IIS 6.0 and ASP.NET - XML, Security, and More
In this part of the series, we will comprehend the new IIS Metabase storage format that is completely based on XML. We then will outline the advantages of this new format, such as the ability to edit the configuration settings by using familiar tools such as Notepad, the ability to make changes while IIS is running without even having to stop and restart the service, and so on. After that, we will look at the changes in the security model of IIS 6.0 and the impact of those changes in ASP.NET applications. Finally, we will see how to secure ASP.NET applications by using the different authentication mechanisms in IIS.
The typical Internet Web site no longer operates on just one server. Web sites now spread across multiple Web servers, or across Web farms. Even intranet sites have increased in number as businesses and organizations are developing and deploying more applications, especially Web-enabled applications. In addition, as remote administration has become more common, there has been an increasing demand to improve API access and direct configuration support. With the Internet and intranet changes over the past few years, managing a Web site is no longer as simple as managing one or a few Web servers from an office, but has become an intricate and complex process. IIS 6.0 introduces new features to improve the administration of Web sites. The IIS 6.0 configuration store is now expressed as plain text XML, which allows for direct text editing of the metabase configuration in a robust and recoverable fashion, even while the server is running.
In previous versions of IIS, such as IIS 5.0, IIS configuration settings are stored in binary format, making the manual editing of configuration settings almost an impossible thing. The only way you could change the configuration settings is by using the IIS Management console. But now, in IIS 6.0, the configuration file is now stored in native XML format, which you can edit with any standard text editor. Furthermore, it also provides an excellent feature named "Edit While Running," which allows administrators to change server configuration while the server continues running. For example, you can use this capability to add a new site, create virtual directories, or change the configuration of application pools and worker processes. Note that you can do all of the above even while IIS 6.0 continues to process requests without having to reboot the computer.
The metabase is a hierarchical store of configuration values used by IIS 6.0 that provides rich functionality, such as inheritance, data typing, change notification, and security. The metabase configuration for IIS 4.0 and IIS 5.0 was stored in a proprietary binary file and was not easily readable or editable. IIS 6.0 replaces the proprietary binary file, called MetaBase.bin, with a plain text XML formatted file named MetaBase.xml. The new XML metabase improves server manageability by enabling the following scenarios:
- Direct metabase configuration troubleshooting and editing in a robust fashion
- Reuse of rich text tools such as windiff, version control systems, and editing tools
- Configuration rollback
- Versioned history archives containing copies of the metabase for each change
- Web site and application configuration cloning
- Server-independent backup and restore
Editing the metabase using Notepad
To be able to edit the metabase by using familiar editors such as Notepad, you need to enable direct editing of the metabase file (MetaBase.xml) by using the IIS manager. To do this, select the Computer name node from the IIS manager and right-click on it to select Properties from the context menu to bring up the following dialog box.
In the above dialog box, check the option Enable Direct Metabase Edit. Once this is done, you can edit the Metabase.xml file by using an editor such as Notepad and effect changes in the IIS configuration.
Structure of MetaBase
As mentioned before, the configuration settings for IIS 6.0 are stored in an XML file named MetaBase.xml. When you double-click on the Metabase.xml from Windows Explorer, it will open up in the Internet Explorer. When viewed in the browser, the MetaBase.xml file looks like the following.
The schema for the MetaBase.xml file is called MBSchema.xml and is located in the same directory as that of the MetaBase.xml file. You can't make changes to the schema file. Using an XML file to store the IIS configuration settings provides a number of advantages. Two main advantages of this approach are:
- Automatic Configuration Versioning and History
- Edit-While-Running Feature
We will provide an in-depth look at the above features in the following sections.
Automatic Configuration Versioning and History
As mentioned before, IIS 6.0 provides an automatic versioning and history feature by tracking changes to the configuration MetaBase file (MetaBase.xml). This file contains all the configuration settings related to IIS and can be found in the folder <Drive Name>:\Windows\system\inetsrv. Any time a change is made, the metabase history feature automatically keeps track of the changes to the metabase. When the metabase is written to disk, IIS 6.0 marks the new MetaBase.xml file with a version number and saves a copy of the file in the history folder. Each history file is marked with a unique version number, which is then available for rollback or restore. If IIS 6.0 has been running while configuration changes are being made, IIS 6.0 responds to configuration errors by automatically reverting to a previous history file, preventing errors in the configuration metabase from crashing the server.
IIS 6.0 also gives administrators the capability to change the server configuration while the server continues running, through direct edit of the MetaBase.xml file. For example, this feature can be used to add a new site, create virtual directories, or change the configuration of application pools and worker processes—all while IIS 6.0 continues to process requests. No recompilation or restart is required. The administrator can do this easily by opening the MetaBase.xml file using Notepad, creating the virtual directory needed, and saving the file—again, all while IIS is running. The new changes will be detected, scanned for correctness, and applied to the metabase if the changes are valid according to the schema.