Beruflich Dokumente
Kultur Dokumente
HLllHB DarmStddt
urn1111 iiurnii
15905980
McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City
,f
Contents
Acknowledgments Introduction xvii xix
D3I
IIS Fundamentals
About Windows Server 2003 Hardware Support in Windows 2003 Installing Windows 2003 Installing IIS The IIS Subcomponents IIS Services The IIS Directory Structure The Administration Web Site IIS Help Files The Inetpub Directory Accounts Used by IIS IUSR_COMPUTERNAME IWAM_COMPUTERNAME IIS WPG
3
4 4 5 6 6 8 9 9 10 10 10 10 10 10
Mf
IIS 6 :The C o m p l e t e
Reference
Navigating IIS The Microsoft Management Console The Metabase Metabase History Backing Up and Restoring the Metabase Editing the Metabase The Metabase Schema IIS 6 Architecture Worker Process Isolation Mode Application Pools Health Monitoring Orphaning Worker Processes Scalability Web Gardens
11 11 13 14 14 16 17 17 18 19 19 20 20 20
D1I
21
22 22 23 24 25 26 26 26 31 32 34 44 46 56 60 62 64 70 70 73 74 74 75 75 76
Contents
vff
IZJII
83
84 86 87 88 89 91 91 92 97 100 102 103 103 104 104 105 105 105
109
110 Ill Ill 112 114 115 118 119 120 121 123 128 128 128 129 130 131 131 133
viii
US 6 : The C o m p l e t e
Reference
CI3ifi
TheNNTPService
Installing the NNTP Service Administering NNTP Administering NNTP Service Administering an NNTP Virtual Server Configuring an NNTP Virtual Server General Tab Settings Access Tab Settings Settings Tab Security Tab Creating a New NNTP Virtual Server Newsgroups Limit Groups Enumeration Create a New Newsgroup Configuring Newsgroup Properties Administering Newsgroups Expiration Policies New NNTP Expiration Policy Wizard Configuring Expiration Policies Virtual Directories Node New NNTP Virtual Directory Wizard Configuring an NNTP Virtual Directory Current Sessions
135
136 138 138 139 141 142 144 148 150 151 153 153 153 154 154 154 155 156 157 158 158 160
IIS Administration
Dll
Security
Internet Security Background Why Vulnerabilities Happen How You Can Protect Your System Common Types of Security Issues Viruses Trojan Horses Worms How to Protect Yourself from Attack The Secure Windows Initiative Patching Your System Securing IIS Don't Install Components You Don't Need Don't Turn On Directory Browsing Lock Down cmd.exe Set Execute Permissions for Your Web Site
165
166 166 167 167 167 168 168 170 170 171 174 174 175 175 175
C o n t e n t s : IX
Don't Set Up Write for Your Web Site Avoid Basic Authentication Set Up Logging Unmap Unneeded IS API Application Extensions Hide the Fact that You're Using Scripting Use SSL for Sensitive Web Sites Always Use NTFS Permissions Be on the Lookout for Hackers Try to Hack In Control IIS Servers Security Policies in Windows Server 2003 Creating a Local Security Policy Using the Local Security Policies User Account Security Force Strong Passwords Enable Account Lockout Force Periodic Password Changes Remember Past Passwords Set a Minimum Password Age Use One-Way Encryption for Password Storage Don't Create User Accounts with Easy Passwords Web Service Extensions Allowing Web Service Extensions to Run Prohibiting a Web Service Extension from Running Adding a New Web Service Extension Allow All Web Service Extensions for a Specific Application Prohibit All Web Service Extensions Modifying the Properties for a Web Service Extension . . .
176 176 176 176 177 177 178 178 178 178 178 179 180 181 181 182 183 183 184 185 185 185 186 186 187 187 187 188
Authentication
Anonymous Authentication Logon Types Subauthentication in IIS Basic Authentication Basic Authentication Tokens User Accounts and Basic Authentication Digest Authentication Advanced Digest Authentication Integrated Windows Authentication About Microsoft Negotiate About NTLM Authentication About Kerberos Authentication
189
190 191 191 192 192 193 193 194 196 196 196 197
IIS 6 : The C o m p l e t e
Reference
.NET Passport Authentication Establishing .NET Passport Service Setting Up the Site for .NET Passport Using Multiple Authentication Schemes
205
206 206 206 207 208 209 209 210 210 210 211 211 212 213 213 214 214 214 217 218 220 221 221 222 222 223 223 223 226 227 227 229 230 231 231 231 231
Contents
x!
