverlight will deliver a rich set of controls that make building Rich Internet Applications much easier. The next Silverlight preview release will add support for core form controls (textbox, checkbox, radiobutton, etc), built-in layout management controls (StackPanel, Grid, etc), common functionality controls (TabControl, Slider, ScrollViewer, ProgressBar, etc) and data manipulation controls (DataGrid, etc). -
Rich Networking Support: Silverlight will deliver rich networking support. The next Silverlight preview release will add support for REST, POX, RSS, and WS* communication. It will also add support for cross domain network access (so that Silverlight clients can access resources and data from any trusted source on the web). -
Rich Base Class Library Support: Silverlight will include a rich .NET base class library of functionality (collections, IO, generics, threading, globalization, XML, local storage, etc). The next Silverlight preview release will also add built-in support for LINQ to XML and richer HTML DOM API integration. Previously we've been referring to this .NET-enabled Silverlight release as "Silverlight V1.1". After stepping back and looking at all the new features in it (the above list is only a subset - there are many more we aren't sharing yet), we've realized that calling it a point release doesn't really reflect the true nature of it. Consequently we have decided to change the name and refer to it as "Silverlight V2.0" going forward. We will be releasing a Beta of Silverlight 2.0 in Q1 of 2008. This Beta will support a Go-Live license that enables developers to begin building and deploying Silverlight 2.0 applications. We will also be releasing a free Visual Studio 2008 tools update that provides great Silverlight 2.0 tools support within Visual Studio 2008, and enables developers to easily build Silverlight applications using any .NET language. We will be supporting Silverlight development with both the Visual Studio 2008 Standard/Professional products, as well as with the free Visual Studio 2008 Express editions. I'm going to be starting a new blog tutorial series in a few weeks that discusses how to build Silverlight 2.0 applications, and show off the new features in more depth. Stay tuned for more details soon. IIS 7.0 Early next year we'll ship the final release of IIS 7.0 as part of the Windows Server 2008 release. As I've blogged about in the past, IIS 7.0 is a major update of our web-server stack, and introduces a significantly new and improved extensibility, configuration and administration architecture. One of the really cool things about IIS 7.0 is that it is all nicely integrated with the .NET Framework, and enables you to use any .NET language to extend and customize the server. You can now easily do things in VB and C# that previously required writing a pretty gnarly C++ ISAPI. The deployment, management and administration of web applications on the server is also now nicely unified across IIS and ASP.NET. We will also shortly begin sharing details of a new web application deployment framework for IIS that enables you to easily automate the deployment of web applications on either a single server or across a web farm of machines. It will make it easy to version your web applications (including allowing you to quickly roll back to previous versions), as well as automatically provision them across multiple servers. It also enables the full automation of deployment tasks (including via both command-line and PowerShell scripting APIs). The combination of IIS7 with this web deployment framework will enable you to deploy and scale your ASP.NET server applications better than ever before. Summary Last week's VS 2008 and .NET 3.5 release was a huge step forward for .NET development. The release not only delivered a ton of great new language, runtime and tool features, but even more importantly provided a really solid foundation that we'll be building upon in the months and years ahead. Stay tuned to my blog for more details about each of the above releases. Hope this helps, Scott 
|
-
Here is the latest in my link-listing series. Also check out my ASP.NET Tips, Tricks and Tutorials page for links to popular articles I've done myself in the past. ASP.NET - Cleanup Inactive Anonymous Users: ASP.NET 2.0 has support for an optional feature called "anonymous users" - which enables you to optionally track and store profile data for non-authenticated users visiting your sites (read K. Scott Allen's article here for more details on how this works). Omar Al Zabir published this handy article that describes how to "clean up" this anonymous user data periodically to avoid storing it forever in your database.
