Understanding Internet Information Services - Part 1
Published: 17 Aug 2007
In this first part of the article, Uday provides a basic overview about Internet Information Services (IIS).
by Uday Denduluri
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 35631/ 92


According to Wikipedia, Web server is a computer program that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are Web pages such as HTML documents and linked objects (images, etc.). An application server is a software engine that delivers applications to client computers or devices. Moreover, an application server handles most, if not all, of the business logic and data access of the application (a.k.a centralization).

IIS is a web server which sits on the top of the ASP.NET engine to make it look like an Application server. However, IIS can only deal with HTTP responses. Hence, it is a web server. In this article let us try to explore IIS as a web server. Also, let us try to understand how the IIS 6.0 is coupled with ASP.NET runtime.

Components of IIS

Let us list some of the components of the IIS and also have a brief on each one of them in detail.

1.      HTTP Protocol Stack – HTTP protocol stack is between the operating system kernel and the HTTP requests. It receives the HTTP requests and routes them to the appropriate HTTP request queue. Apart from doing this it also caches the responses and does the Quality of Service functionalities (QoS) like maintaining bandwidth, connection timeouts and connection limits.

2.      Application Isolation Modes – Internet Information Services (IIS) 6.0 supports two different isolation modes (application). This separates and protects the Web applications (ASP.NET, ASP, static pages, and so on) that can run in parallel. 

·         Worker Process Isolation Mode – The default mode is the worker process isolation mode.

·         IIS 5.0 Isolation Mode – In this mode the process model settings are specified through the <processModel> element of the Machine.config file.

3.      WWW Service Administration and Monitoring

4.      InetInfo.exe

SMTP Virtual servers

SMTP virtual server is the program that needs to be installed and configured on the IIS in order to send e-mail from an ASP.NET Web application. The IIS SMTP service is a simple component for forwarding e-mail messages to an SMTP server for delivery. Whenever we install the SMTP virtual server we have some default settings. Let us discuss some of the settings.

·         Name: The name of the virtual server that appears in IIS Manager

·         IP address/TCP port: All unassigned/25. You can use the General tab in the SMTP virtual server properties dialog box to change this setting. If you change this setting, you must specify an IP address and TCP port combination that is not being used by another SMTP virtual server.

·         Default domain: The domain name that is listed on the Computer Name tab in System Properties. The default domain is used to stamp messages from addresses that do not have a domain. An SMTP virtual server can have only one default domain, and it cannot be deleted.

·         Home directory: C:\Inetpub\Mailroot

IIS Authentication

Authentication is identifying a user before actually deciding whether he can be given access to the requested resource(s). IIS provides various authentication schemes. Let us see each one of them in brief.

·         Anonymous – This type of authentication gives users access to all the public areas of the web application without asking for a user ID or password. This kind of authentication is used where performance is a key and security is not a criterion. We can use this kind of authentication where we do not want to authenticate clients to the individual basis. By default, the anonymous authentication is enabled and uses the IUSR_machinename user account. The password for the user account is controlled by IIS.

·         Integrated Windows Authentication – This type of authentication can be used either with NTLM or Kerberos V5 authentication. This authentication can only work with Internet Explorer 2.0 and later.

·         Initially for the first response from IIS, Internet Explorer will try to recognize the header (Negotiate). Upon understanding the negotiate header the browser (IE) returns the information for both NTLM and Kerberos. Upon receiving the request IIS will decide whether to use Kerberos or NTLM based on the Internet Explorer version and windows type. This type of authentication is best suited for the Intranet applications.

·         Basic Authentication – Basic authentication is based on the HTTP 1.0 specification. When we use this type of authentication, the browser prompts the user for a user name and password. Once the user name and password are provided it is transmitted across HTTP in the form of plain text. To enhance security we can use SSL on top of basic authentication at the expense of some performance. The advantage of using this type of authentication is the ability to track the individual users, unlike the anonymous authentication.

·         Digest Authentication – Digest Authentication tries to address the weakness of Basic Authentication (sending user ID and password in plain text). Here instead of exposing the user ID and password in plain text, it will be sent by applying a hash function or a digest algorithm. Initially for the first request IIS sends a challenge to the client to create a digest and send it to the server. The client then applies a digest algorithm (specified by the server) to the combined data. The client sends the resulting digest to the server as the response to the challenge. The server then decrypts it to compare both.

Restarting IIS 6.0

In previous versions of IIS whenever we needed to apply some configuration changes we used to restart IIS. Restarting IIS is the process of stopping the service and then starting it all over again. Restarting IIS used to be the only way by which we could recover a non-responsive application. However, this bad practice should be avoided. Restarting IIS drops all the sessions connected to Web server (including Internet, FTP, SMTP, and NNTP). All the data held in Web applications is lost. All Internet sites are made to be unavailable until Internet services are restarted.

There are 2 ways for restarting IIS.

·         Using the IISReset command prompt utility

·         Using the IIS Manager

Application Pool recycling is one of the features that can be an alternative to restarting IIS. This feature is the process of recycling the faulty web applications. We have the default idle time set to 20 minutes in the setting of IIS 6.0.



Web server is a computer program that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are Web pages such as HTML documents and linked objects (images, etc.). IIS is a web server which sits on the top of the ASP.NET engine which processes the HTML pages, images, etc. Configuring IIS with web application is the key for the performance and security for the ASP.NET pages. In this article we tried to explore various components of IIS. We also saw different Authentication standards of IIS.

User Comments

Title: Thanks   
Name: harika
Date: 2011-08-04 5:29:40 PM
It is very nice, thank you so much..
Title: app support   
Name: pt
Date: 2009-10-09 4:58:14 PM
Thank you, this is defintely a start to understanding IIS.
Title: -   
Name: Dan
Date: 2007-08-17 3:58:35 AM
Nice read, well done

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2021 ASPAlliance.com  |  Page Processed at 2021-12-04 6:35:25 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search