Cool new IIS7 Features and APIs

IIS7 is a major upgrade of IIS, and will ship in both Windows Vista as well as Windows Longhorn Server.  It includes a ton of new functionality, including some very rich integration with ASP.NET.  This includes:

1) The ability to now have HttpModules and HttpHandlers participate in all requests to a server.  You no longer need to map requests to the ASP.NET ISAPI in order to write managed modules that participate in requests.  This makes building modules for flexible authentication, authorization, logging, url-rewriting, auditing, etc. super easy with .NET.  You could even now have an ASP.NET HttpModule provide forms-authentication to a PHP or JSP page (in addition to .htm files and static files like images and movies).

2) Integration of the ASP.NET configuration system with IIS.  IIS now uses the same web.config configuration model as ASP.NET, which means you can have both ASP.NET and IIS configuration settings in the same file together.  You can now set things like default pages, IIS security, logging, etc within a web.config file and xcopy/ftp it to a server.  This should simplify deployment and installation of applications considerably.  It also enables "delegated administration" for hosting scenarios -- where a hoster provides the application developer the ability to configure certain settings in their web.config file without requiring full admin privledges.

3) An integrated Admin UI tool that manages both IIS and ASP.NET settings together.  Included within this rich GUI is support for things like the Membership, Roles and Profile providers (so you can create/delete users directly within the GUI tool -- regardless of what provider is configured).  The admin tool also supports remote delegated admin over http -- which means you can point the rich-client admin tool at a shared hoster server and manage your users/roles/profile settings remotely over http (which is pretty cool).

4) Much better request auditing and error debugging.  We have a new feature we call "Failed Request Event Buffering" (affectionately known as "FREB"), which allows administrators to configure applications to automatically save request information anytime an error occurs during a request, or if a request takes longer than a specified amount of time to complete (note: if the request completes ok this information can then be just thrown away -- and so doesn't fill up your disk log).  This allows you to easily go in after the fact and see what exactly happened during a request that failed, as well as analyze any error exceptions.  This can even capture tracing messages generated within ASP.NET or within any component or class library that uses System.Diagnostics -- which makes it much easier for developers and admins to instrument and analyze what is going on with systems at runtimes.

5) Much better configuration APIs and command-line tools.  In addition to new config and admin APIs (including a nifty one that you can use to get a listing of all "active" requests being processed by the server -- as well as what state they are in), we now have a great command-line admin story that you can use to set/modify/retrieve all configuration information as well as manage the server (start/stop individual apps, lookup their health state, register new apps, refresh SSL certs, etc).  The command-line tool and APIs are also extensible, so you can plug in your own providers and extensions to them.

Carlos from the IIS7 team wrote a nice blog entry a few days ago about some of the new admin APIs that are coming.  You can read it here. 

As you can see in this article, there is now an easy .NET way to perform a lot of common tasks (much easier than doing it via ADSI or WMI).  My favorite one is this code-snippet:

ServerManager iisManager = new ServerManager();

foreach(WorkerProcess w3wp in iisManager.WorkerProcesses) {

    Console.WriteLine("W3WP ({0})", w3wp.ProcessId);
            
    foreach (Request request in w3wp.GetRequests(0)) {

        Console.WriteLine("{0} - {1},{2},{3}",
                    request.Url,
                    request.ClientIPAddr,
                    request.TimeElapsed,
                    request.TimeInState);
    }
}

In case you are wondering what it does, it is a simple command-line program that uses the new .NET APIs to query IIS7 to get a collection of all active worker processes on the computer, and then print out a list of all current requests being proceeded in each one -- outputting the request's URL, the client-IP address of the remote user, as well as how long it has been executing, and how long it has been in its current state (for example: is it in the authentication module, authorization module, executing within the page, etc).

If you are every wondering "what is going on with this app or server right now" (for example: does it seem to be running slow), you can now run the above code to easily find out in real-time and/or figure out what applications or requests are taking a lot of time -- and then activate FREB on those applications to drill into why.

Hope this helps,

Scott

P.S. I'll be doing a lot more IIS7 posts over the next few months once the beta is more broadly available with Windows Vista.  I'm super proud of the team and all they've delivered -- it is really going to rock.

32 Comments

  • Hi Scott,



    Is your point number 3 which says " An integrated Admin UI tool that manages both IIS and ASP.NET settings together.......... ". Is this releated to Web Admin Tool in any way or its the same.?