ASP.NET AJAX Visual Studio -
SQL Database Publishing Wizard Now in VS 2008: One of the post-Beta2 features that we are adding for the final VS 2008 release is the inclusion of a SQL database publishing wizard inside Visual Studio. This will be supported in both the free Visual Web Developer Express edition as well as the full Visual Studio, and provides an easy way to script out your database schema and data to .SQL files. You can then copy these files to a remote hoster to deploy a database. You can learn more about how this works from my earlier posts here and here which describes how to use a previous standalone tool with this functionality (all of this functionality is now built-in to VS 2008). Silverlight IIS 7.0 -
Using LINQ with Microsoft.Web.Administration: Carlos from the IIS7 dev team has a really cool blog post that shows how you can use LINQ with .NET 3.5 to easily query and manipulate the new web server administration API introduced with IIS7. For more information on this new API, you can also read an old post of mine here. Hope this helps, Scott 
|
-
One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of our web-server stack, and introduces a significantly new and improved extensibility, configuration, and administration architecture. I've blogged about some of its features in the past here and here. Doing a major re-architecture on a mature product is never easy. Doing so on one that runs more than 40% of the web servers on the Internet is especially daunting. The final product, though, is fantastic - and delivers an incredibly flexible, scalable, and robust server architecture that is going to enable us to-do really exciting things going forward. Earlier this week we shipped the RC0 build of Windows Server 2008 and IIS 7.0. You can learn more about it and download the RC0 version from Mai-lan's blog post here. IIS 7.0 Extensibility (and why it is cool) One of the major changes we made to IIS 7.0 was to make the system radically more extensible than previous versions of the web-server. This extensibility applies both to the core HTTP processing engine, as well as to the configuration system, health monitoring system, and admin tool architecture. You can now write managed .NET classes to cleanly extend all of these sub-systems. This is great from a customer perspective (since you can now replace and extend anything in the system). It also enables us to easily ship web-server extensions and additions in a very agile way on the web. Starting this week you are going to begin to see a number of really cool, fully-supported, free features start to be delivered this way. Below are a few of them available this week: IIS 7.0 FTP Publishing Service We are delivering a new modern FTP service implementation that runs on IIS 7.0. This FTP service offers a much improved administration and configuration experience (it uses the same web.config model as IIS7 and ASP.NET, and integrates into the IIS7 admin tool). It now supports FTP over SSL, as well as UTF8 and IPv6. The FTP server enables you to host both FTP and web content from the same web-site on IIS7 (just add a FTP binding to your existing web-site to enable it). It now provides support for virtual host names, which means you can host multiple FTP sites on the same IP address. It also has built-in user-isolation support, which makes it perfect for shared hosting scenarios. The FTP server's authentication system is now pluggable - which means you can add your own username/password store to manage logins. Best of all, you can use the existing ASP.NET Membership Provider model to plug-in your own credential system for logins and user management. You can learn more about the FTP Server here and download it here (x64 here). IIS 7.0 Media Pack Bit-Rate Throttling Module One of the challenges when hosting large videos and audio files on the Internet is that bandwidth costs can be expensive. What is worse is that you often end up having to pay for users to download videos that aren't fully watched. Specifically, web-servers are by default designed to download content files as fast as possible. So if a user visits your site and starts watching a 50MB video on it, the web-server will by default try and transmit the 50MB file as quickly as possible to them. If the user closes the browser half-way through watching the video, you will end up having to pay for the remaining 25MB of content they had finished downloading - but which they never actually watched. The IIS 7.0 Media Pack Bit-Rate throttler provides a much more cost-effective way to host video and audio on standard web-servers. When a browser (using a plug-in like Silverlight, Flash, Windows