Elczar Adame's Shared Points on SharePoint


 

Web Server in Windows Server 2008

Internet Information Services 7.0 in Windows Server Code Name “Longhorn” revolutionizes the Web server architecture by providing us the following augmentations:

1.    Windows Process Activation Services (WAS) that empowers our site to employ HTTP/HTTPS and non-HTTP protocols.

2.    Modular architecture that allows us to include and exclude modules as needed.

3.    Integrated platform with ASP.NET, Windows Communication Foundation, and Windows SharePoint Services.

What is more, these architectural innovations assure us of utmost compatibility with our existing application – e.g. ADSI, ASP .NET applications, ISAPI extensions, et al.

In this piece, I will be deliberating on Windows Process Activation Services, and Modular Architecture with ASP.NET integration. Then again, I’ve posted a brief piece on Windows SharePoint Services integration at http://elczara.spaces.live.com/blog/cns!554EC06D366AC9D5!220.entry.

Windows Process Activation Services

By eradicating the dependency on HTTP, Windows Process Activation Service model simplifies the Internet Information Services architecture. It is the process activation service of IIS 7.0 to support both HTTP and non-HTTP transports, including TCP, Named Pipes, and MSMQ. What is more, it provides management services of application pool configuration and worker process in the entire IIS 7.0 request processing.

Required 

Figure 1. Windows Process Activation Services as a required feature for IIS 7.0.

In the entire request-processing-response servicing, IIS 7.0 takes benefit of several components. These include Windows Process Activation Services, World Wide Web Publishing Service (W3SVC), Listener Adapters, Protocol Listener, and Worker Process.

At this instant, to appreciate the enhancement made in IIS 7.0 through WAS, we will initially give a glance on the process on IIS 6.0 in worker process isolation mode.

1.    Upon receipt, the HTTP protocol stack (HTTP.sys) validates the request. If valid, the HTTP.sys verifies the requested content type. Else, it will notify the client.

2.    If the requested content is static, a response will immediately be served to the client. Else, the HTTP.sys verifies the presence of response in the kernel-mode cache.

3.    If the response is in the cache, HTTP.sys will immediately provide the response. Else, the same request will be placed in queue.

4.    If the queue has no corresponding worker process, the HTTP.sys informs the WWW Service to initialize one. With this, the worker process processes the request.

5.    The Worker Process sends the response to HTTP.sys, and the later sends it the client.

 

With the birth of IIS 7.0, however, the paradigm has sifted to WAS-centered architecture. Below is the tabular presentation of the process:

Component

Description

Protocol Listener

Listens for incoming protocol-specific request. It may be HTTP, NET.TCP, NET.PIPE, or NET.MSMQ request. Moreover, HTTP.sys remains the listener for HTTP request.

Windows Process Activation Service

Reads information from applicationHost.config file and passes it to listener adapters.

Listener Adapter

Based on the information received from WAS, it pulls request from the application pool queue and passes it to corresponding process protocol handler. However, if no corresponding application pool employed for the request, the WAS will initialize one. Moreover, w3svc provides the listener adapter for HTTP request.

Process Protocol Handler

Channels request through the service model of a particular protocol for processing. Note that WWW Services is no longer administering the worker process.

 Modular Architecture

Internet Information Server 7.0 is a lightweight server core with several pluggable features, known as modules. Thus, they could be included into or excluded from this core as needed. A module is either a Win32 DLL or a .NET 2.0 type included within an assembly. The former is called native module while the later is called managed module. Moreover, these modules can be replaced by a custom module developed in IIS 7.0 C++ APIs, or ASP.NET 2.0 APIs.

Module

Figure 2. Modules feature view in IIS 7.0 Manager.

With this architecture, we can take advantage of:

1.    Minimized attack surface area and memory trail by adding only modules that are needed.

2.    Integrated IIS and ASP.NET features that once were duplicated.

3.    Availability of ASP.NET features to all request type.

With this model, ASP.NET is no longer employed with our Web server as a standalone application framework. It serves by now being a platform for extending the IIS Web server, facilitating ASP.NET components to turn into constituents of the IIS request processing pipeline. Hence, ASP.NET services can now apply to any content type including ASP pages and PHP pages.


