Week 13 - IIS.pptx

Full Transcript

Week 13: IIS
NTWK-8070: Windows Server Roles and
Features

This week…
This week we will learn about:
• IIS
• What is IIS
• What is IIS Used For
• IIS History
• Basic IIS Implementation

The Internet

What is the Internet?
• Contrary to some opinions, the Internet is
not simply websites.
• Yes, we do think of websites when we talk
about the Internet, but it’s much more than
that
• Encyclopedia Britannica defines the
Internet as: “a vast network that connects computers all
over the world. Through the Internet, people can share information
and communicate from anywhere with an Internet connection”

The “Web” is a single component
• Websites are a small part of our “internet”
• They play an extremely important part of
our daily life – from news, to social
networking
• Run on servers that are interconnected via
the internet
• Servers are “web servers” that host this
content

The Web Server
• The Web Server is the crucial piece of
being able to deliver you the content you
require
• It is a software solution running on a
computer platform (Windows Server,
Linux, or something else)
• Employ a myriad of different technologies
• The fundamentals are still “HTTP and
HTTPS”

The Web Server

A Web Server is…
• A piece of software that exists to handle
user access requests to deliver content
• Come in many different flavours, we will be
touching mainly on IIS, but will briefly
cover some popular alternatives

What is IIS?
• Internet Information Services
• Windows-only Web Server
• Released way back in 1995 for Windows
3.1
• Currently in its 14th iteration
• Used in many Microsoft-first web services

The “It’s working!” page

IIS is not the only player out there!

The Popularity of IIS
• IIS is not the most popular web server due
to it’s closed source and dependency on
the Microsoft ecosystem
• Limited support for programming
– Many web-first programming languages are
not supported, or lack full support (i.e. Python)

• Internet giants (Google, Meta/FaceBook)
are big supporters of FOSS (Free Open
Source Software)

What IIS does well
• Is well-integrated and stable
• Easy to manage using a very simplistic
GUI
– Other popular web servers (Nginx, Apache)
rely on configuration files, manual changes

• Is natively supporting many Windows
features, such as authentication, and the
same security as Windows Server uses
(access, DACLs, etc)

Easy vs Hard

Let’s go through an Install!

Add the Role

Select the Web Server (IIS) Role

Include the Management Tools

Accept the Default Features

Some legacy applications may require the .NET 3.5, you may also
chose to install the ASP.NET language for dynamic web pages

Pick the required Role Services

A note on Role Services
• Role Services are important to the function
of IIS, and there are many important ones
that, depending on what you need to
achieve, are not included by default, and
must be installed
• Installation of Role Services can be done
after the fact

Example of useful (not-default installed) Role Services
• HTTP Redirection – which will redirect users from one
page to another, such as redirecting HTTP to HTTPS or
WWW to simply the domain name
• Basic, Windows and Digest authentication – provides
a way to authenticate users before they access websites.
This can leverage your AD infrastructure to authenticate
users prior to giving access
• Dynamic Content Compression – provides a
mechanism to lessen the bandwidth impact, at the cost
of increased CPU loads
• FTP – Allows you to implement your Web Server as an
FTP server

Then wait for the install…

Or…
•

Install-WindowsFeature -name Web-Server –IncludeManagementTools

• Through PowerShell
• Fast, efficient
• Want Role Services?
•

Enable-WindowsOptionalFeature -Online -FeatureName {RoleService}

Managing IIS

Managing is Easy…ish
• Managing IIS is done either through
PowerShell, Configuration Files, or the IIS
Manager Console

The Dashboard

Sites and App Pools
The left pane contains
the websites and
application pools

Application Pools
• An application pool is a group of one or
more worker processes that handle webapplications
• They are used for a number of tasks, from
hosting basic websites, to more advanced
web-applications
• The properties of App Pools define the
“performance and capabilities” of websites

Application Pool Settings

Examples of things you can configure in App Pools

• App Pools are complex
• You can configure a number of things in
them, such as the Identity that is used to
host the content (i.e. a user account
[security principal] that is used to host a
website or web application)
– i.e. a web app that resets passwords may
need an identity configured that has
permissions to reset passwords

Other Configuration Options
• CPU Limits (prevent runaway application,
etc)
• Garbage Collection (enables cleaning of
stale resources)
• Allowing 32-bit applications
• Specifying specific .NET versions for app
developers
• And more…