Media Player, iTunes, etc) requests a media file, IIS7 will automatically detect the encoding bit-rate of the file and determine how many bytes per second the player needs to receive to play it continuously. IIS7 will then "burst" enough of the content (by default 20 seconds of the video/audio file) to ensure that the client player can start playing the video, and won't ever run into a buffering delay. IIS7 then automatically slows down the file transmission to equal the encoded bit-rate (so if the video is encoded at 400kbs, IIS7 will burst 20 seconds of this, and then slow the remaining transmission to 400kbs of content). If the user closes the browser on the video while it is playing, IIS7 will automatically detect the connection was dropped and avoid sending any more of the content (saving you the remaining bandwidth costs). This module works today with Silverlight, Flash and Windows Media Player - no code changes are required in the players to enable it. You can install the IIS7 Media Pack Bit-Rate Throttler on both Vista and Windows Server 2008. You can learn more about it here and download it here (x64 here). IIS 7.0 Remote Manager Administration Tool IIS 7.0 ships with a significantly improved administration tool experience. The admin tool is entirely written in managed code (using Windows Forms), and supports remotely administering a web-server over HTTP based web-services (allowing you to use the admin tool to manage servers remotely in a hosted environment through proxy servers). The administration tool supports configuring both standard IIS settings, as well as ASP.NET ones (for example: you can use the tool to remotely manage ASP.NET membership/roles). Earlier this week we shipped a standalone installation of the IIS 7.0 admin tool that you can use to remotely manage Windows Server 2008 based IIS7 web-servers from Windows XP, Windows Server 2003, and Windows Vista client machines. You can learn more about the Remote Admin Tool and download it here (x64 here). FastCGI Support for IIS 5.1 and IIS 6.0 IIS 7.0 ships with built-in support for FastCGI - which is a high performance alternative to using CGI for web-server extensibility. Many popular web frameworks (in particular PHP) use this to integrate with web-servers. In addition to having FastCGI support built-in to IIS 7.0, this week we also shipped a FastCGI ISAPI extension that works on existing IIS 5.1 and IIS 6.0 web servers. You can learn more about the FastCGI extension here, and download it here. Summary The extensibility architecture of IIS7 is going to enable us to continually enhance and ship more features that run on top of it in the months ahead. I'll be blogging more soon about some of these additional extensions (including about a new new wickedly cool automated web deployment system that supports rolling out versioned web applications across servers - including to remote web servers, and across web-server farms). I think you are going to find IIS7 a really exciting web application server to use. To learn more about it, make sure to visit www.iis.net, and sign-up for the upcoming free IIS7 web-casts here. Hope this helps, Scott P.S. IIS7 is currently running all of the www.microsoft.com web servers (read their blog post on why they love it). 
|
-
People who use VS 2005 to debug ASP.NET applications running in IIS7 on Windows Vista can encounter one of the following error messages when they press F5 to auto-attach the debugger in the IDE: - "An authentication error occurred while communicating with the web server."
- "Debugging failed because integrated Windows authentication is not enabled."
- "Authentication error occurred while communicating with the web server. Try disabling 'Digest authentication'"
The above errors occur because of the way that VS 2005 looks up the Process ID of the IIS7 worker process that ASP.NET is running within. Specifically, when you use F5 to "auto attach" the debugger with Visual Studio it sends an HTTP request to ASP.NET using Windows Authentication to retrieve the worker process details. This works fine if you have Windows Authentication enabled on your web-server, and are using Windows Authentication as the primary authentication method for your web application. It runs into problems, though, in a couple of circumstances: - If you have forms-auth enabled in ASP.NET and are running in "integrated mode" on the IIS7 web-server. This ends up blocking the process handler.
- If you don't have the windows authentication module installed on your web-server (it is now an optional component).
- If you are running on Windows Vista Home (which doesn't support the windows authentication module).
