Presentation is loading. Please wait.

Presentation is loading. Please wait.

The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting www.cdickey.net.

Published byRolf Wright Modified over 9 years ago

Similar presentations

Presentation on theme: "The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting www.cdickey.net."— Presentation transcript:

1 The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting www.cdickey.net

2 Topics Installing the.NET runtime Installing the.NET runtime The role of IIS as the application server The role of IIS as the application server.NET Remoting and Web Services.NET Remoting and Web Services How the.NET runtime works with IIS 5.0 How the.NET runtime works with IIS 5.0 Significance of the HTTP Pipeline Significance of the HTTP Pipeline Security Security Whats coming with IIS 6.0 Whats coming with IIS 6.0

3 Installing the.NET Runtime http://msdn.microsoft.com/netframework/d ownloads/default.asp http://msdn.microsoft.com/netframework/d ownloads/default.asp http://msdn.microsoft.com/netframework/d ownloads/default.asp http://msdn.microsoft.com/netframework/d ownloads/default.asp Windows Update Service Windows Update Service.NET Runtime.NET Runtime.NET SDK + Runtime.NET SDK + Runtime Visual Studio.NET Visual Studio.NET

4 IIS is the Application Server Static Pages Static Pages ISAPI ISAPI ASP ASP ASP.NET ASP.NET Web Services Web Services Remoting Remoting Connection Point to SQL Server Connection Point to SQL Server

5 ASP.NET Web Pages What most people think of as ASP.NET What most people think of as ASP.NET Compiled web pages Compiled web pages Huge advance over previous ASP version Huge advance over previous ASP version Lots of well known features Lots of well known features

6 Web Services Communication between diverse systems Communication between diverse systems SOAP packets transported using HTTP and SMTP protocols SOAP packets transported using HTTP and SMTP protocols Application connectivity protocol Application connectivity protocol IIS is the client connection point IIS is the client connection point Takes advantage of the HTTP Runtime Takes advantage of the HTTP Runtime

7 .NET Remoting Replacement for DCOM Replacement for DCOM tailored for.NET-to-.NET communications tailored for.NET-to-.NET communications Can be hosted by ASP.NET runtime Can be hosted by ASP.NET runtime Takes advantage of the HTTP Runtime Takes advantage of the HTTP Runtime

8 .NET compatibility and interoperability ASP.NET coexists with IIS 5.0 and ASP ASP.NET coexists with IIS 5.0 and ASP Runs in a separate process Runs in a separate process Doesn’t use the registry Doesn’t use the registry Routed through IIS ISAPI Routed through IIS ISAPI Can’t share sessions – 2 separate systems Can’t share sessions – 2 separate systems

9 IIS 5.0 and ASP.NET Runtime

10 HTTP Pipeline general-purpose framework for server-side HTTP programming general-purpose framework for server-side HTTP programming foundation for ASP.NET pages, Web Services, Remoting foundation for ASP.NET pages, Web Services, Remoting HTTPModules HTTPModules HTTPHAndlers HTTPHAndlers HTTPContext, HTTPContext.User HTTPContext, HTTPContext.User ISAPI: HTTP_FILTER_CONTEXT ISAPI: HTTP_FILTER_CONTEXT

11 ASP.NET Request Processing Native Code.NET Code Application Host (IIS) ASP.NETPage ASP.NET Runtime ASP.NETServiceHTTPHandler HTTP Module Global.asax Http Context

12 Configuration Files / Accounts XML configuration files – case sensitive XML configuration files – case sensitive Can be read by all authenticated users Can be read by all authenticated users machine.config machine.config web.config web.config machine, site, application, folder levels machine, site, application, folder levels SYSTEM, ASPNET, IUSR_, IWAM_ SYSTEM, ASPNET, IUSR_, IWAM_

13 Demo Run.net app – HTTPHandler Run.net app – HTTPHandler Show IIS 5.0 config Show IIS 5.0 config Show aspnet_wp.exe process – only 1 Show aspnet_wp.exe process – only 1 *.config files *.config files

14 Security Services ASP.NET support for authentication and authorization ASP.NET support for authentication and authorization Extensible and customizable Extensible and customizable Authentication scheme transparency Authentication scheme transparency Simple deployment model Simple deployment model Support for granular declarative and imperative authorizations Support for granular declarative and imperative authorizations Uses CLR Evidence-Based Security Uses CLR Evidence-Based Security Supports application layer security Supports application layer security

