IIS Installation

Install IIS from Control Panel | Add/Remove Programs | Add/Remove Windows Components.

Installing a new WebSite

The default file-system location for IIS root websites is:  C:\Inetpub\wwwroot\.
Themes are templates, providing consistent headings, bullets and wallpaper e.g. “BluePrint” or “Technology”.

New site vs new virtual directory

Installing a “new website” requires either an additional IP address or alternate port; thus, the server IP(s) or ports define its websites.
To create a sub-web of the server (e.g. http://server/sub-web), right-click the default website and choose New | Server Extensions Web …
See below for a new “virtual directory”, which is merely an alternate directory path – outside the default directory structure.

FTP Administration

IIS FTP setup involves placing your documents in drive:\Inetput\ftproot and controlling permissions on that and its subdirectories.  For Intranet use, operating system and network security settings apply.  However, Microsoft warns that text passwords over the Internet are easily hacked, suggesting that there’s not much point in trying to get more FTP security than with the Anonymous user.

Allowing Anonymous FTP Internet use

Open the FTP port (21) on the router, entering the IP address of the internal IIS FTP server to be used.
Right click Default FTP Site | Properties.
You might need to specify the IIS FTP server IP address, rather than leave the default “All unassigned”, on the FTP Site tab under “Identification”.
On the “Security Accounts” tab, check “Allow only anonymous connections”.
An outside user should now be able to browse to ftp://IISserverIP, right-click the desired file and choose “Copy to folder …”

Websites Administration

Each web or FTP site must have a home directory, mapped to the site’s domain name (or to the server name).
A virtual directory is not contained in the home directory but appears to client browsers as though it were.  To publish from any directory not contained within your home directory, create a virtual directory.  A virtual directory has an alias, mapped to the virtual directory.  Aliases make it easier to move directories; rather than of changing the URL for a directory, you change the alias mapping to the physical directory location.  In Internet Services Manager a virtual directory is indicated by a folder icon with a globe in the corner.  In the following illustration,  /Customers/ and /PR/ are virtual directories:

For a complex site or to specify different URLs for different parts (directories) in a site, add virtual directories.
Redirecting a URL is useful to make a portion of the site temporarily unavailable or to have file links to an original virtual directory access the same files in a new virtual directory.  For instructions, see Redirecting Requests to a Directory.

Internet Information Services includes two features to dynamically alter Web content after the content has been requested, but before it gets returned to the browser server–side includes (SSI) and the Active Server Pages (ASP) scripting environment. SSI can carry out management activities from adding dynamic time–stamping to running a special shell command each time a file is requested.  SSI commands, called directives, are added to Web pages at design time.  When a page is requested, the Web server parses out all the directives it finds in a Web page, then executes them.  A commonly used SSI directive inserts, or includes, the contents of a file into a Web page e.g. to continually update a Web page advertisement, use SSI to include the advertisement's HTML source into the Web page. 

To update the advertisement, you need only modify the file containing advertisement's HTML source.  You do not have to know a scripting language to use SSI; simply follow the correct directive syntax.  For more detailed procedural and reference information, see Server–Side Includes.
ASP is a server-side scripting environment for dynamically altering Web content.  Although ASP is primarily designed for Web application development, it has many features to ease Web site management.  For example, with ASP you can track users visiting a Web site or you can customize Web content, based on browser capabilities.  However, unlike SSI, ASP requires a scripting language, such as VBScript or JScript.  For more information, see Using ASP to Manage Web Site Content.

Website Identification IP address

Default is “(All unassigned)”.  If the default Website Identification IP address is changed, links to localhost will be broken e.g. because the help system links point to localhost.

Design Considerations

When creating an IIS application consider a consistent directory structure, using paths that will make your deployment work smoothly.

• Use relative URLs to images and related files. Your application and its HTML pages can be deployed onto a Web server under a different parent directory than the one on the development computer. Because of this, it is best to use relative URLs in your HTML pages rather than absolute URLs. Absolute URLs indicate the exact drive and directory in which your HTML page will expect to find any related images or other files it references. Relative URLs give the name of the file to locate and indicate its location in relation to your project directory, specifying how many directories up or down to move to find the reference.
• Directory structure:  Use the same directory structure on your development machine as on the Web server.  Project files, including the designer, its DLL, any template files and any additional files the templates reference (such as .gifs) must be stored in the project directory or in subdirectories below it
• Use generated URLs. Use generated URLs whenever possible to move to other webitems or pages, rather than typing a manual URL (http://www.myserver.com/mypage.htm) into your webclass templates or code.
• Gather request resources with BeginRequest. Use the BeginRequest event to gather expensive server-side resources that the webclass should not hold longer than the duration of a request.  Release those resources with the EndRequest event.
• Use ADO data features:  With databases in your webclass code, use ODBC connection pooling and ADO disconnected recordsets.
• State management:  Read "State Management in IIS Applications."
• Using wcRetainInstance: When keeping a webclass alive between requests, be aware that Visual Basic creates apartment-model objects that it places into the Session objects, which binds the client to a particular thread.  This may cause difficulties. This may also be an issue if you put Visual Basic classes into the Session or Application objects.
• Do not use HTML pages that contain forms with the GET method. If you use an HTML template file that contains forms that use the GET method, you will not be able to successfully connect events and run the application.  Make sure that all webclass template files use the POST method for any forms.
• Close database transactions.  Avoid holding open database transactions across request boundaries, because there is no guarantee that the user will return to the transaction after the initial request is made.  Commit database changes at the end of every request.
• Allow for open navigation.  Include navigational buttons and other aids that allow a user to return to the starting point from any place in the application or include other cues to help the user figure out the appropriate navigational choice from each screen.
• Anticipate re-submits:  In applications that use HTML forms the user might complete a transaction and then use the back button to return to a data entry form thinking they can make a correction and resubmit.
• Reset data structures when a user moves backwards. If a user navigates back to the startup screen, you must reset the variables (e.g. login text boxes) to their original state.

