4.1. The ASP.NET Configuration Icons
The ASP.NET group includes
ASP.NET-specific settings. Technically, these settings are simply a
nice graphical wrapper over various sections in the web.config file. In
other words, you use the convenient graphical interface IIS provides,
and IIS updates the corresponding configuration elements in your
web.config file. This is similar to the way that the Website
Administration Tool allows you to modify the web.config file while
you're developing your web application. It also means that you'll
already be familiar with most of the configuration options, because
you've learned about them (and the associated web.config elements)
throughout this book.
Here's are the highlights in the ASP.NET group:
.NET Authorization: Use this to add the web.config authorization rules . Each authorization rule tells ASP.NET to grant or deny website access to a specific user or user role.
.NET Compilation: This allows you to set
various low-level settings that control show ASP.NET compiles web page
code before it's executed. Most users steer clear of this icon.
.NET Error Pages: This setting allows you to
designate custom error pages that will be shown when problems occur
(for example, when the user requests a page that doesn't exist or when
the server is too busy to handle a request). However, these settings
are overridden by the Error Pages icon in the IIS group.
.NET Globalization: This allows you to
configure how ASP.NET determines the culture information it passes to
your code. (For example, you could configure it to get culture
information from the requesting browser.) These settings have an effect
only if are using this culture information—for example, to vary the
language of text in a page.
.NET Profile: Use this feature to add or
modify the <profile> section of the web.config file. This element
defines user-specific data that you want ASP.NET to store in a database
automatically .
.NET Trust Levels: This allows you to lock
down your website to a lower trust level so code won't be allowed to
perform certain actions, regardless of the permissions you've granted
to the ASP.NET account. Generally, this is an advanced option used only
by web hosting companies.
Application Settings: Use this to add or
modify custom pieces of information that will be stored as application
settings in the web.config file .
Connection Strings: Use this to add or
modify the connection strings that are stored in your web.config file.
Your code can then use one of these connection strings to connect to a
database .
Machine Key: This allows you to set the
unique web server key that's used for cryptographic tasks (such as
signing the view state field and encrypting the forms authentication
cookie). You'll learn more in the section "The Machine Key" later in this chapter.
Pages and Controls: This allows you to
configure the <pages> element and set various defaults. For
example, you can set an application-wide master page and theme or turn
off view state. Usually, you won't use this icon. Instead, if you need
to apply any of these settings, you'll implement them while designing
and coding your web application.
Session State: Use this to configure
the <sessionState> element that controls how session state works.
For example, you can set the timeout, turn on cookieless sessions, and
choose where session information is stored (in server memory, a
separate process, or a custom database).
SMTP E-mail: This tells IIS how to
handle e-mail messages that you send programmatically from inside your
web application. These messages can be stored in a set directory or
passed along to a dedicated SMTP server.
NOTE
Although the discussion so
far assumes that you're configuring the root website directory, you can
also configure many of these settings for individual subfolders. For
example, you can give separate subfolders different authorization rules
or error pages. As always, IIS respects any information that already
exists in that folder's web.config file, if one exists.
4.2. The IIS Configuration Icons
The IIS settings are more
general than the ASP.NET settings. They apply to any virtual directory,
including those that contain ordinary HTML pages and no ASP.NET
content. However, many of the IIS settings also have an important
effect on the way ASP.NET works, such as those that configure security.
Although there's no way to cover all the options in a single chapter,
here's a rundown of the highlights:
Authentication: This configures the protocols that IIS uses to authenticate people, if your website uses Windows authentication .
Default Document: This sets the page that
IIS will return by default, if it receives a request for a virtual
directory with no page specified (for example, http://localhost/MySite). You'll learn how this work in the "The Default Page" section.
Directory Browsing: Use this to allow
directory browsing (which is generally appropriate only for a test web
server, not a live web server with your deployed application). To turn
on directory browsing, double-click this icon, and then click the
Enable link in the Actions pane. Now, if you request the virtual
directory with no page information (for example, http://localhost/MySite)
and there's no default document in that directory, IIS will return an
automatically generated HTML page with a directory listing. You can
browse the page you want by clicking it (see Figure 8), as you can with the Visual Studio test server. This convenience may make testing easier.
Error Pages: Use this to designate
custom error pages that IIS will show when it encounters common
problems. You'll see how they work in the "Custom Error Pages" section, later in this chapter.
Request Filtering: This specifies the file
types that IIS won't serve. For example, if IIS receives a request for
.config, .cs, .vb, or .mdf file, it denies it based on this list of
excluded file extensions. You can add new restricted file extensions or
remove those that don't apply (however, this must be done carefully, or
you risk opening up a security vulnerability in your application).
SSL Settings: Use this to configure your website to require secure SSL connections.
NOTE
A few IIS features apply
to the entire computer. The icons for these features appear only when
you select your computer in the IIS tree. One example is the Server
Certificates icon described in the "Confidentiality with SSL and Certificates" section.
4.3. The Management Configuration Icons
Finally, the
Management group includes additional tools, such as the Configuration
Editor (which can lock down portions of your web.config file) and the
Web Platform Installer (which can download and install new IIS
features). For more information, consult a dedicated book about IIS
administration.
|