Student Academic blog

The Security Runtime Engine is nothing more than an HttpModule that hook's into the Pre-Render event of the page and encodes all server controls of your choice on a page before rendering it to the client. In an ideal situation this would require no code, changes by you. Simply add a reference to the HttpModule in your web.config file of your project as such given below.

ALL, asp.net, Web.Config asp.net, web.config, security

Introduction

The IIS 7.0 configuration system is compatible with legacy configuration interfaces at the API level. It supports the Admin Base Objects (ABO) interface, also known as IMSAdminBase, as well as the ADSI and WMI providers that were built on top of ABO in IIS 6.0. Existing applications and scripts can still call into those programmatic interfaces on IIS 7.0 and continue to work, as long as the Metabase Compatibility component of IIS 7.0 is installed

This document contains:

1. Installing Metabase Compatibility Support.
2. How Metabase Compatability Works.
3. Other Metabase Configuration Data.
4. Legacy Metabase Features.

Note: By default, this component is not installed.

Security

IIS 7.0 introduces many new security improvements from IIS 6.0. This document overviews these improvements with respect to:

1.      Authentication.

2.       Authorization.

3.       SSL.

4.      Web Service Extension Restriction List.

5.       IP restrictions.

Main Advantages of IIS 7.0 is Modular Design. Which gives some benefits for to IIS 7.0 over IIS 6.0?

Features IIS 6.0

Architecture Monolithic
Setup Most Features Installed
Extended Features ISAPI Filter and ISAPI Extension
Customize UI Normal

Features IIS 7.0

Architecture Modular
Setup Minimum installation based on role
Extended Features Added Module and handler in managed or native code
Customize UI Customize for .NET

IIS 7 is the next generation of the web servers that being launched by Microsoft to integrate Windows 2008 Platform. IIS 7 Platform is fully supported with Windows Server 2008.

IIS7 is able to provide a simplified, task-based management interface, greater cross-site control, security enhancements, and integrated health management for Web Services.
With IIS 7 and .NET Framework 3.0, 3.5, 4.0, our customers are able to efficiently connect users to each other and to their data. Users are able to visualize and share data on a much higher level. IIS 7 does not have this requirement, making configuration of web applications significantly easier.

In IIS 6, the directory that is the root of the web application needs to be configured as an Application via the Home Directory or Virtual Directory property tab in IIS Manager for the site.

Moving an ASP.NET Application from IIS 6.0 to IIS 7.0

1.       Web.config Files in IIS 7.0

2.       Moving a Web Application to Classic Mode

3.       Moving a Web Application to Integrated Mode

Reference:  http://msdn.microsoft.com/en-us/library/bb515251.aspx

Inside IIS 7.0 what u can do

1)       Application Development

a)      ASP.NET

b)      .NET Extensibility

c)       ASP

d)      CGI

e)      ISAPI Extensions

f)       ISAPI Filters

g)      Server Side Includes

h)      FastCGI 1.0 for IIS

i)        FastCGI 1.5 for IIS

2)      Common HTTP Features

a)      Static Content

b)      Default Document

c)       Directory Browsing

d)      HTTP Errors

e)      HTTP Redirection

f)       Application Request

g)      Application Request

h)      URL Rewrite 1.1

3)       Compatibility

a)      IIS 6 Metabase Compatibility

b)      IIS 6 WMI Compatibility

c)       IIS 6 Scripting Tools

d)      IIS 6 Management Compatibility

4)      Core Web Server

a)      Internet Information Service 5.1

b)      Internet Information Service 6.0

5)      Deployment and Publishing

a)      FTP Publishing Service 7.5

b)      WebDAV 7.5

c)       FTP Management Console

d)      FTP Extensibility

e)      FTP Publishing Service 7.5

f)       WebDav 7.5

g)      Web Deployment Tool 1.0

6)      Health and Diagnostics

a)      HTTP Logging

b)      Logging Tools

c)       Request Monitor

d)      Tracing

e)      Custom Logging

f)       ODBC Logging

g)      Advanced Logging

7)      Management

a)      IIS Management Console

b)      IIS Management Script and Tools

c)       Management Service

d)      Administration Pack 1.0

e)      Database Manager 1.0

f)       PowerShell Snap-in For IIS7 1.0

g)      Remote Admin Manage For IIS7 1.0

h)      Search Engine Optimization Toolkit

8)      Performance

a)      Static Content Compression

b)      Dynamic Content Compression

9)      Security

a)      Basic Authentication

b)      Windows Authentication

c)       Digest Authentication

d)      Client Certificate Mapping Authentication

e)      IIS Client Certificate Mapping Authentication.

f)       URL Authorization

g)      Request Filtering

h)      IP and Domain Restriction

i)        Update for Dynamic IP restriction 1.0 Beta

j)        UrlScan 3.1

Optimization

Optimize your website for:

1)       Search.