IIS Objects Model

IIS applications are hosted by an Active Server Page file and use Active Server Pages object model objects. The webclass uses these objects to access and manipulate information from an HTML page. Each WebClass has its own ASP (1:1 relationship) whose path is the base URL for the webclass and its web items.  The VB WebClass object is an ActiveX designer.
Add HTML templates to your IIS application to enable your webclass to send HTML pages to the browser in response to user requests.  When you add a template to your webclass, you choose an HTML page to associate with it.  Though a webclass can contain multiple template webitems, each template webitem can represent only one HTML page. You must add additional templates for each HTML page
ASP objects, that a webclass can use, include:

• Request — Receives requests from end users via the browser.
• Response — Sends information to the browser to display.
• Session — Maintains current user session information and stores and retrieves state information.
• Application — Manages state that is shared across multiple webclass instances.
• Server — Creates other objects and determines server-specific properties that might influence the webclass's processing.
• BrowserType — Determines the capabilities of the user's browser and makes processing decisions based on that information.

Properties that you should always set for a webclass:

• StateManagement — determines whether your webclass stays alive between browser requests or is destroyed at the completion of each request, available for the webclass object in the Properties window.
• Public — Your webclass must be set to public for the application to run. This is controlled by the Public property, available for the webclass object in the Properties window.  By default, the Public property is set to True.
• Unattended Execution — This option, available in the Project Properties dialog box for your IIS applications, allows instances of a DLL class to be allocated on any thread. This ability is necessary to IIS in order to avoid having all webclass instances allocated to a single thread.
• Retained in Memory — This option, available in the Project Properties dialog box for your IIS applications, allows the Visual Basic project to keep its run-time support state permanently loaded on the server's threads, allowing server programs that load Visual Basic projects to run significantly faster.

Performance Considerations

ADO is designed for minimal network traffic in Internet scenarios and a minimal number of layers between the front-end and data source — to provide a lightweight, high-performance interface.
The cost of passing parameters out-of-process is far higher than passing them in-process.

Remoting ADO Recordsets

ADO Recordset objects can also be remoted, making ADO recordsets especially suited for use on intranet and Internet client-server applications.  For example, you can create an HTML or DHTML page that accesses data across the Internet from a web server application.  When creating the HTML page, you can include the Microsoft ActiveX Data Access Recordset 2.0 Library, which features only the Recordset object.  Since that library doesn't include the Command, Connection, and Parameter objects, your application will have the smallest possible footprint while retaining the functionality of the ADO Recordset features.

VB Internet Applications Security

DHTML security

DHTML applications are affected by security in the following ways:

• When downloading a DHTML application to a client, you may encounter zone security in Internet Explorer 4.  See the Internet Client SDK.
• Deployment files must be signed and licensed. See the "Downloading ActiveX Components".

IIS Security

IIS applications face the same restrictions as DHTML applications, above.  IIS applications have additional security options, since IIS applications use an Active Server Page (ASP) as the application entry point.  You can secure an ASP page in several ways:

• Set permissions on the Web server virtual directory that contains the ASP page.
• Set file access permissions, if you are using the Windows NT File system (NTFS) to determine which users can access the ASP page.
• Use client certificates through two protocols: Secure Sockets Layer (SSL) 3.0 or Private Communications Technology (PCT).  A client certificate is an encrypted number the browser sends to the server when it requests the ASP page.

IIS Applications vs. DHTML Applications

Both server-based IIS applications and client-based DHTML applications respond to HTML page events.  An IIS application consists of linked HTML pages, presented by a Web server (e.g. Apache or IIS) and responds to browser requests via an HTML user interface.

Browser dependency

DHTML applications are best used on Intranets and are dependent on Internet Explorer 4.0 or later.  IIS server-based applications do not need a specific operating system or browser and can be used on either the Internet or an Intranet.