Patch Download Available To fix the above cases which block F5 "auto-attaching" from working, we recently released a public hotfix for Visual Studio 2005. It addresses each of the above problem causes. You can download the hotfix patch for free here. Once you install it, your Visual Studio F5 auto-attach behavior will work just fine. You can read more about the patch and issues it fixes in the KB article here, and the blog posts here and here. If you have any problems installing the patch or find that you still see issues after you install it, you'll want to contact Microsoft product support for assistance and they'll help debug it further. Calls to Microsoft Product Support are free if they are related to a product bug (either a QFE HotFix request or a product bug you are running into). You can find details on how to contact Microsoft product support on this page (it allows you to lookup the local phone number to use by country). How to Manually Attach a Debugger to a Process I have helped a few people workaround this issue before the patch was available. One of the things I realized in doing so was that a lot of developers don't realize all of the options that are available when debugging applications, and the different ways that you can use Visual Studio to debug a process/application. When you press F5 within Visual Studio (the Debug->Start Debugging menu item) you are telling Visual Studio to start up the application and automatically attach the debugger to it. An alternative approach that you can also use to debug an already running application is to use the "Debug->Attach to Process..." menu item. When you select "Debug->Attach to Process..." it will bring up a dialog that shows you the running processes on your computer (you can also type in the IP address of a remote computer to debug): 
If you want to debug an ASP.NET application running using IIS, make sure to select the "Show processes in all sessions" checkbox (since IIS runs as a service on Windows and not under your local account). You should then find w3wp.exe worker processes listed (which is the name of the IIS worker processes on IIS6 and IIS7). Double clicking on any process will cause Visual Studio to attach the debugger to it - at which point all breakpoints you have set will fire and you can debug a process just like you would by launching it with F5. This works for both web applications and client applications, and can be very useful when you already have an application running. Note that you no longer have to attach this way if you have the hotfix above installed - but it is a useful approach to know nonetheless. Hope this helps, Scott 
|
-
This week we shipped IIS 7.0 Beta 3 as part of the Windows "Longhorn" Server release. IIS 7.0 is the biggest release of IIS in the history of the product, and brings with it major improvements to the Microsoft web-server stack. This article and this blog post list just a few of the major improvements it delivers. New IIS 7.0 Beta3 Features This week's IIS 7.0 Beta3 release introduces a bunch of new features and capabilities above and beyond what shipped in the IIS 7.0 release that came with Windows Vista. These include: - Web Farm Shared Configuration: You can now configure your web-servers to be stateless, and centralize all configuration, code and content across web farms (making it much easier to scale out and manage). Learn more about how to use this new feature here.
- Delegated Remote Administration: You can now use the IIS7 admin tool to remotely manage web-servers over HTTP/SSL. Server administrators can now lock down and "delegate" settings to site administrators - enabling much more fine-grained control over who can manage sites on the machine (ideal for hosted scenarios).
- Automatic Application Pool Isolation: IIS 7.0 makes it much easier to provision and isolate application pool worker processes on the web-server. This is ideal for hosting scenarios, as well as enterprise scenarios where you want complete isolation and sandboxing between applications.
- Built-in FastCGI Support for PHP and other extensions: In addition to providing rich .NET extensibility, IIS 7.0 now ships with built-in support for FastCGI extensions - making it easy to use with dynamic web server frameworks like PHP.
- New FTP Server: The new IIS7 FTP Server now adds support for secure publishing with FTP/SSL, host header FTP support, integrated admin tool support, and support for plugable authentication (using the same provider model as the ASP.NET Membership system).
Make sure to check out Bill Staples' blog post here to learn more about all the above features. IIS 7.0 Go Live License After months of stress testing in our labs, we think IS7 is now ready for broad customer deployments. To facilitate this, Microsoft is now offering a special Go-Live License for IIS7 and Windows Server "Longhorn" Beta3. This allows you to deploy IIS7 servers into production environments immediately (note: we have already deployed www.microsoft.com on this build). You can learn more about the IIS7 go-live license, as well as how to freely download Windows Server "Longhorn" Beta3 here. Alternatively, you can also sign-up for a free IIS7 Beta Hosting Account from one of several web hosters who have deployed IIS7 Beta3 already. You can learn more about their free IIS7 offers here. Hope this helps, Scott 
|
-
