Elczar Adame's Shared Points on SharePoint


Web Server in Windows Server 2008

Internet Information Services 7.0 in Windows Server Code Name “Longhorn” revolutionizes the Web server architecture by providing us the following augmentations:

1.    Windows Process Activation Services (WAS) that empowers our site to employ HTTP/HTTPS and non-HTTP protocols.

2.    Modular architecture that allows us to include and exclude modules as needed.

3.    Integrated platform with ASP.NET, Windows Communication Foundation, and Windows SharePoint Services.

What is more, these architectural innovations assure us of utmost compatibility with our existing application – e.g. ADSI, ASP .NET applications, ISAPI extensions, et al.

In this piece, I will be deliberating on Windows Process Activation Services, and Modular Architecture with ASP.NET integration. Then again, I’ve posted a brief piece on Windows SharePoint Services integration at http://elczara.spaces.live.com/blog/cns!554EC06D366AC9D5!220.entry.

Windows Process Activation Services

By eradicating the dependency on HTTP, Windows Process Activation Service model simplifies the Internet Information Services architecture. It is the process activation service of IIS 7.0 to support both HTTP and non-HTTP transports, including TCP, Named Pipes, and MSMQ. What is more, it provides management services of application pool configuration and worker process in the entire IIS 7.0 request processing.


Figure 1. Windows Process Activation Services as a required feature for IIS 7.0.

In the entire request-processing-response servicing, IIS 7.0 takes benefit of several components. These include Windows Process Activation Services, World Wide Web Publishing Service (W3SVC), Listener Adapters, Protocol Listener, and Worker Process.

At this instant, to appreciate the enhancement made in IIS 7.0 through WAS, we will initially give a glance on the process on IIS 6.0 in worker process isolation mode.

1.    Upon receipt, the HTTP protocol stack (HTTP.sys) validates the request. If valid, the HTTP.sys verifies the requested content type. Else, it will notify the client.

2.    If the requested content is static, a response will immediately be served to the client. Else, the HTTP.sys verifies the presence of response in the kernel-mode cache.

3.    If the response is in the cache, HTTP.sys will immediately provide the response. Else, the same request will be placed in queue.

4.    If the queue has no corresponding worker process, the HTTP.sys informs the WWW Service to initialize one. With this, the worker process processes the request.

5.    The Worker Process sends the response to HTTP.sys, and the later sends it the client.


With the birth of IIS 7.0, however, the paradigm has sifted to WAS-centered architecture. Below is the tabular presentation of the process:



Protocol Listener

Listens for incoming protocol-specific request. It may be HTTP, NET.TCP, NET.PIPE, or NET.MSMQ request. Moreover, HTTP.sys remains the listener for HTTP request.

Windows Process Activation Service

Reads information from applicationHost.config file and passes it to listener adapters.

Listener Adapter

Based on the information received from WAS, it pulls request from the application pool queue and passes it to corresponding process protocol handler. However, if no corresponding application pool employed for the request, the WAS will initialize one. Moreover, w3svc provides the listener adapter for HTTP request.

Process Protocol Handler

Channels request through the service model of a particular protocol for processing. Note that WWW Services is no longer administering the worker process.

 Modular Architecture

Internet Information Server 7.0 is a lightweight server core with several pluggable features, known as modules. Thus, they could be included into or excluded from this core as needed. A module is either a Win32 DLL or a .NET 2.0 type included within an assembly. The former is called native module while the later is called managed module. Moreover, these modules can be replaced by a custom module developed in IIS 7.0 C++ APIs, or ASP.NET 2.0 APIs.


Figure 2. Modules feature view in IIS 7.0 Manager.

With this architecture, we can take advantage of:

1.    Minimized attack surface area and memory trail by adding only modules that are needed.

2.    Integrated IIS and ASP.NET features that once were duplicated.

3.    Availability of ASP.NET features to all request type.

With this model, ASP.NET is no longer employed with our Web server as a standalone application framework. It serves by now being a platform for extending the IIS Web server, facilitating ASP.NET components to turn into constituents of the IIS request processing pipeline. Hence, ASP.NET services can now apply to any content type including ASP pages and PHP pages.

Figure 5 Integration with ASP.NET in IIS 6.0 and IIS 7.0 (Click the image for a smaller view)

Moreover, with the innovated configuration store of IIS 7.0, we have the leverage to examine these modules by opening the <globalModules> and <modules> elements of the configuration file located in (%windir%\System32\inetsrv\config\applicationHost.config where the former defines the server level modules or global modules, and the later delineates the enabled modules for all applications on the server.

Native Modules    




Allows us to access any public content without providing a credential.


Requires us to provide a credential to access content. It transmits unencrypted base64-encoded passwords across the network.


By mapping the SSL client certificate to an Active Directory account, it facilitates usage of client certificate for authentication.


Lets us define how our Web server passes information to an external program.


Implements validation of configuration.


Aside from implementing the IIS 7.0 detailed error feature, it allows us to customize the error messages returned by our Web server.


Provides us support to tailor logging format of Web server activity footed on our needs.


Lets us configure the default file for the Web server.


Employs by submitting hashed password to the Windows domain controller.


Employs browsing of our Web server directory.


Implements HTTP compression of dynamic content.


Implements tracing of failed requests to diagnose our Web application.


Supports FastCGI, which offers a high-performance option to CGI.


Takes up the IIS 7.0 output caching and the HTTP.sys caching process.


Affords us to log our Web site activity.


Implements support to redirect user request to a defined destination.


By mapping the SSL client certificate to a Windows account, where credential and mapping rules are maintained within the IIS configuration store, it facilitates usage of client certificate for authentication.


Permits us to allow or deny request from a specific IP address and domain name.


Implements support for files that extend IIS functionalities, knows as ISAPI filters.


Implements support for Web content using ISAPI extensions.


Carries out protocol-based actions – e.g. setting response headers and redirecting headers based on configuration.


Employs screening of requests to our server based on defined rules.


Server Side Includes (SSI) facilitates dynamic generation of HTML pages.


Implements HTTP compression of static content.


Employs publication of static Web file format in our server.


Allows us to define access restriction rules to our Web content. It could be bound to users


Works only in an intranet environment leveraging our Windows domain security implementation.

Managed Modules


Implements configuration of anonymous identification for application authorization.


Makes sure the presence of an authentication object.


Employs verification of user permission to access the file requested.


With the aid of Forms Authentication Provider, it lets us implement client registration and authentication at the application level.


Stores the contents of a processed ASP.NET page in memory which allows ASP.NET to send a page response without going through the page processing lifecycle.


Correlates information with a specific user and accumulates the information in a standard format.


Aids us to manage authorization, granting us to define user access in the resources of our application.


Since HTTP is a stateless protocol, it enables us to store and retrieve values across different Web pages.


Implements verification of user permission to access the URL requested.


Facilitates mapping of URL displayed to user to the URL of a page in our Web application.


With the aid of Windows Authentication Provider, it implements Windows authentication in conjunction with IIS authentication to secure ASP.NET applications.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Tag Cloud

%d bloggers like this: