2. Introduction
IIS 7.0 – Modular Architecture
IIS 7.0 – Extensible Architecture
IIS 6.0 – Technical Architecture (Refresher)
IIS 7.0 – Technical Architecture
IIS 7.0 and ASP.NET Request Processing
IIS 7.0 and ASP.NET Integration
Classic Mode
Integrated Mode (Benefits, Compatibility, App Pools, etc)
IIS 7.0 and ASP.NET Breaking Changes (Optional)
Top changes in IIS 7.0 (Optional)
3. Prior versions of IIS
Had to install all of the IIS functionalities
IIS 6.0 was secure (features were turned off)
The problems?
The bits got installed anyways (increased foot-print).
Service Packs had to be installed, even for the features
which are not being used (increased maintenance).
The administrators had to maintain the features which
were never used (increased maintenance).
Reason?
Web server architecture was monolithic! (all or nothing)
4. New version of IIS to rescue!
IIS 7.0 is modular.
3 functional areas
40+ role services (also referred as “features”).
IIS 7.0 allows you to choose from those features while
installing IIS.
Benefits?
Thin web server with the features which are really
needed.
Decreased “foot-print” of your web server.
Less maintenance – Administrators need not maintain
features which are not needed.
6. Prior versions of IIS
Write ISAPI filters and extensions
Extensibility code does not run in the managed
environment, hence no access to .NET classes.
IIS 7.0 to rescue (once again!)
Native modules
C++
New Object Oriented APIs
Managed modules
Any .NET language
Can access all of the .NET classes
7. Couple of important concepts / components in IIS 6.0
App Pools
Application Isolation Modes
HTTP.sys
WWW (aka W3SVC) Service
8. App Pools
Used for isolating applications from one another and from the
web server process
New way of implementing application isolation
Application Isolation Modes
Worker Process Isolation mode (default, important to
understand)
Multiple App Pools
Health Monitoring
Worker Process Recycling
Web Garden (Pool with more than one Worker Processes)
Pool Identity
IIS 5.0 Isolation mode
Low Isolation (runs in the web service process!)
Medium Isolation (shared process)
High Isolation (separate process altogether)
10. Re-written from scratch – hence new concepts and
new architecture.
Important architectural components in IIS 7.0
Protocol Listeners (HTTP.sys, etc)
WWW Service (aka W3SVC Service)
Windows Process Activation Service (WAS)
Modules
11. Protocol Listeners
Receives requests; forwards to IIS; returns response.
Maintains queues; performs caching
More listeners available for other protocols (e.g.
NetTcpActivator in WCF for net.tcp)
WWW Service (aka W3SVC Service)
Compared to IIS 6.0, the responsibilities have been reduced.
Listener adapter for HTTP.sys
Configures HTTP.sys (at load time)
Updates HTTP.sys whenever the configuration changes
Notifies WAS whenever a request enters the request queue
Does not manage the application pools and the worker
processes.
12. Windows Process Activation Service (WPAS) (WAS)
Manage application pools and worker processes (for
both the HTTP and non-HTTP protocols)
Can be used without W3SVC! (e.g. web service over TCP)
Loads configuration stored in applicationHost.config
Monitors configuration for any changes.
Informs listener adapters (such as W3SVC) if
configuration changes.
13. Modules
New concept in IIS 7.0 – borrowed from ASP.NET.
Most of the web server functionality is built as Modules.
Two types
Native
Managed
Benefits
Plug-and-Play modules according to your needs.
Reduce attack surface and memory foot-print.
Customize a server to a specific role in your organization
(application server, web server, ftp server, etc).
Write custom modules (C++ or any .NET language) to
replace existing modules or to introduce new features.
14. Differences between Native and Managed Modules
Native Modules Managed Modules
C++ Any .NET language
Difficult to develop Easy to develop
Use this for migrating old ISAPI Use this for add new “features” or
components over to IIS 7.0 enhancements to IIS 7.0
Unrestricted access to server Don’t have unrestricted access to
resources server resources; .NET and
ASP.NET security applies
Need to be registered with IIS No need to register with IIS
<globalModules> node
Admin rights are needed to Admin rights are not needed to
install/enable/un-install install/enable/un-install
16. Classic Mode
Integrated Mode
Benefits
Compatibility
App Pools
Enable ASP.NET services for all content
Enhanced ASP.NET API
Runtime Integration
Request Processing
ASP.NET Breaking Changes
17. Classic Mode
Just like IIS 6.0 Worker
Process Isolation Mode.
Integration is based on
aspnet_isapi.DLL.
ASP.NET content (.aspx, etc)
are processed by ASP.NET
runtime.
Non ASP.NET content (.htm, etc)
are processed by IIS.
Major drawback
ASP.NET services are not available to non-ASP.NET content
When to use?
While porting an IIS 6.0 application that does not work in the Integrated
Mode. (not recommended)
18. Integrated Mode
Integrates ASP.NET runtime
with the core server.
One consolidated pipe-line.
Similar to ASP.NET pipe-line
in IIS 6.0.
Adds new events
Modules subscribe to events
IIS core engine calls modules
whenever the events occur.
19. Integrated Mode – Benefits
ASP.NET services are available to all
of the content including.asp pages!
Fully extend IIS with ASP.NET
No need to write ISAPI
Now ASP.NET modules
Directly plug into the server pipe-line.
Execute in all stages of the request
processing pipe-line.
Be executed in any order respective to
the native modules! (Very important –
for example, could replace the
Basic Authentication provided by IIS)
20. Integrated Mode – Benefits
Unified Server Runtime
Eliminates the duplication of
features in IIS and ASP.NET.
Tighter integration allows many
features to be unified.