    I am more interested in web Admin Tool ( WAT ) which shall give online support too in a great way. The most requested feature missing tody.



    Pl. focus more on web admin tool support in IIS7.



    Thanks

  • What a welcome change...looking forward to it!

  • Scott, IIS 6 SP1 includes SSL support for Host Headers but this is only via scripting and cannot be accessed in the GUI. Will the IIS 7 GUI be able to configure Host Header SSL?

  • Hi Scott,



    I was quite impressed by the MIX06 demonstration of the new IIS 7 features, great stuff. Finally ;) - The problem I see is that most developers who use ASP.NET and therefore by definition write server-side code, won't be able to use IIS7 until Longhorn Server (2007/2008?). Since our customers cannot get IIS7 before that time (there is not release for W2.3k), it doesn't make sense for us to use IIS7 until someday in the future when Longhorn Server is about to be released. It would have been much better (for us, maybe not for MS) to have an option of using IIS7 in W2.3k (like most of i.e. WinFX), but I do understand that there are technical and business problems.



    Best regards,



    Marc

  • Scott,



    Regarding point 3, will the Admin UI tool need to be on the same port as the IIS Web Site (ie Port 80 or whatever is configured)? Or would it be possible to limit the remote admin to a separate port or a separate network interface?



    It is *GREAT* you are finally addressing and resolving all outstanding issues with shared hosting environments; but it would be cool if some of this stuff could be used within hightly secure production environnments, and in that case you can be pretty sure the sys admins will not want to enable this feature over port 80.



    The background is that with our IIS 6 servers running in production, we never enable frontpage server extensions. In fact, we have the IIS 6 cluster behind a hardware load-balancer/firewall, and also have the Windows personal firewall enabled on each machine with only Port 80 and Remote Desktop enabled.



    It would make the sys admins happy if you could enable the remote admin feature but over a different port (say port X), and then the external firewall would be configured to block Port X, but we could configure Windows Personal Firewall to allow it, such that within our network we could still access the remote admin feature?



    The scenario is you want to block the remote admin feature for any external traffic (internet traffic), but have it enabled within our company network.

  • Request: the ability to 'export' a web app into a 'package' that will then allow you to import it onto another server retaining all the settings, etc...

  • Hey Scott,



    This stuff sounds great and I can't wait to get my hands on it. Will there be a down-level version for Win2k3? If not, doesn't this mean that server-hosted websites will have to wait for Vista Server (late 2007/early 2008)?

  • Having a real .NET API (not just WMI or ADSI) specific to IIS 7 was a request I made (I'm sure others did too) a while back during an early Service Provider training. I think the API looks really good, simple to use, and it's awesome to see the IIS team listen and deliver. Great Job!

  • Is IIS 7 going to be available as an update to Windows 2003 or Windows 2003 R2 as well or is it a longhorn exclusive?

  • Hi Marc/Freelance,



    Unfortunately because it ships in Longhorn Server, it does mean that it is still going to take awhile for you to use. Beta3s of server are usually very stable (and are go-live), but it does mean that you'll need to wait for RTM until later next year.



    Sorry!



    Scott

  • Hi David,



    The Admin UI uses a different port from port 80 by default, and supports SSL over it. So you will definitly be able to isolate it and secure it like that.



    The command-line admin tool is also designed so that if you want to just SSH into a box from a command-line perspective, you'll be able to manage and monitor everything that way as well.



    Hope this helps,



    Scott

  • Hi Steve,



    Yep -- the ability to export an apps or sites settings is built-in. This should make it easy to import things to another server.



    Hope this helps,



    Scott

  • Hi Lynn,



    I'm pretty sure you'll be able to configure this just fine in the GUI now. One other nice addition to the IIS7 admin GUI is the ability to easily and quickly generate self-signed certs for SSL. This allows you to setup a test site using SSL (including generation and registration of the certificate) in about 30 seconds (all in the admin tool).



    Hope this helps,



    Scott

  • Scott,



    How does your FTP server fit into the new ISS plans? I have not heard anything regarding updates to this service and am hopeful that some cool improvements are in store.

  • Hi Freelance,



    We are working on a new modern FTP server (the one today is pretty old). It will include support for all the modern features. Right now the plan is to ship it in the IIS7 timeframe -- although probably as a web download. It will then be integrated directly into setup for the next release.



