Applications versus Web Sites

A Web site is nothing more than a virtual directory associated with a specific server. The simplest way to see that is to create one yourself. Don't use Visual Studio, FrontPage, or your favorite integrated editor; do it by hand, at least this once. Start the Internet Information Services applet on your server. In Windows 2000, click Start ® Programs ® Administrative Tools ® Internet Services Manager to launch the applet. The Internet Services Manager (ISM) applet runs as part of the Microsoft Management Console (MMC).

You'll see the dialog in Figure 16.1 (the dialog and items vary in different Windows versions).


Jibm SfYl 4 Tn* I

ji 'iwm-iii

. jBBMina

< A MrttHtto VMl 5ti * ^-Mi^pitnu-.-wi s- nil f ^ 13 3. ¡2 fl l-nlxi

Jibm SfYl 4 Tn* I

ji 'iwm-iii

. jBBMina

J Jj

Hary | Mi








_l vil M

A 1

Figure 16.1: Internet Services Manager applet

Select the Default Web Site (again, depending on your setup, this item may have a different title; it's configurable, but in my experience, most people leave the name set to the default). Right-click and select New ® Virtual Directory from the pop-up menu. You'll see the Virtual Directory Creation Wizard screen (see Figure 16.2).

Figure 16.2: Virtual Directory Creation Wizard Click the Next button to continue. You'll see the Virtual Directory Alias screen (see Figure 16.3).

Iwrtud Directory cre-riMm Wir*d


VilLUâl Urfecloiy Alios


VAithrf tr-n the v*haJ ihai ina

ne. w JÉW. iff qwcfe rflfiMi?

lyK^tt-Sèa. Hd tsulf kDtfl« mj hldlilVd] VUïri lii^H'. r-sp* r^ra cc^ït* wr thai fvj d iwnwa $ dretfct lyK^tt-Sèa. Hd tsulf kDtfl« mj hldlilVd] VUïri lii^H'. r-sp* r^ra cc^ït* wr thai fvj d iwnwa $ dretfct

Figure 16.3: Virtual Directory Creation Wizard, Virtual Directory Alias screen

A virtual directory is an alias name for a physical directory. Enter the name CSharpASPTest into the Alias field and then click Next. You'll see the Web Site Content Directory screen. You need to enter the physical path of the root folder for the new virtual directory. Unfortunately, I usually get this far and then decide that I want to create a new directory. No problem. Launch Windows Explorer and create a new directory somewhere named CSharpASPTest. After you've created the new directory, return to the Web Site Content Directory Screen and enter the path to the new directory into the Directory field. For example, I created the new directory as c:\inetpub\wwwroot\CSharpASPTest and entered that path into the Directory field (see Figure 16.4). Click the Next button to continue.

Figure 16.4: Virtual Directory Creation Wizard, Web Site Content Directory screen

You'll see the Access Permissions screen (see Figure 16.5).



Acc?i± h'ciAiu i ion-1


WhJ pBFTinm <3n ¡kw wJ in ^ l<p il^ vrturi

the lofcwg

P Bt»5

17 HLXI u-JJI miBPi

r È=t»iia fiiih ii ISACT awlemfn ^ CÇII

"r w-p

P traw»

rV:k Nul In MHT^IIIIIIC if™ my.nd

<Sltt | JJfJ, j

M |

Figure 16.5: Virtual Directory Creation Wizard,Access Permissions screen.

The Access Permissions screen provides a first level of security protection. By default, IIS applies the Read and Run Scripts (such as ASP and ASP.NET pages) permissions to the new virtual directory. You have options (unselected by default) to let the application run executable content, let the application write to the directory, and let users browse the content.

Warning Normally, you should not select the Execute, Write, or Browse permissions check boxes.

All these options have security ramifications. The only one you need with any regularity is the Write capability, which you should apply only to specific protected files or subfolders. You can do that with the file and directory security options in Windows Explorer at any time. Leave the three options unchecked.

Click Next to complete the wizard and then Finish to close it. The ISM creates the new virtual directory and applies the selected permissions, but it does something else, too. Look at the icon for the new virtual directory (see Figure 16.6).

