Managing Websites with IIS Manager (part 4) - Configuration

4.1. The ASP.NET Configuration Icons

The ASP.NET group includes ASP.NET-specific settings. Technically, these settings are simply a nice graphical wrapper over various sections in the web.config file. In other words, you use the convenient graphical interface IIS provides, and IIS updates the corresponding configuration elements in your web.config file. This is similar to the way that the Website Administration Tool allows you to modify the web.config file while you're developing your web application. It also means that you'll already be familiar with most of the configuration options, because you've learned about them (and the associated web.config elements) throughout this book.

Here's are the highlights in the ASP.NET group:

.NET Authorization:

Use this to add the web.config authorization rules . Each authorization rule tells ASP.NET to grant or deny website access to a specific user or user role.

.NET Compilation:

This allows you to set various low-level settings that control show ASP.NET compiles web page code before it's executed. Most users steer clear of this icon.

.NET Error Pages:

This setting allows you to designate custom error pages that will be shown when problems occur (for example, when the user requests a page that doesn't exist or when the server is too busy to handle a request). However, these settings are overridden by the Error Pages icon in the IIS group.

.NET Globalization:

This allows you to configure how ASP.NET determines the culture information it passes to your code. (For example, you could configure it to get culture information from the requesting browser.) These settings have an effect only if are using this culture information—for example, to vary the language of text in a page.

.NET Profile:

Use this feature to add or modify the <profile> section of the web.config file. This element defines user-specific data that you want ASP.NET to store in a database automatically .

.NET Trust Levels:

This allows you to lock down your website to a lower trust level so code won't be allowed to perform certain actions, regardless of the permissions you've granted to the ASP.NET account. Generally, this is an advanced option used only by web hosting companies.

Application Settings:

Use this to add or modify custom pieces of information that will be stored as application settings in the web.config file .

Connection Strings:

Use this to add or modify the connection strings that are stored in your web.config file. Your code can then use one of these connection strings to connect to a database .

Machine Key:

This allows you to set the unique web server key that's used for cryptographic tasks (such as signing the view state field and encrypting the forms authentication cookie). You'll learn more in the section "The Machine Key" later in this chapter.

Pages and Controls:

This allows you to configure the <pages> element and set various defaults. For example, you can set an application-wide master page and theme or turn off view state. Usually, you won't use this icon. Instead, if you need to apply any of these settings, you'll implement them while designing and coding your web application.

Session State:

Use this to configure the <sessionState> element that controls how session state works. For example, you can set the timeout, turn on cookieless sessions, and choose where session information is stored (in server memory, a separate process, or a custom database).

SMTP E-mail:

This tells IIS how to handle e-mail messages that you send programmatically from inside your web application. These messages can be stored in a set directory or passed along to a dedicated SMTP server.

4.2. The IIS Configuration Icons

The IIS settings are more general than the ASP.NET settings. They apply to any virtual directory, including those that contain ordinary HTML pages and no ASP.NET content. However, many of the IIS settings also have an important effect on the way ASP.NET works, such as those that configure security. Although there's no way to cover all the options in a single chapter, here's a rundown of the highlights:

Authentication:

This configures the protocols that IIS uses to authenticate people, if your website uses Windows authentication .

Default Document:

This sets the page that IIS will return by default, if it receives a request for a virtual directory with no page specified (for example, http://localhost/MySite). You'll learn how this work in the "The Default Page" section.

Directory Browsing:

Use this to allow directory browsing (which is generally appropriate only for a test web server, not a live web server with your deployed application). To turn on directory browsing, double-click this icon, and then click the Enable link in the Actions pane. Now, if you request the virtual directory with no page information (for example, http://localhost/MySite) and there's no default document in that directory, IIS will return an automatically generated HTML page with a directory listing. You can browse the page you want by clicking it (see Figure 8), as you can with the Visual Studio test server. This convenience may make testing easier.

Error Pages:

Use this to designate custom error pages that IIS will show when it encounters common problems. You'll see how they work in the "Custom Error Pages" section, later in this chapter.

Request Filtering:

This specifies the file types that IIS won't serve. For example, if IIS receives a request for .config, .cs, .vb, or .mdf file, it denies it based on this list of excluded file extensions. You can add new restricted file extensions or remove those that don't apply (however, this must be done carefully, or you risk opening up a security vulnerability in your application).

SSL Settings:

Use this to configure your website to require secure SSL connections.

Figure 8. A website that allows directory browsing

4.3. The Management Configuration Icons