SSL enables browsers to communicate with a web-server over a secure channel that prevents eavesdropping, tampering and message forgery. You should always use SSL for login pages where users are entering usernames/passwords, as well as for all other sensitive pages on sites (for example: account pages that show financial or personal information). Configuring SSL on Windows with previous versions of IIS has been a pain. Figuring out how to install and manage a certificate, and then associate it with a web-site, is something I bet most web developers don't know how to enable. The good news is that IIS 7.0 makes it radically easier to configure and enable SSL. IIS 7.0 also now has built-in support for creating "Self Signed Certificates" that enable you to easily create test/personal certificates that you can use to quickly SSL enable a site for development or test purposes. Using IIS 7.0 you can SSL enable an existing web site in under 30 seconds. The below tutorial demonstrates how to-do this. Step 1: Create a New Web Site We'll start by creating a new web-site using the new IIS 7.0 admin tool. This admin tool is a complete re-write of the previous IIS admin tool (and was written entirely in managed code using Windows Forms), and provides a more logical organization of web features. It provides a GUI admin experience for all ASP.NET and IIS settings:  To create a new site on the box, right click on the "Web Sites" node in the left hand tree-view pane and choose the "Add Web Site" context menu option. Enter the appropriate details to create a new web-site: 
One nice feature of IIS7 on Windows Vista is that you can now have an unlimited number of sites on a box (previous versions of IIS on Windows Client only allowed 1 site). The 10 simultaneous request limitation on Windows Client versions of IIS also no longer exists with IIS 7.0. Once we've completed the above steps, we will now have a brand new site running on our IIS web-server. Step 2: Create a new Self Signed Certificate Before binding SSL rules to our new site, we need to first import and setup a security certificate to use with the SSL binding. Certificates are managed in IIS 7.0 by clicking the root machine node in the left-hand tree-view explorer, and then selecting the "Server Certificates" icon in the feature pane on the right: 
This will then list all certificates registered on the machine, and allow you to optionally import and/or create new ones. I could optionally go to a certificate authority like Verisign and purchase a certificate to import using this admin UI. Alternatively, I can create a "self-signed certificate" which is a test certificate that I can use during the development and testing of my site. To-do this, click the "Create Self-Signed Certificate" link on the right-hand side of the admin tool: 
Enter a name to use for the certificate (for example: "test") and hit ok. IIS7 will then automatically create a new self-signed crypto certificate for you and register it on the machine: 
Step 3: Enable HTTPS Bindings for our New Site To SSL enable the web-site we created earlier, select the web-site node in the left-hand tree-view, and the click the "Bindings" link in its "actions" pane on the right-hand side of the screen: 
This will then bring up a dialog that lists all of the binding rules that direct traffic to this site (meaning the host-header/IP address/port combinations for the site): 
To enable SSL for the site, we'll want to click the "Add" button. This will bring up an "add binding" dialog that we can use to add HTTPS protocol support. We can select the self-signed certificate we created earlier from the SSL certificate dropdownlist in the dialog, and in doing so indicate that we want to use that certificate when encrypting content over SSL: 
Click ok, and we now have SSL enabled for our site: 
Step 4: Test out the Site Add a "default.aspx" page to the site, and then try and hit it with the browser by typing https://localhost/default.aspx (note the usage of "https" instead of "http" to indicate that you want to connect over SSL). If you are using IE7, you'll likely see this anti-phishing error message kick in 
Don't panic if this happens - it is just IE being helpful by suggesting that a self-signed certificate on your local machine looks suspicious. Click the "Continue to this website" link to bypass this security warning and proceed to the site. You'll find that your default.aspx page is now running protected via SSL: 
You are all done. :-) Appendix: A Few Last SSL Notes A few last SSL related notes: - The IIS 7.0 admin tool has an "SSL Settings" node that you can select for each site, directory or file that allows you to control whether that particular resource (and by default its children) requires an SSL request in order to execute. This is useful for pages like a login.aspx page, where you want to guarantee that users can only enter their credentials when they are posting via an encrypted channel. If you configure the login.aspx page to require SSL, IIS 7.0 will block browsers from accessing it unless they are doing so over SSL.
- Within an ASP.NET page or handler, you can programmatically check whether the current request is using SSL by checking the Request.IsSecure property (it will return "true" if the incoming browser request is over SSL).
- You can set the "requireSSL" attribute on the <forms> configuration section within web.config files to have ASP.NET's forms-authentication system ensure that forms-authentication cookies are only set and used on SSL enabled pages and URLs. This avoids the risk of a hacker trying to intercept the authentication cookie on a non-SSL secured page, and then trying to use a "replay attack" from a different machine to impersonate a user.