The Default App Pool

The Website

The application – Website
• A website is bound to an app pool
– Creating a new website will, by default, want
to create a new application pool
– You can override this and use an existing app
pool

• It inherits the permissions of the identity of
the app pool
– The app pool’s “identity” property

Website - Continued
• Is bound to an interface and port, and
allows configuration of protocols
(HTTP/HTTPS)
– Allows you to bind to a specific IP/Interface, or
all interfaces
– If you have more than one website bound to
the same IP/Interface – “Host Headers” will be
used to determine what website you want to
visit

Website – Continued 2
• Is given a “Physical Path” that defines the
web root – or where the files are stored
– By default, the App Pool’s permissions will be
used to see if it can access the folder – this is
known as “Pass-through authentication”
– You can also specify an alternative identity
that will be used exclusively for permissions
on that physical path

Creating a New Website

Modifying the Settings

Adding Websites, Applications and Virtual Paths

Creating our site
• We will use www.yourlastname.com as a
“demo domain”
• Notice the “Physical Path”

Our “website”

Let’s add a folder (in the site directory)

The website created

App pool is automatically added

Adding a Virtual Path

Virtual vs Physical path

What is a Virtual Directory
• A virtual directory is one that exists outside
of the Website folder (known as the
Webroot)
• Allows you to store files, or show files that
are in different locations, such as different
servers without having to expose those
folders to the website

Demo vs Sample

Adding an Application
• As we mentioned, a website is an
application in the app pool
• Adding an application essentially makes a
new website in an existing website
• The “sub-application” exists in the same
website, and allows you to use another
application pool with different identities
and properties than the parent website

Creating Application

The IIS Manager Console

Applications…
• Apps added to websites can reside in
different locations than the website
• Can either use the same identity, or a
different identity
• Allows you to allocate different “resources”
to different applications, or security
restrictions via identities (remember, they
are security principals)

Let’s talk about the dashboard

Common Configuration Parameters
• Authentication – allows you to configure
authentication, such as login, to ensure
that the user is authenticated before they
access the website/application
• Compression – allows you to implement
compression to offload some network
requirements, however at an increased
cost to the CPU

Configuration Cont’d
• Default Document – allows you to specify what
file is opened (i.e. Index.html) when you simply
navigate to the website
– When you go to google, you don’t go to
“google.com/index.html” – for example, it
automatically takes you there.
– You can specify any default document – i.e.
“funnywebpage.html” – which would result in
https://yourlastname.com/ taking you to
https://yourlastname.com/funnywebpage.html by
default

Configuration Cont’d - 2
• Directory Browsing – Either allows or
denies listing of the directory contents.
This allows visitors to browse a list of all
the files – this is not advised!

Configuration Cont’d - 3
• Error Pages – allows you to specify what
error pages look like, basically a custom
error page that is not generic
• Common Errors include:
– 400 – “bad syntax” – meaning the request was impossible
– 401 – the user accessing the website was not authorized, i.e.
bad username or password
– 403 – no permissions to the directory, but user has authenticated
– 500 – the server is having issues

Configuration Cont’d - 4
• Logging – allows you to specify logging
options for the website, and properties
such as log size, or rollover maximums
• MIME Types – is a mechanism for forcing
certain actions (i.e. download vs display)
for content. For example, if you wish to
force a website to have the user download
a PDF versus view it in the browser, you
can do this here.

SSL Settings
• Is the final option we will talk about
• Allows you to specify SSL settings
• Requires HTTPS binding (website
properties)
• Requires a certificate
– Generate a self-signed certificate
– Or you can request it
– Certificates are not covered in this course

Web.config
• Any changes we do are automatically saved to a
file known as “web.config”
• If you wanted to, you could edit this file manually
to configure every aspect of the website
• The web.config file is stored in the Webroot of
the website
• People accessing the website cannot access the
web.config – it is used by the webserver to
server the website

Example web.config

Things to check…
• Your website should be accessible after
creation (provided you started it)
• Check the firewall (:80, 443 is allowed)
• Verify that the permissions to the Webroot
by the App Pool identity are allowed, or
that “connect-as” authentication is set up
correctly

End of Lecture, Questions?