2)        Serve media to multiple platforms and devices.

3)        Deploy web applications.

4)        Route URL requests and more.

5)       Latest Extensions

a)       Search Engine Optimization Toolkit

b)       Application Request Routing

c)       Application Warm-Up Module for IIS 7.5 - Beta

d)       Live Smooth Streaming

e)       FTP Publishing Service 7.5

f)        WebDAV 7.5

g)       Web Deployment Tool

h)       Bit Rate Throttling

i)         Live Smooth Streaming

j)         Smooth Streaming

k)       Web Playlists

l)         Windows Media Services 2008

m)     FastCGI for IIS 6

n)       URL Rewrite Module

o)       Application Request Routing

p)       Administration Pack

q)       Advanced Logging

r)        Application Warm-Up Module for IIS 7.5 - Beta

s)        Database Manager

t)        IIS Manager for Remote Administration

u)       Search Engine Optimization Toolkit

v)       Web Platform Installer

w)      Dynamic IP Restrictions - Beta

x)       UrlScan 3.1

IS7? Top 12 cool features

Reference: http://blogs.iis.net/bills/archive/2008/11/20/why-iis7-top-12-cool-features.aspx

References

http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-70-security/

ALL, IIS, IIS 7 iis 7, asp.net, php, seo, windows, web.config, window server 2008

The connection string is stored in Web.config using the <connectionStrings>element. One or more connection strings in the form of name-value pairs are stored between the <connectionStrings> and </connectionStrings> tags.

[Web.config file]

...
<connectionStrings>
<add name ="MyConnection"
connectionString ="server=Medusa;database=Products;
user id=sa; pwd=dollar"/>
</connectionStrings>

The connection information retrieved using the WebConfigurationManager.ConnectionStrings property is typically stored into a string variable. Using this variable, a connection object such as is instantiated. The code below shows an example of this:

// Retrieving connection string from Web.config.
        String connString = WebConfigurationManager.ConnectionStrings["MyConnection"].ToString();
        SqlConnection conn = new SqlConnection(connString);
        conn.Open();

ALL, asp.net, Web.Config asp.net, web.config,

Force IE8 into IE7 compatibility mode using a meta tag in the header. 

This tag needs to be first in the <head> (before any css):

<meta http-equiv="X-UA-Compatible" content="IE=7" />

IIS 6

Go to the website, bring up the properties for it, and click on the HTTP Headers tab.

 HTTP Headers tab of an IIS 6 Website

Then, add a new header as below:

Add custom HTTP Header 

IIS 7

IIS 7 is much the same.  Just go to the site and click on “HTTP Response Headers”.

IIS 7 Website Properties – IIS Section 

Then, just add the header:

 Add custom HTTP Header 

Incidentally, this just sets a value in the web.config, as below:

More later - jv

ALL, asp.net, Web.Config, HTML, IIS, IIS 6, IIS 7, TIPS asp.net, iis 7, html, iis 6, web.config,

protected void Page_Load(object sender, EventArgs e)
    {
        SiteMap.SiteMapResolve +=
          new SiteMapResolveEventHandler(SiteMap_SiteMapResolve);
    }

    private SiteMapNode SiteMap_SiteMapResolve(Object sender, SiteMapResolveEventArgs e)
    {
        SiteMapNode currentNode = SiteMap.CurrentNode.Clone(true);
        string currentRequest = e.Context.Request.Url.PathAndQuery;
        if (currentNode.ParentNode != null)
            currentNode.ParentNode.Url = currentRequest;

    // now return the currentNode after we modified the parentNode
    // supply it the new url which includes the querystring value.
        return currentNode; 
    }

ALL, asp.net asp.net, ajax, web.config, asp.net,