I "1 Interne* IrfforvndtMfl S«vk«


TiM 1

km 1

^ y < e. rrt ÏW a w*?

■ C^P-DitnrwiruiwwinltiitVTwoH J-flstf.WH, ü

- A 1 'uMrfiiJi - £S cvi«* HP sts


- jM Vus*

»■ S iwub


j: J Pinerf

T S i"ninrini*r~ni

CStmrA-^mt.i. >) CStüpiSCTfct.i. J] c^i^Tirt-v .. jfHwliduv fl ■ t -r

1 1-1 1

Figure 16.6: Internet Information Services applet after creating the CSharpASPTest virtual directory

Figure 16.6: Internet Information Services applet after creating the CSharpASPTest virtual directory

Note Your virtual directory list will look different than mine. The important thing is that you see the new CSharpASPTest virtual directory in the list.

The open box icon denotes an IIS application rather than a simple virtual directory.

Tip If the ISM didn't automatically create an application for you, the icon will not look like a box; it will look like a folder with a globe in one corner, denoting a World Wide Web folder. Don't worry about it. You'll see how to create the application manually in this section.

To understand the difference, you have to go backward in time a little to COM+ technology, or even further, when the name was Microsoft Transaction Server (MTS). A COM+ application runs in a virtual space, isolating it from other applications running on the same server. It's much more difficult for a COM+ application to bring down the entire server if it fails. That's the reason the default virtual directory creation settings for IIS create an IIS application rather than a simple virtual directory.

Note If you don't check the Run Scripts option on the Access Permissions screen, IIS creates a plain virtual directory rather than an IIS application.

Note Creating a virtual directory in IIS3 on NT4 does not create an IIS application by default.

It's worth your time to explore this topic just a little further, because there are some things you can't do with the property dialogs for ASP.NET applications.

Right-click your new CSharpASPTest virtual directory and select Properties from the pop-up menu. You'll see the CSharpASPTest Properties dialog (see Figure 16.7). Make sure you're on the Directory tab.

P*tf trim


PiK'ny I Qoturtrii I Diedvy Çtoity ^^hefiicnvi irfl io th; itoJd core hem ff rh* jt^HH iKtlf;

r iredreitnyiMiURL

LKiPah |VL5hwA-iPT(U

I- -¡OLIÎ t ! w Lojwib

f Find

f iKfe't-i


v DptcJ^y ijr'.-fg

''Et*-: atofi r >Tr:





L >v j -Vx*"'

zhccaia P*inw ip3f*i

A Df^ F^ai r&w



Figure 16.7: CSharpASPTest Properties dialog

The bottom third of the dialog is titled Application Settings. If the Application Name field is grayed out on your dialog or doesn't contain the name CSharpASPTest, the ISM applet didn't create the application for you automatically. No problem. If that's the case, click the Create button next to the Application Name field.

Note If ISM did create the application, the button caption reads "Remove" rather than "Create."

Set Execute Permissions to Scripts Only and set Application Protection to Medium (Pooled). Next, click the Configuration button. You'll see the Application Configuration dialog (see Figure 16.8).

Figure 16.8: CSharpASPTest Properties, Application Configuration dialog

This dialog has three tabs. The App Mappings tab controls how the server treats various types of requests. Scroll down until you see the .aspx entry. Click the Edit button (but don't change anything; you're just exploring). You'll see the path in the Executable field, the .aspx extension in the Extension field, and the four "verbs" get, head, post, and debug in the Limit To field. The Script Engine check box lets the executable run in a virtual directory without Execute permissions (one marked Run Scripts in the Virtual Directory wizard or via the Virtual Directory Properties dialog). The Check That File Exists setting tells IIS to return an error message for scripting engines that don't automatically return messages for missing scripts or for requests in which the user doesn't have permission to access the requested file. If you want to add or change application mappings for a specific IIS application, you change them in this dialog. To change application mappings for the entire site, change them in the Default Web Site application properties.