For more information on IIS 7.0, please read my earlier IIS 7.0 overview blog post. Also make sure to check out the www.iis.net website. To read more of my "Tips and Tricks" blog posts, please visit my Tips and Tricks Summary Page. Hope this helps, Scott 
|
-
 IIS 7.0 is one of the products that my team is shipping later this year that I'm most excited about. It is the most significant release of our web-server that we've done since IIS 1.0, and introduces a huge number of improvements for both administrators and developers.
Mike Volodarsky from the IIS team wrote a great article for the March 2007 MSDN Magazine that summarizes some of the key IIS 7.0 improvements. I highly recommend reading his excellent article here for a quick summary of some of them. IIS 7.0 is included within the Windows Vista client release, and is now available with the home editions of the operating system (unlike IIS 5.1 which was only available with XP Professional). IIS 7.0 for server will ship later this year with Windows Longhorn Server, and will add a bunch of additional deployment features - including much richer hosting support, secure FTP support, and built-in web farm deployment support. The web farm support in particular is really cool, and will allow you to deploy your web applications on a file-share that contains all of the code, configuration, content, and encryption keys needed to run a server. You can then add any number of stateless and configuration-less web-servers into a web farm and just point them at the file-server to dynamically load their configuration settings (including bindings, virtual directories, app pool settings, etc) and application content. This makes it trivial to scale out applications across machines, and avoid having to use replication schemes for configuration and application deployment (just copy over the files on the file-share and all of the machines in the web farm will immediately pick up the changes). The upcoming Beta3 release of Windows Longhorn Server will support a go-live license, so you'll be able to take advantage of this soon (note: we are already running www.Microsoft.com on IIS 7.0 clusters). ASP.NET and IIS 7.0 Integration In previous versions of IIS, developers had to write ISAPI extensions/filters to extend the server. In addition to being a royal pain to write, ISAPIs were also limited in how they plugged into the server and in what they allowed developers to customize. For example, you can't implement URL Rewriting code within an ISAPI Extension (note: ASP.NET is implemented as an ISAPI extension). And you end up tying up the I/O threads of the web-server if you write long-running code as an ISAPI Filter (which is why we didn't enable managed code to run in the filter execution phase of a request). One of the major architectural changes we made to the core IIS processing engine with IIS7 was to enable much, much richer extensibility via a new modular request pipeline architecture. You can now write code anywhere within the lifetime of any HTTP request by registering an HTTP Extensibility Module with the web-server. These extensibility modules can be written using either native C++ code or .NET managed code (you can use the existing ASP.NET System.Web.IHttpModule interface to implement this). All "built-in" IIS7 functionality (authentication, authorization, static file serving, directory listing support, classic ASP, logging, etc) is now implemented using this public modular pipeline API. This means you can optionally remove any of these IIS7 "built-in" features and replace/extend them with your own implementation. ASP.NET on IIS 7.0 has itself been changed from being implemented as an ISAPI to instead plug in directly as modules within the IIS7 pipeline: 
Among the many benefits this brings: 1) You can now use ASP.NET Forms Authentication, Membership/Roles, and any other feature for all requests to the server (for example: .htm, .php, and .jsp files) 2) You can now easily re-write the URL of any web request and/or modify the request in interesting ways 3) You can replace or extend any existing IIS feature using VB or C# (for example: you could remove the built-in directory listing module and plug-in your own). This really brings a tremendous number of extensibility opportunities to .NET developers. IIS 7.0 Download Center To help enable developers share the extensibility modules and other add-ins they write, the IIS team recently launched the "Download Center" on www.iis.net. This enables developers to browse/download as well as upload and share module extensions for IIS. You can check it out here. 
Note that in addition to having a managed extensibility story for Http Modules, IIS7 also now allows you to write managed admin tool UI extensions (the admin tool itself was built using Windows Forms), as well as use the .NET System.Configuration namespace to manage the IIS7 configuration system. Cool Scenarios for ASP.NET Developers In addition to the cool new extensibility options that IIS 7.0 provides, there are a ton of improvements (both big and small) that ASP.NET developers will really appreciate. I'll be blogging a series of them over the next few weeks/months and point out some really cool things that you'll be able to take advantage of. 