15 Flow of Security

16 Process Identity Windows ® 2000: Default is ASPNET Windows ® 2000: Default is ASPNET Can also run with SYSTEM account or configured account using Can also run with SYSTEM account or configured account using Windows.NET Server Windows.NET Server Uses IIS 6 process model Uses IIS 6 process model Default is NetworkService Default is NetworkService App Pools are configurable, identity is configurable App Pools are configurable, identity is configurable

17 HTTP Pipeline

18 Authentication ASP.NET is an ISAPI extension ASP.NET is an ISAPI extension Only receives requests for mapped content Only receives requests for mapped content Windows Authentication (via IIS) Windows Authentication (via IIS) Basic, Digest, NTLM, Kerberos, IIS Certificate Support Basic, Digest, NTLM, Kerberos, IIS Certificate Support Forms-based (Cookie) Authentication Forms-based (Cookie) Authentication Application credential verification Application credential verification Supports Microsoft ® Passport Authentication Supports Microsoft ® Passport Authentication Custom Authentication Custom Authentication

19 Forms-Based Auth Easy to implement Easy to implement ASP.NET provides redirection ASP.NET provides redirection Steps Steps Configure IIS to allow anonymous users (typically) Configure IIS to allow anonymous users (typically) Use SSL! Use SSL! Configure ASP.NET cookie authentication Configure ASP.NET cookie authentication Write your login page Write your login page

20 How It Works: Forms Authentication Web Browser 1 1.GET default.aspx HTTP/1.1 2 2. 302 Redirect Location: login.aspx 3 3. POST default.aspx HTTP/1.1 3. POST default.aspx HTTP/1.1 5 5. 200 OK Set-Cookie:.ASPXAUTH Auth Ticket 6 6. GET default.aspx HTTP/1.1 Cookie:.ASPXAUTH Auth Ticket 4 4. App authentication IIS/ASP.NET SQL/AD

21 Custom Web Authentication Handle AuthenticateRequest event Handle AuthenticateRequest event Application level (global.asax) or Application level (global.asax) or Http Module (implement IHttpModule) Http Module (implement IHttpModule) Scenarios: Scenarios: Custom SOAP authentication Custom SOAP authentication E.g., application defined scheme based on SOAP headers E.g., application defined scheme based on SOAP headers Forms authentication for mobile devices without cookies Forms authentication for mobile devices without cookies Customize forms authentication Customize forms authentication

22 Authorization Strategies Windows Security and ACLs Windows Security and ACLs ACLs checked for Windows auth ACLs checked for Windows auth Independent of impersonation Independent of impersonation COM+ Roles COM+ Roles URL Authorization URL Authorization Custom Authorization Custom Authorization Windows.NET AuthZ Framework Windows.NET AuthZ Framework Explicit imperative/declarative checks Explicit imperative/declarative checks

23 Web Apps: Custom Roles Handle authentication event Handle authentication event Replace HttpContext.User with custom IPrincipal or GenericPrincipal Replace HttpContext.User with custom IPrincipal or GenericPrincipal public void WindowsAuthentication_OnAuthenticate( Object src, WindowsAuthenticationEvent e) { // replace HttpContext Principal // replace HttpContext Principal e.Context.User = new MyPrincipal(e.Identity); e.Context.User = new MyPrincipal(e.Identity);}

24 Use Custom Roles Application defines roles Application defines roles Strategies: Strategies: Define Windows/AD groups and use WindowsPrincipal Define Windows/AD groups and use WindowsPrincipal Use GenericPrincipal or IPrincipal Use GenericPrincipal or IPrincipal //System.Security.Principal.IPrincipal public interface IPrincipal { IIdentity {get;} bool IsInRole(string role); }

25 Custom Web Authorization Handle AuthorizeRequest event Handle AuthorizeRequest event Application level (global.asax) or Application level (global.asax) or Http Module (implement IHttpModule) Http Module (implement IHttpModule) Scenarios: Scenarios: Implement per-request billing system Implement per-request billing system Restrict access based on business rules Restrict access based on business rules Restrict access based on dynamic behaviors (e.g., implement a per-day access limit, etc). Restrict access based on dynamic behaviors (e.g., implement a per-day access limit, etc).