Object models

IIS server applications use the Active Server Pages (ASP) object model; DHTML applications use the Dynamic HTML object model.

Opening a DHTML Application DLL Project

A DHTML Application DLL project is an ActiveX DLL project template that automatically loads the DHTML Page designer and its HTML toolbox tab and HTML controls, known as elements.
For every HTML page in your application, you need a corresponding designer.  Visual Basic automatically adds a DHTML Page designer to your project.

Processing location

IIS server applications perform most of their processing on the Web server; DHTML applications perform most of their processing on the client browser machine.  Therefore, you do not create Web server components for a DHTML application.

Security

Guest password dialog box

Across a non-domain (workgroup) LAN, a popup dialog box appeared, demanding a Guest password.  It wasn’t happy with any password, including a blank password or the Administrator password.  What cured this was right-clicking the default website in IIS Manager -> Properties -> Directory Security (tab) -> click the Anonymous access checkbox.
In other words, VS.Net Walkthrough instructions for configuring Integrated Security, which advise clearing the Anonymous access checkbox, cause the Guest password dialog box.
However, with Anonymous Access checked, the IIS IUSR account was denied MSDE login access to run a web service.

Glossary

ActiveX
An umbrella term for Microsoft technologies to create interactive World Wide Web content.   Language-independent interoperability technologies, enabling software components written in different languages, to work together in networked environments.  The core technology elements of ActiveX are the Component Object Model (COM) and Distributed COM.  These technologies are licensed to The Open Group standards organization and are being implemented on multiple platforms.  See also Component Object Model; Common Gateway Interface; distributed COM; Java.
Address Resolution Protocol (ARP)
A TCP/IP protocol for determining the hardware (physical) address of a LAN node connected to the Internet, when only the IP address (or logical address) is known.  An ARP request is sent to the network, and the node that has the IP address responds with its hardware address. Although ARP technically refers only to finding the hardware address and Reverse ARP (RARP) refers to the reverse procedure, the acronym ARP is commonly used to describe both.  ARP is limited to physical network systems that support broadcast packets.  It is defined in RFC 826. See also Reverse Address Resolution Protocol; Transmission Control Protocol/Internet Protocol.
asynchronous transfer mode (ATM)
A network technology capable of transmitting data, voice, video and frame relay traffic in real time. Data, including frame relay data, is broken into packets, containing 53 bytes each, which are switched between any two nodes in the system at rates ranging from 1.5 to 622 Mbps.  ATM is defined in the broadband ISDN protocol at the levels corresponding to levels 1 and 2 of the ISO/OSI model.  It is currently used in local area networks involving workstations and personal computers.  See also Integrated Services Digital Network; International Organization for Standardization Open Systems Interconnection model.
callback function
An IIS function, allowing an ISAPI extension or filter to access IIS services.
filter
In IIS, an ISAPI feature that allows requests pre-processing and response post-processing, permitting site-specific HTTP requests and responses handling.
FrontPage Server Extensions
Files installed on an HTTP service, providing a graphical interface to the website.  Authors can create, edit and post Web pages to IIS, remotely.
hash value
A small amount of binary data, typically around 160 bits, derived from a message by using a hashing algorithm.  The hashing procedure is one-way; there is no feasible way of deriving the original message or any of its Properties from the hash value, even given the hashing algorithm.  The same message will always produce the same hash value when passed through the same hashing algorithm.  Messages differing by even one character can produce very different hash values.
hash value comparison
When a client or server receives a hash value, as part of an authentication scheme, it will use a commonly known key value, such as a password, to create a hash value and compare the generated hash value with the one it received.  If they are identical, authentication is accepted.  See also replication.
host
The main computer in a system of computers or terminals connected by communications links.
host name
A specific server on a specific network within the Internet, leftmost in the complete host specifications e.g. www.microsoft.com  a.k.a. a “friendly name”.
out-of-process component
A COM component that runs in a separate process space from its client.
virtual directory
A directory name, used in an address, corresponding to a server physical directory; a.k.a. URL mapping.
virtual document
A document created in response to information provided by the user; also called a dynamic document.  A virtual document is created only in answer to a browser request and is not permanently stored in a physical directory.  An ASP page is an example of a virtual document.
virtual server
a.k.a. a Web site.  A virtual computer, that resides on an HTTP server, appearing as a separate HTTP server.  Multiple virtual servers can reside on one computer, each capable of running its own programs and each with individualized access to input and peripheral devices.  Each virtual server has its own domain name and IP address and appears to the user as an individual Web site or FTP site.  Virtual servers are used by ISP’s for clients to use their own domain names.
Uniform Resource Locator (URL)
A naming convention that uniquely identifies the location of a computer, directory or file on the Internet.  The URL also specifies the appropriate Internet protocol, such as HTTP or FTP e.g. http://www.microsoft.com.
URL mapping
Associating a URL with a physical directory.  See virtual directory.

Back Home