Unified configuration for IIS and
ASP.NET modules and handlers
Custom Errors
Tracing
Output Caching
21. Integrated Mode – Compatibility
Existing and new applications can
run side-by-side.
Existing applications in Classic mode.
New applications in Integrated mode.
What is an existing application is
run in Integrated mode?
Might or might not work (Depends!)
Configuration changes b/c of the
configuration unification.
Code changes b/c of the new
runtime architecture and breaking
changes.
IIS 7.0 is helpful! Shows detailed errors.
22.
23. Integrated Mode – What to fix?
HTTP Modules
HTTP Error 500.22
Reason
Web.config contains <httpModules>.
Fix
Remove <httpModules>.
Add<system.webServer>/modules.
Or use appcmd to do it for you.
appcmd migration config
quot;Default Web Site/App Namequot;
-section:httpModules
24. Integrated Mode – What to fix?
HTTP Handlers
HTTP Error 500.23
Reason
Web.config contains <httpHandlers>.
Fix
Remove <httpHandlers>.
Add<system.webServer>/handlers.
Or use appcmd to do it for you.
appcmd migration config
quot;Default Web Site/App Namequot;
-section:httpHandlers
25. Integrated Mode – What to fix?
Impersonation
HTTP Error 500.24
Reason?
<identity impersonate=“true”/>
could be problematic. Impersonated
identity is unavailable until
PostAuthenticateRequest stage.
Fix
Change the code written in
BeginRequest and
AuthenticateRequest events to not
access the impersonated identity.
See if the code could be moved to
PostAuthenticateRequest stage.
26. Integrated Mode – App Pools
Use IIS 6.0 Worker Process isolation
mode.
Underlying mechanism for
implementing Classic and
Integrated modes in IIS 7.0!
An application pool specifies
Pool type (Classic vs Integrated)
.NET Framework Version
27.
28. Integrated Mode – App Pools
Change ASP.NET mode for a pool
Why?
To create the appropriate pipe-line.
How
Use the Administration tool.
Use appcmd
Sets the app pool mode to Integrated
appcmd set apppool “app pool name”
/managedPipelineMode:Integrated
Lists properties that can be set on an
app pool
appcmd set apppool “app pool name”
/?
Manually change the
applicationHost.config file.
29. Integrated Mode – App Pools
Change app pool for an application
Why?
Allows you to run your application under a
specific ASP.NET version or a different mode.
(Don’t use aspnet_regiis to configure
the ASP.NET version in IIS 7.0)
How?
Use the Administration tool.
Use appcmd
Sets the app pool mode to Integrated
appcmd set apppool “app pool name”
/managedPipelineMode:Integrated
Lists properties that can be set on an app
pool
appcmd set apppool “app pool name” /?
Manually change the
applicationHost.config file.
30. Integrated Mode – Enable ASP.NET
services for all of the content
Not enabled by default.
For backwards compatibility
Run this module only for
the managed requests
31. Integrated Mode – Enable ASP.NET
services for all of the content
What are Pre-Conditions?
Answers to some questions.
IIS 7.0 configures itself based on
the answers.
Pre-Conditions specify.
Process Bitness – bitness32, bitness64
Managed Extensibility Style –
integratedMode, ISAPIMode
.NET Framework Version –
runtimeVersionv1.1 ,
runtimeVersionv2.0
Managed Code Execution –
managedHandler
32. Integrated Mode – Enable ASP.NET
services for all of the content
How?
Change each and every module entry
and remove the managedHandler
pre-condition (tedious).
33. Integrated Mode – Enable ASP.NET
services for all of the content
How?
Or set the
runAllManagedModulesForAllRequests
attribute for the <modules> section
to true.
34. Integrated Mode – Enhanced
ASP.NET APIs
APIs are backwards compatible –
allows existing code to run in IIS.
New APIs have been added; couple
of existing APIs have been changed.
HttpResponse.Headers
Allows changing the response headers
generated by other applications.
HttpRequest.Headers
Now writeable! Allows modules to
manipulate the incoming request
headers (e.g. dynamically change the
Accept-Language header).
HttpRequest.ServerVariables
Now writeable! Could be used for passing
information to other application frameworks,
such as PHP.
35. Breaking Changes
Passport Authentication
ASP.NET Error 500
Reason
Passport auth not supported on Vista
and Windows Server 2008.
Applies to both Classic and Integrated
modes.
Fix
Don’t use Passport authentication!
36. Breaking Changes
Query String > 2048
HTTP Error 404.15
Reason
This is the default limit.
Applies to both Classic and Integrated
modes.
Fix
Change maxQueryString attribute.
37. Breaking Changes
HttpContext.Current.Request and
HttpContext.Current.Response in
Application_Start in global.asax
ASP.NET YSOD
Generates error if code tries to access
these properties.
Reason
Application initialization tied to the
arrival of 1st request – design flaw!
couples the application initialization
with the 1st request.
Fix
Write a module and move code in the
BeginRequest stage for performing one
time initialization.
38. Top changes in IIS 7.0
Simple configurable command line setup
Great compatibility
Most of the applications will work.
Classic mode allows for easy app migration.
IIS 6.0 meta-base compatibility layer for existing scripts
No more meta-base
Clear text schema
IIS settings are stored in applicationHost.config
Meta-base for SMTP/FTP/NNTP
Delegated configuration
Administrators can now delegate IIS settings to application owner.
Settings defined in web.config file in application directory.
39. Top changes in IIS 7.0
Appcmd and other new management options
Manage via the UI
Manage via the command line (replaces adsutil.vbs, iisapp.vbs, etc).
Command line management of sites, applications, vdir, app pool,
etc.
Failed Request Tracing
Request Filtering