26 Internet Information Services 6 Complete rearchitecture Complete rearchitecture Kernel-mode HTTP Kernel-mode HTTP Web server security lockdown wizard Web server security lockdown wizard Worker process application pools Worker process application pools

27 IIS 6.0 Architecture

28 IIS 6.0 Application Pools

29 IIS 6.0 Process Recycling

30 References MSDN Magazine - September 2002 MSDN Magazine - September 2002 www.WindowsWebSolutions.com www.WindowsWebSolutions.com www.WindowsWebSolutions.com Keith Brown - portals.devx.com/SummitDays/Article/6666 Keith Brown - portals.devx.com/SummitDays/Article/6666portals.devx.com/SummitDays/Article/6666 Tim Ewald - msdn.microsoft.com/msdnmag/issues/02/09/HTTPPipeline s/default.aspx Tim Ewald - msdn.microsoft.com/msdnmag/issues/02/09/HTTPPipeline s/default.aspx msdn.microsoft.com/msdnmag/issues/02/09/HTTPPipeline s/default.aspx msdn.microsoft.com/msdnmag/issues/02/09/HTTPPipeline s/default.aspx Technical Overview of IIS 6.0 - www.microsoft.com/windows.netserver/techinfo/overview/ii s.mspx Technical Overview of IIS 6.0 - www.microsoft.com/windows.netserver/techinfo/overview/ii s.mspx www.microsoft.com/windows.netserver/techinfo/overview/ii s.mspx www.microsoft.com/windows.netserver/techinfo/overview/ii s.mspx Windows.NET Server Devcon - www.microsoft.com/misc/external/serverdevcon/ Windows.NET Server Devcon - www.microsoft.com/misc/external/serverdevcon/ www.microsoft.com/misc/external/serverdevcon/

Download ppt "The.NET Runtime and IIS Presented by Chris Dickey – cdickey.net consulting www.cdickey.net."

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
Running PHP on Windows Server 2008 and IIS 7 Rob Cameron Developer Evangelist, Communications Sector Microsoft.

Running PHP on Windows Server 2008 and IIS 7 Rob Cameron Developer Evangelist, Communications Sector Microsoft.
ASP.NET Web Application Security Hannes Preishuber ppedv AG

ASP.NET Web Application Security Hannes Preishuber ppedv AG
ASP.NET and AJAX. Agenda What is ASP.NET? ASP.NET Versions Difference Between ASP and ASP.NET ASP.NET Architecture Overview ASP.NET IIS life cycle Overview.

ASP.NET and AJAX. Agenda What is ASP.NET? ASP.NET Versions Difference Between ASP and ASP.NET ASP.NET Architecture Overview ASP.NET IIS life cycle Overview.
IIS v7.0 Martin Parry Developer & Platform Group Microsoft Limited

IIS v7.0 Martin Parry Developer & Platform Group Microsoft Limited
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Satisfy Your Technical Curiosity Internet Information Services (IIS) 7.0 End-to-End Overview of Microsoft's New Web Application Server Bart De Smet MVP,

Satisfy Your Technical Curiosity Internet Information Services (IIS) 7.0 End-to-End Overview of Microsoft's New Web Application Server Bart De Smet MVP,
J2EE vs..NET Nigam Patel. Topics Background –Web Services, J2EE and.NET Similarities Differences Conclusion –Pros and Con (J2EE and.NET)

J2EE vs..NET Nigam Patel. Topics Background –Web Services, J2EE and.NET Similarities Differences Conclusion –Pros and Con (J2EE and.NET)
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Internet Information Server (IIS)

Internet Information Server (IIS)
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.
April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.

April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.
Developing an ASP.NET Application and using the Mobile Internet Toolkit Bart Vande Ghinste Developer Consultant Microsoft Belux.

Developing an ASP.NET Application and using the Mobile Internet Toolkit Bart Vande Ghinste Developer Consultant Microsoft Belux.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
A Close Look Inside the SharePoint Engine Randy Williams, MVP MOSS Synergy Corporate Technologies

A Close Look Inside the SharePoint Engine Randy Williams, MVP MOSS Synergy Corporate Technologies

Similar presentations

Ads by Google