IIS configuration
This tutorial describes how to perform various configurations of the Microsoft Internet Information Services (IIS).
The tutorial will be based on the settings needed for the jsonRpcService_isApi in the webRPC example directory (see Web Services), but most of these things will be relevant and easily adjusted to other related cases.
The jsonRpcService_isApi project creates is an ISAPI plug-in (dll), which implements a JSON-RPC service. The example also contains some related HTML, CSS and JavaScript files that must be accessible to the client browser. So the IIS needs to be configured for two purposes:
- A file provider
- An ISAPI service
All IIS configuration takes place in the Internet Information Services Manager.
Configuring Windows Components
To use the Internet Information Services, Manager and run ISAPI's and/or CGI's plugins you will have to ensure that it is at all available on the computer.
In Programs and Features -> Turn Windows Features on or off make sure that the following is available:
- Internet Information Services
- IIS Management Console
- CGI (not actually required for the jsonRpcService_isApi example)
- ISAPI Extensions
Application Pool
The ISAPI service must run in a suitable Application Pool. Application Pools provide process isolation between various parts of the IIS, which gives the following advantages:
- It makes the overall IIS more robust as problem in one application pool is less likely to have impact on the other application pools (exhausting the entire system will of course cross interfere)
- Each pool can have different settings (of for example .net platform)
- Each pool can be restarted independent of the other pools
To create an application pool, select "Add Application Pool..." in the context menu on the Application Pools. Pools suitable for Visual Prolog programs, does not require any .net platform, and it is recommended to have no .net support at all to minimize the interference risks. You give it a name and (unless you for other reasons need it) select "No Managed Code" (the rest you leave as it is):
32 bit support
Notice that by default (on a 64 bit platform) the application pool cannot run 32 bit programs, so you may need to switch this "Advanced Setting" on:
File Serving
The jsonRpcService_isApi example needs to serve files to the Web Browser that run the Web Application. Such one can be set up either as a "Virtual Directory" or an "Application" ("Application" is only needed if programs also have to be run in that part of the Web).
The Alias defines name relative to the Path in the WEB, and Physical path defines the disk location that this path corresponds to, in this case http://localhost/webRPC will correspond to C:\webRPC\web, which is where the html, css and JavaScript files for the example are placed (in my case).
ISAPI setup
For the example the path http://localhost/webRPC/jsonrpc should run the jsonRpcService_isApi ISAPI dll. So we add an application below the webRPC virtual directory:
Make sure that the application uses the desired Application Pool. We don't intend to use the physical path, but the IIS will place a web.config file in that directory. It could be a good idea to create an otherwise empty an unused directory for the purpose, but here we just use the example root directory:
With the application in place it is time to configure the ISAPI. Select Handler Mappings:
And then add a "Script Map", matching everything and pointing to the ISAPI dll:
The JSON-RPC requests does not belong to "script" files on our disk so we have to switch off the switch off "Invoke handler only if request is mapped to setting in the Request Restrictions... :
When OK-ing the changes you should also say OK to this dialog (if it appears):
User Rights
When the IIS run it will access various files as a certain Windows user, this user must have sufficient rights to the files.
Which user is determined like this:
- If a Connect as..." user is set for the virtual directory or application then that user will access the files
- Otherwise (if Pass-through authentication is used):
- If annoymous access is allowed to the virtual directory/application then some IUSER_... is will access the files
- If some Windows authentification is used the windows user from the connection will will access the files
Anonymous/Windows access is controlled from the Authentification icon