Figure 5 Integration with ASP.NET in IIS 6.0 and IIS 7.0 (Click the image for a smaller view)

Moreover, with the innovated configuration store of IIS 7.0, we have the leverage to examine these modules by opening the <globalModules> and <modules> elements of the configuration file located in (%windir%\System32\inetsrv\config\applicationHost.config where the former defines the server level modules or global modules, and the later delineates the enabled modules for all applications on the server.

Native Modules    

Name

Description

AnonymousAuthenticationModule

Allows us to access any public content without providing a credential.

BasicAuthenticationModule

Requires us to provide a credential to access content. It transmits unencrypted base64-encoded passwords across the network.

CertificateMappingAuthenticationModule

By mapping the SSL client certificate to an Active Directory account, it facilitates usage of client certificate for authentication.

CgiModule

Lets us define how our Web server passes information to an external program.

ConfigurationValidationModule

Implements validation of configuration.

CustomErrorModule

Aside from implementing the IIS 7.0 detailed error feature, it allows us to customize the error messages returned by our Web server.

CustomLoggingModule

Provides us support to tailor logging format of Web server activity footed on our needs.

DefaultDocumentModule

Lets us configure the default file for the Web server.

DigestAuthenticationModule

Employs by submitting hashed password to the Windows domain controller.

DirectoryListingModule

Employs browsing of our Web server directory.

DynamicCompressionModule

Implements HTTP compression of dynamic content.

FailedRequestsTracingModule

Implements tracing of failed requests to diagnose our Web application.

FastCgiModule

Supports FastCGI, which offers a high-performance option to CGI.

HttpCacheModule

Takes up the IIS 7.0 output caching and the HTTP.sys caching process.

HttpLoggingModule

Affords us to log our Web site activity.

HttpRedirectionModule

Implements support to redirect user request to a defined destination.

IISCertificateMappingAuthenticationModule

By mapping the SSL client certificate to a Windows account, where credential and mapping rules are maintained within the IIS configuration store, it facilitates usage of client certificate for authentication.

IpRestrictionModule

Permits us to allow or deny request from a specific IP address and domain name.

IsapiFilterModule

Implements support for files that extend IIS functionalities, knows as ISAPI filters.

IsapiModule

Implements support for Web content using ISAPI extensions.

ProtocolSupportModule

Carries out protocol-based actions – e.g. setting response headers and redirecting headers based on configuration.

RequestFilteringModule

Employs screening of requests to our server based on defined rules.

ServerSideIncludeModule

Server Side Includes (SSI) facilitates dynamic generation of HTML pages.

StaticCompressionModule

Implements HTTP compression of static content.

StaticFileModule

Employs publication of static Web file format in our server.

UrlAuthorizationModule

Allows us to define access restriction rules to our Web content. It could be bound to users

WindowsAuthenticationModule

Works only in an intranet environment leveraging our Windows domain security implementation.

Managed Modules

AnonymousIdentification

Implements configuration of anonymous identification for application authorization.

DefaultAuthentication

Makes sure the presence of an authentication object.

FileAuthorization

Employs verification of user permission to access the file requested.

FormsAuthentication

With the aid of Forms Authentication Provider, it lets us implement client registration and authentication at the application level.

OutputCache

Stores the contents of a processed ASP.NET page in memory which allows ASP.NET to send a page response without going through the page processing lifecycle.

Profile

Correlates information with a specific user and accumulates the information in a standard format.

RoleManager

Aids us to manage authorization, granting us to define user access in the resources of our application.

Session

Since HTTP is a stateless protocol, it enables us to store and retrieve values across different Web pages.

UrlAuthorization

Implements verification of user permission to access the URL requested.

UrlMappingsModule

Facilitates mapping of URL displayed to user to the URL of a page in our Web application.

WindowsAuthentication

With the aid of Windows Authentication Provider, it implements Windows authentication in conjunction with IIS authentication to secure ASP.NET applications.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud

%d bloggers like this: