Understanding the Administration Tool | Observing the User Experience: A Practitioners Guide to User Research

The main tool for controlling your Web server is the ISM tool provided under the Administrative Tools menu on Windows machines with IIS. This tool allows you to connect to a local or remote machine to administer the Web site (use File Connect to administer a remote machine).

You should copy all the files you plan to use in your Web application (application DLL, ISAPI DLL, SRF files, HTML files, and any other files you might use) to a main folder and subfolders (you ll usually do this under a subfolder of Inetpub\ wwwroot ). You can then right-click your Web site in the ISM tool (usually Default Web Site) and create a new virtual directory (select New Virtual Directory). After you ve named this virtual directory and pointed it at your actual directory (i.e., the root directory under which all your files have been copied , either directly or in subdirectories), you ll have a node for it under the Web site node in the tree under the Default Web Site node.

Right-clicking the node will allow you to select properties for that node. It s through these properties that you can correctly set up your virtual root (vroot).

Virtual Directory Tab

The first tab under these properties is the Virtual Directory tab. Among the path information, you ll notice that you can set up various configuration settings for this vroot.

You ll see that, by default, read permissions are enabled on the directory, as well as visit logging and indexing. Directory browsing is off by default, but for the development stage the ability to browse the files in a vroot (from your Web browser) can actually be very useful. For example, you can easily check if an image exists in the directory or if an .htm file is missing.

You ll need to set your execute permissions to Scripts and Executables, because ISAPI applications are executable applications (they execute x86 code directly on the server). The None setting will allow only static files to be retrieved, and the Scripts setting is designed to enable scripting technologies such as ASP.

Your Application Protection Level has three settings: Low, Medium, and High. In general, with Windows XP and below (IIS 5.0 and below) you ll want to run with Low application protection. ^[1]

The Low protection setting means that your application will run in the same process as your Web server (inetinfo.exe). Although this does open up some security vulnerabilities (e.g., crashes in your application will temporarily bring down the entire Web server) running out-of-process (i.e., outside of the Web server process) in IIS 5.0 and below means that your application will suffer a significant performance hit (usually above 40 percent). The Medium setting means that IIS will use the Distributed Component Object Model (DCOM) to communicate with your process, which will be loaded in a dllhost, where it s pooled with other Web applications. This means that your Web application will be capable of bringing down other applications, but not your Web server. And finally, you can place your application in a High protection environment, where IIS will communicate with it via DCOM, but your process will exist completely isolated from all other processes (i.e., each Web application will only be capable of crashing itself).

The next tab of interest is the Configuration button under this virtual directory setup. This is where you can map file extensions with the executable they ll be associated with, as well as the verbs that will be allowed to be passed to this executable. What this means is that if you map the file extension .txt with the executable foo.exe , then all requests to this vroot for a file ending in .txt will be sent to foo.exe. The verb setting allows you to limit which requests will make it through. If you set ALL verbs, then GET , HEAD , DEBUG , OPTIONS , PUT , DELETE , TRACE , and so on will be sent through to your executable. It s here that you ll map the fact that requests for SRF files and requests for DLLs (if you want to enable users to make requests directly to your application DLL for Web service requests, for example) should be handled by your ISAPI DLL.

You do this by clicking the Add button. In the field Executable, enter the location and name of your ISAPI DLL (e.g., c:\inetpub\wwwroot\myapp\myisapi.dll ). Under Extension, type in the extension you wish to associate with this file (e.g., .srf ). You are only able to associate one extension at a time with your executable. This means that you need to run through the Add procedure twice for most ATL Server Web applications: once to map SRF files to your ISAPI DLL and once to map DLL files to your ISAPI DLL.

You can then choose what verbs you ll allow. For ATL Server applications, it s generally wise to limit your application to GET , HEAD , POST , and DEBUG , although at application development time (on a development machine), it s generally perfectly OK to simply select ALL. Once you click OK, your mapping takes place.

In general, to install an ATL Server Web application, this is all that you need to do.

Other Tabs

The other tabs in the Properties page in the IIS tool are designed to allow you to set various settings for your vroot. This section briefly covers each of these tabs.

Documents Tab

The Documents tab is designed to allow you to set up your default documents and enable a document footer.

The Default Documents section basically allows you to set which files IIS should search for if a user types in a vroot and no specific file. The default settings are to open the default.htm page or the default.asp page (among others) if they exist. You can order the rules to set priorities, and you can add new files (e.g., default.srf). The rules work from a top-to-bottom ordering, and once a match is found all searching terminates.

The second section enables you to set a document footer. This allows you to specify an HTML-formatted footer to every document sent by your Web server. You could use this footer for a custom copyright or similar message at the end of each page served .

Directory Security Tab

The settings on the Directory Security tab allow you to view and modify some of the security settings for your vroot.

The Anonymous access and authentication control option allows you to configure your authentication and anonymous access features. You can use this control to confirm the identity of a user before that user is allowed to access your site (authenticated access), which includes support for Basic Authentication, Digest Authentication, or Integrated Windows Authentication. It uses the Windows user accounts to complete the authentication, or you can accept the default of not authenticating access to the vroot (anonymous access).

The IP Address and Domain Name restriction is available on Windows 2000 Server machines. It s designed to allow or prevent specific users, computers, groups, and domains from accessing the vroot. You do this by granting or denying access to IP addresses (with masks).

The Secure communications area allows you to create and view server certificates and requests for certificates (using the Certificate Wizard). This requires that you install a valid server certificate on your machine, which is required to set up Secure Sockets Layer (SSL). This is the same place that you would edit settings for your SSL setup.

HTTP Headers Tab

The HTTP Headers tab enables you to modify some of the header data being sent back to clients accessing your vroot.

The Enable Content Expiration setting lets you expire information on your server so that the browser knows to expire its cached data on the expiry date and recontact your server for new information.

The Custom HTTP Headers setting gives you the ability to add, edit, and remove custom HTTP header information to clients. This allows you to support instructions that aren t supported by the version of IIS that you have installed.

The Content Rating setting allows you to set information pertaining to the content of the material on your vroot. By setting ratings, you enable browsers such as Internet Explorer (3.0 and above) to flag potentially objectionable content to users, and you enable a number of filtering systems designed to protect children from objectionable Web content.

The MIME Map setting allows you to configure the additional file types that the Web server returns to browsers. The Windows File Types box lists the currently registered file types on the system, and the File Types box provides information on the file type extensions and the MIME mappings for this file.

Custom Errors Tab

You use the Custom Errors tab to set up custom HTTP errors for your site. This tab s settings determine what Web page will be returned to clients on various HTTP errors. You can use this tab to set up custom error files so that you return a custom error message on given HTTP errors. This tab also enables you to return to the default error if you make a mistake or change your mind.

^[1] With Windows Server 2003 and IIS 6.0, Microsoft has made advancements that mean you no longer suffer a significant performance penalty from running outside of the Web server process, making the Medium and High options more appealing.