Difference between revisions of "IIS configuration"

From wiki.visual-prolog.com

(links/line breaks)
(Skype conflict)
Line 91: Line 91:
  
 
Anonymous/Windows access is controlled from the '''Authentification''' icon
 
Anonymous/Windows access is controlled from the '''Authentification''' icon
 +
 +
=== Skype HTTP/HTTPS Conflict ===
 +
{{:Include/SkypeHTTPConflict}}
  
 
=== See also ===
 
=== See also ===

Revision as of 12:37, 1 August 2014

This tutorial describes how to perform various configurations of the Microsoft Internet Information Services (IIS).

The tutorial will be based on the settings needed for the jsonRpcService_isApi in the webRPC example directory (see Web Services), but most of these things will be relevant and easily adjusted to other related cases.

The jsonRpcService_isApi project creates is an ISAPI plug-in (dll), which implements a JSON-RPC service. The example also contains some related HTML, CSS and JavaScript files that must be accessible to the client browser. So the IIS needs to be configured for two purposes:

  • A file provider
  • An ISAPI service

All IIS configuration takes place in the Internet Information Services Manager.

Configuring Windows Components

To use the Internet Information Services, Manager and run ISAPI's and/or CGI's plugins you will have to ensure that it is at all available on the computer.

In Programs and Features -> Turn Windows Features on or off make sure that the following is available:

  • Internet Information Services
  • IIS Management Console
  • CGI (not actually required for the jsonRpcService_isApi example)
  • ISAPI Extensions

IISM prerequisites 1.png IISM prerequisites 2.png


Application Pool

The ISAPI service must run in a suitable Application Pool. Application Pools provide process isolation between various parts of the IIS, which gives the following advantages:

  • It makes the overall IIS more robust as problem in one application pool is less likely to have impact on the other application pools (exhausting the entire system will of course cross interfere)
  • Each pool can have different settings (of for example .net platform)
  • Each pool can be restarted independent of the other pools

To create an application pool, select "Add Application Pool..." in the context menu on the Application Pools. Pools suitable for Visual Prolog programs, does not require any .net platform, and it is recommended to have no .net support at all to minimize the interference risks. You give it a name and (unless you for other reasons need it) select "No Managed Code" (the rest you leave as it is):

IISM addAppPool 1.png IISM addAppPool 2.png

32 bit support

Notice that by default (on a 64 bit platform) the application pool cannot run 32 bit programs, so you may need to switch this "Advanced Setting" on:

File:IISM 32bit 1.png IISM 32bit 2.png

File Serving

The jsonRpcService_isApi example needs to serve files to the Web Browser that run the Web Application. Such one can be set up either as a "Virtual Directory" or an "Application" ("Application" is only needed if programs also have to be run in that part of the Web).

IISM add webRPC 1.png IISM add webRPC 2.png

The Alias defines name relative to the Path in the WEB, and Physical path defines the disk location that this path corresponds to, in this case http://localhost/webRPC will correspond to C:\webRPC\web, which is where the html, css and JavaScript files for the example are placed (in my case).

ISAPI setup

For the example the path http://localhost/webRPC/jsonrpc should run the jsonRpcService_isApi ISAPI dll. So we add an application below the webRPC virtual directory:

IISM add jsonrpc 1.png

Make sure that the application uses the desired Application Pool. We don't intend to use the physical path, but the IIS will place a web.config file in that directory. It could be a good idea to create an otherwise empty an unused directory for the purpose, but here we just use the example root directory: IISM add jsonrpc 2.png

With the application in place it is time to configure the ISAPI. Select Handler Mappings:

IISM handlerMapping 1.png

And then add a "Script Map", matching everything and pointing to the ISAPI dll:

IISM handlerMapping 2.png IISM handlerMapping 3.png


The JSON-RPC requests does not belong to "script" files on our disk so we have to switch off the switch off "Invoke handler only if request is mapped to setting in the Request Restrictions... :

IISM handlerMapping 4.png

When OK-ing the changes you should also say OK to this dialog (if it appears):

IISM handlerMapping 5.png

User Rights

When the IIS run it will access various files as a certain Windows user, this user must have sufficient rights to the files.

Which user is determined like this:

  • If a Connect as..." user is set for the virtual directory or application then that user will access the files
  • Otherwise (if Pass-through authentication is used):
    • If annoymous access is allowed to the virtual directory/application then some IUSER_... is will access the files
    • If some Windows authentification is used the windows user from the connection will will access the files

Anonymous/Windows access is controlled from the Authentification icon

Skype HTTP/HTTPS Conflict

Skype (potentially) conflicts with HTTP/HTTPS servers, because Skype (by default) reserves port 80 (HTTP) and 443 (HTTPS).

As a result you cannot run an HTTP/HTTPS server when Skype runs (in default mode).

The solution is to turn off port 80/443 in Skype.

See this video: Handling port conflicts with Skype on Windows

See also

Web Services