Hope this helps, Scott 
|
-
One of the questions I am often asked is "How can I integrate ASP.NET security with Classic ASP other non-ASP.NET URLs?". Specifically, people want to know if they can integrate ASP.NET's Forms Authentication, Role Based Security, and URL Authorization features with Classic ASP, PHP, JSP, .HTM, .JPG and other non-ASP.NET URLs. The good news is that this is pretty easy with ASP.NET 2.0 and IIS 6.0 today, and will get even easier in the IIS 7.0 timeframe. The below blog post demonstrates how to integrate ASP.NET 2.0's Forms Authentication and Login/Membership features with classic ASP and static .HTML files. For a much more detailed walkthrough of how to achieve this (as well as how to integrate features like ASP.NET role based authorization with classic ASP applications), please read Chapter 6 of Stefan Schackow's excellent ASP.NET 2.0 Security, Membership, and Role Management book. Some Background on IIS 6.0 Wildcard Mappings IIS 6.0 with Windows Server 2003 added support for an ISAPI feature called "wildcard mappings". Wildcard mappings provide a way to configure IIS to cause all requests coming into the server to first be routed to one or more ISAPI extensions for processing. What is cool about wildcard mappings in IIS 6.0 is that after the ISAPI extension that is processing the wildcard extension is finished, it can then cause IIS to pass control of the request to the extension or internal handler within IIS that normally would process the request. ASP.NET 2.0 includes built-in support to take advantage of this wildcard mapping feature. This enables you to run ASP.NET code (or your own custom code) before and after the existing ISAPI extension that processes a non-ASP.NET URL (for example: a .asp, .php or .htm request) executes. We can use this feature to enable a bunch of cool integration features - including using ASP.NET authentication and authorization features to secure all URLs on a web-server. How to Configure an IIS 6.0 Wildcard Mapping For this sample I've created a new IIS application within the IIS 6.0 admin tool called "wildcardtest". It points to a directory that will contain a few files: "default.aspx", "login.aspx", "test.asp" and "test.htm" (these last two files being resources not usually handled by ASP.NET): 
By default when a URL request for a .aspx page comes to the application, the ASP.NET ISAPI will process the request. By default when a URL request for test.asp comes to the application, the classic ASP ISAPI will process the request - and no ASP.NET code will run. When a URL request for test.htm comes to the application, IIS6 will process the request internally - and again no ASP.NET code will ever run. We'll change this by enabling wildcard mappings for this application, and configure ASP.NET to run code before and after all requests to the server. To-do this, right-click on the application within the IIS Admin Tool and select the "properties" context menu item on it. This will bring up the application properties dialog: 
You can then click the "configuration" button to pull up the URL mapping rules for the application: 
Note how the top of this dialog lists the default ISAPI extension mappings (each URL extension is mapped to an ISAPI responsible for processing it). The bottom half of the dialog lists the "wildcard application map" rules. We can add a application wildcard mapping to the ASP.NET ISAPI by clicking the "insert" button, and pointing at the ASP.NET 2.0 ISAPI extension on disk: 
Very, Very Important: Make sure that you uncheck the "Verify this file exists" checkbox. If you don't do this ASP.NET URL resources like WebResource.axd and other URL's handled by ASP.NET that aren't backed by a physical file won't work anymore. This will lead to errors within your pages. Now close out all of the dialogs by clicking "ok" to accept the changes. You've now configured ASP.NET to be able to run code before and after each URL request into the application. Enabling Forms Authentication and Url Authorization for non-ASP.NET resources Once we've completed the above steps to register ASP.NET 2.0 as a wild-card mapping for all URLs into our IIS application, we can then use the standard ASP.NET authentication and authorization techniques to identify users in our application and grant/deny them access to it. For example, we could add a web.config file to our application that enables ASP.NET's forms authentication feature for this application, and sets up two URL Authorization rules that deny "anonymous" users access to both the test.asp and test.htm URLs: <?xml version="1.0"?>
<configuration>
< | |
|