Installing DNS on Your WS03 Server The DNS MMC Event Viewer Forward Lookup Zones Reverse Lookup Zones Using Round Robin DNS Using a Hosts File for Name Resolution
DI3
Administration Tasks
Editing the XML Metabase File Editing While the Server Is Running Editing While the Server Is Stopped Using the ADSI Provider IIS ADSI Objects IIS ADSI Properties IIS ADSI Methods Using the WMI Provider WMI or ADSI? Scripting with WMI Using the VBScript Utilities Provided with IIS Remote Administration with the HTML Interface Using the Remote Administration Site
243
244 244 245 245 245 246 247 248 248 249 251 253 254
10
Encryption
About Digital Certificates Certificate Keys Who Are Certificate Authorities? How Server Certificates Work with SSL How Client Certificates Work Creating Your Own CA Choosing Which Type of CA to Install Installing the Certificate Services on Your Server Creating a Certificate Request with IIS Sending a Request to Your Own CA Sending an SSL Certificate Request to a Commercial CA Sending a Request for a Client Certificate from the Certification Authority MMC Snap-in Sending a Request for a Client Certificate from the Web Issuing or Denying Certificates from a Standalone CA . . . Downloading a Web Browser Certificate from the Web Installing an SSL Certificate
259
260 260 265 265 266 267 267 268 272 273 275 277 278 278 278 279
xil
IIS 6 : The C o m p l e t e
Reference
Configuring SSL Settings Requiring Secure Communication Mapping Client Certificates to User Accounts Backing Up and Restoring a Certificate
D l i 11
Logging
Log File Formats Enabling Logging for Your Site Log File Formats W3C Extended Log File Format Microsoft IIS Log Format NCSA Common Log File Format ODBC Logging Using Custom Logging Modules Setting Up a Custom Logging Module with IIS Centralized Binary Logging Setting Up Centralized Binary Logging Crunching the Data
289
291 291 295 295 302 303 306 312 312 315 315 315
IIS Programming
12
ASP Programming
Overall Architecture of ASP Editing ASP files Setting Up IIS to Host ASP ASP Fundamentals ASP Objects Response Object Application Object Request Object Session Object Server Object Using XML Making a Transformation Using XSL ,
319
320 321 324 327 328 329 329 330 338 343 356 357
13
363
365 366 369 369 372
Contents !
xiii
Deploying a COM DLL Using regsvr32 Using Component Services Unit Test a COM DLL Using VB in COM Building a COM Object in VB6 with Data Access Support Properties in Classes Database Connection Credentials Error Handling Writing to Database Serializing into XML Enhanced Test Harness Deploy to COM+ with Constructor String Integrating XML and XSL
374 375 375 386 388 389 391 391 395 397 406 408 410 412
II 14
421
422 424 426 430 433 433 434 434 435 436 438 449 453
Ii 15
457
458 459 462 480 482 486 489
II 16
ATLServer
ATL Server Architecture Overview Create a Simple ATL Server Project
493
494 497
xiv
. IIS 6 : The C o m p l e t e
Reference
Using the ATL Server Project Wizard Project Settings Server Options in the ATL Server Project Wizard Application Options in the ATL Server Project Wizard . . . Developer Support Options in the ATL Server Project Wizard ATL Server Project Wizard Completion Server Response Files Tags in Server Response Files Request Handler DLL
17
ISAPI Extensions
ISAPI Architecture Overview URL Anatomy ISAPI Extensions Interacting with IIS ISAPI Compared to ATL Server Building a Simple ISAPI Extension Definition Export File ISAPI Extension Main Entry Point Deploy the HelloWorld ISAPI Extracting Information from IIS Building XML Representing the Server Variables Values Special Case of ALL_HTTP Server Variable Parsing the Header-Value Pair Assembling the Remaining XML Elements ISAPI Project Template Wizard Creating an ISAPI Extension in Visual Studio .NET
523
525 525 526 528 528 533 534 538 542 545 545 555 557 563 564
;j:y ':. , ,;
IIS Extras
,.
. , :
_J
18
571
572 573 574 576 577 578 578
Contents
XV
Define Functionality Functional Specification Gathering Functional Requirements Define the Design What Is a Facade? Produce the Facade Presenting the Facade Write the Technical Specification Technical Specification Template Functional Test Scripts Build the Solution Test the Solution Deploy the Solution After the Project Completion
581 582 590 591 592 594 595 597 598 600 601 603 604 605
19
Bringing It All Together: Creating Your Own Web Site Using IIS
Get a Domain Name Get an IP Address Set Up DNS Prepare the Server Checking Server Hardening Setting Up the Directory for the Web Site Securing the NTFS Permissions for the Site Add the Web Sites to IIS Enable ASP Configure the Application Pool Make the Code Make a Database Get a Certificate for the Test Site Get a Certificate for the Production Site Set Up the Web Site Security Create a User Account Set Up NTFS Permissions Set Up the Authentication Options Test the Code Roll into Production
607
608 609 610 612 612 613 613 616 616 616 617 622 623 625 626 626 627 628 629 629
20
Troubleshooting
Log Files About W3C Logging The Windows Event Viewer MIME Mappings
631
632 632 636 638
xvi
MS 6 : The C o m p l e t e
Reference
Dynamic Web Content Permissions Issues Worker Processes Worker Process Identity Worker Process Recycling Web Service Shutdown Performance Monitoring Real-Time Monitoring Using Counter Logs Using Alerts in Performance Monitor The General Tab The Action Tab The Schedule Tab
639 640 640 640 641 641 642 644 644 648 648 650 651
GH H
Escape Values
653 675