    Thanks,



    Scott

  • I love the error buffering (FREB). Does it only apply to unhandled exceptions (ie, ones that would cause the yellow page of death or the configured custom error page)? There are times where there is an error condition in a particular control on a page, but its better to capture it and gracefully degrade the functionality of the page than to just bomb out the entire page (think about modules in dotnetnuke). Yet that might be an error condition you would really want to have show up in FREB. So I guess some kind of API to FREB would be nice :)

  • #1... more flexibiity in participating in requests is great. I've struggled on more than one occasion to get various version of IIS to do what i want and figure out the differences between IIS and the vs ide web server.



    #2 is just good, should take a lot of the rocket science out of iis website setup and make it portable as well. Will these settings be compatible with the Visual Studio server?

  • Scott, a while back I asked in a chat if IIS7 was going ot be in vista, and you stated that it was.



    I also asked if the limitations could be increased so we could actually use it as I will run into the limitations in IIS 5.1 in xp just using the samples with asp.net that comes in the .net sdk.



    has the feature limitations between IIS 7 on the client vista platform and the server platform been set yet and what can we expect?



    thanks douglas

  • "Is IIS 7 going to be available as an update to Windows 2003 or Windows 2003 R2 as well or is it a longhorn exclusive?"



    In addition to Chris' question. Will IIS7 be available for Windows XP?

  • Hi Dave,



    You can configure FREB to save the log based on either an HTTP status code or the length of time it takes a request to complete.



    In theory, one of the things you could do in your case above would be to modify the http status code subtly (add a .1 to it for example), which would allow you to indicate that the request diagnostics should be saved while still having the page render fine.



    Hope this helps,



    Scott

  • Hi Dave,



    To begin with, the built-in VS web-server won't recognize or do things with the new settings (although it will still work -- it will just ignore them like it does IIS settings today).



    Our plan over-time, though, is to have the built-in web-server understand and use these settings too.



    Hope this helps,



    Scott

  • Hi Douglas,



    Yep -- IIS7 will definitely be in Vista client. I unfortunately don't have the full listing of feature differentiation with me right now, but I do know that two of the most common complaints with XP are addressed:



    1) You can have multiple web-sites on Vista client now. You are no longer limited to just 1 site.



    2) The server will not reject requests if it gets lots of them simultaneously (which is the current IIS 5.1 XP behavior). Instead it will now queue them up and process them. This means you don't have to worry about a usage spike turning users away.



    Hope this helps,



    Scott

  • Hi Jay,



    Unfortunately the plan right now is for IIS7 to only run on Windows Vista and Windows Longhorn server. It uses some new OS features that would make it hard to back-port easily.



    Hope this helps,



    Scott

  • Hi,



    could this .NET API handle like a COM object? I perform PHP programming and we plan to automatically create and admin webs by PHP. What's about the authorization? Is there any init or login function to bypass NT authorization?



    Thanks for any answers!

  • Hi Mike,



    We'll have a COM API as well that you can use -- so you could totally use that with PHP.



    Authorization includes url-based authorization like the AS.NET model, so you can definitely bypass NT ACLs and use custom authorization rules too from PHP.



    Hope this helps,



    Scott

  • Is there a way to Push data to client (Push Server ) using IIS 7? (ex live stock update !)



    Gopi

  • Can't wait for IIS7 I can't believe there won't be an update for Windows 2003. Longhorn is a "long" time for now ;-)

    Al

  • Whau! Having HttpModules invoked for all requests will be solving a lot of my current frustrations with IIS6. Unfortunately I guess another year or two will pass before the hosting companies start to move to this new platform :(

  • Hi,Scott!

    Which assembly (Namespace) include the ServerManager class,I can not find the ServerManager class in all assembly of .net framework v2.

  • Hi Ben,

    To be honest with you, I'm not 100% sure what assembly this class is in. Can you send me email with the question and I'll loop some folks in who know.

    Thanks,

    Scott

  • Theres nothing Cool About ColdFusion, NOT Currently WORKING ON IIS7/Vista is there ?

  • Hi John,

    ColdFusion should work with Vista and IIS7 today. Are you finding that it doesn't? If so, please send me an email and I can have someone from the team help investigate with you.

    Thanks,

    Scott

Comments have been disabled for this content.