Next, click the App Options tab. While it may look as though you can control some aspects of your application via this dialog, none of the options applies to ASP.NET. The options on this page apply only to classic ASP applications. The options on the last tab, App Debugging, don't apply to ASP.NET either. You configure ASP.NET application settings exclusively through the web.config and machine.config files and through page-level directives or code.

Click Cancel to close the dialogs. Look at the bottom of the CSharpASPTest Properties dialog again. The Application Protection setting should read Medium (Pooled). Click the arrow to drop down the options; with IIS 5 and Windows 2000, there are three of them:

Low (IIS Process) Runs in the same address space as the server itself. Web applications that run in the IIS process address space can crash the server completely; however, Web applications running in this space are faster than those that run as Pooled or Isolated applications.

Medium (Pooled) Runs as part of a group of pooled applications. This setting provides server protection, but one errant application can bring down the entire group. However, the setting provides a good compromise. Although Web applications in this space don't run as fast as those in the IIS process, they can be restarted automatically if they crash. This is the default setting.

High (Isolated) Your application gets its own address space. This setting is the slowest but provides the greatest protection for other applications that may be running on the same server. With classic ASP applications, I recommend that people change the setting to High, but ASP.NET applications seem to be quite stable. When you're worried about the effect of installing a new application on your server, you don't have a dedicated development server, or you're building Web applications that must interoperate with COM components, you should consider changing the setting from Medium to High.

Leave the dialog open for now; you'll change the setting in a minute. If you've never worked with COM+ applications, it's useful to see what effect the setting has.

Click Start ® Programs ® Administrative Tools ® Component Services. That launches the Component Services applet, which runs in the MMC just as the Internet Information Services applet does. In the list in the Tree pane, expand the Component Services item and the Computers item and then expand My Computer. Finally, expand the COM+ Applications item. Exactly what you'll see in the expanded list depends on the installed set of COM+ applications on your server, but one of the items is called IIS In-Process Applications (see Figure 16.9). That's where your application runs when you set the Application Protection property to Low (IIS Process).

1 7" 1»«w 1* r

■ft invito

p. | ft a s

■ Z s

Tph [

IIS 1 frftK444 Hrtk-y.iirf 2 iè^ï-Jï!'

, fllMHIl

■ -T; ::. ■ ■ t ■' • IK* l'iri ; ï HIM«

> _IhMitnJKd

- ^ StnkK (jJXtfi

_J _l

i i r i

Figure 16.9: Component Services applet, COM+ Applications

Figure 16.9: Component Services applet, COM+ Applications

When you run your Web application with the Medium (Pooled) setting, it runs as part of the next item, called IIS Out-Of-Process Pooled Applications. However, when you run your Web application with the High (Isolated) setting, it runs as a separate application. To see that, go back to the CSharpASPTest Properties dialog and change the setting to High (Isolated). Click the Apply button and then close the dialog by clicking OK.

Now switch back to the Component Services applet and shut it down. Reopen it and you'll see an item named iis-{Default Web site//Root/csharpASPTest} in the list (see Figure 16.10).

17" 1»«W1* r

H- lol*l

■ft invito


■ Ei! 1:1

Tfi |

JIHMf. !_(«!_■

' ( | USLUlM ■7: BS.fMoi Wd>S(JJBuif-JkM(Ji*T«I*| ■ _J Gyrwittti


Ft: QgRribi ^ Svtfiw- ftfltattn > J miitUlKl) nrjiiMllvr-dMnMKi ■ Uji11*



1 1 r I

Figure 16.10: Component Services applet, COM+ Applications pop-up menu

Figure 16.10: Component Services applet, COM+ Applications pop-up menu

The main advantage of running your application separately during development—other than the protection it provides for other applications—is that you can shut down the application, thus releasing all DLLs used by the application. This capability doesn't matter unless you're using COM components as part of your application, but when you are, and you need to make a change to a component, you probably don't want to shut down other applications—or the Web server—just so that you can make that change. You can shut down a COM+ application by right-clicking the application in the list and selecting Shut Down from the pop-up menu.

Note Before continuing, go back to the CSharpASPTest Properties dialog and change the setting back to Medium (Pooled).

Was this article helpful?

0 0

Post a comment