IIS can store connection strings used by managed code applications to connect to local and remote data sources, which can include SQL Server databases and other types of databases. To view currently configured connection strings, in IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then access the Connection Strings page by double-clicking the Connection Strings feature. In the main pane, you'll see a list of the currently defined connection strings. Local entries are configured at the level you are working with. Inherited entries are configured at a higher level of the configuration hierarchy.


You can create a connection string for SQL Server by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then access the Connection Strings page by double-clicking the Connection Strings feature.

2. On the Connection Strings page, in the Actions pane, click Add. This displays the Add Connection String dialog box.

3. In the Name text box, type the name of the connection string, such as SqlServerCustDb. This name must be the same name that you reference in your application code to retrieve data that uses this connection string. You cannot change the name later without re-creating the connection string.

4. In the Server text box, type the name of the SQL server that hosts the database.

5. In the Database text box, type the name of the SQL server database.

6. Select one of the following Credentials options to specify the security credentials that are used to connect to the database:

• Use Windows Integrated Security Configures the connection string so that the application uses the current Windows identity established on the operating system thread to access the SQL Server database. Use this option to pass through authenticated Windows domain credentials to the database.
You can use integrated security only when SQL Server runs on the same computer as IIS or when you've configured delegation between computers. Additionally, all application users must be in the same domain so that their credentials are available to IIS.

• Specify Credentials Configures the connection string to use a specific SQL Server user name and password. Use this option when you do not want to pass through user credentials to the database for authentication. After you select Specify Credentials, click Set. In the Set Credentials dialog box, type the SQL Server user name to use for the connection. After you type and then confirm the password for this user, click OK.

7. Click OK to close the Add Connection String dialog box.


You can create a custom connection string for other types of database servers by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then access the Connection Strings page by double-clicking the Connection Strings feature.

2. On the Connection Strings page, in the Actions pane, click Add. This displays the Add Connection String dialog box, with the Custom option enabled.

3. In the Name text box, type the name of the connection string, such as LocalSqlServer. This name must be the same name that you reference in your application code to retrieve data that uses this connection string. You cannot change the name later without re-creating the connection string.

4. Select the Custom option, and then type the connection string. The connection string should by formatted as appropriate for the type of database to which you are connecting.
Your organization's application developer or database administrator should be able to provide the required connection string. The following example connects to a local SQL Express database, which is stored in the aspnetdb.mdf file:

Data source=.\SQLEXPRESS;Integrated Security=SSPI;
AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true

5. Click OK to close the Add Connection String dialog box.


To edit an existing connection string, select the string that you want to modify, and then click Edit. In the Edit Connection String dialog box, modify the settings as necessary, and then click OK to save your changes. To remove a connection string that is no longer needed, select the connection string you want to remove, and then click Remove. When prompted to confirm the action, click Yes.

Web applications that use ASP.NET include Web pages to provide the user interface and controls to provide drop-in functionality. As with ASP, you can optimize the way ASP.NET is used through a variety of configuration settings. You can also make additional functionality available by registering custom controls that applications can use.


Registering Custom Controls
Managed code applications can use any custom controls that are registered for use with IIS. As an administrator, you probably won't need to install controls, but you may need to validate control configurations. To view currently registered controls, in IIS Manager, navigate to the level of the configuration hierarchy you want to manage, double-click the Pages And Controls feature, and then in the Actions pane, click Register Controls. In the main pane, you should then see a list of the currently registered controls. Controls are listed by tag prefix, associated source or assembly, and entry type. Local entries are configured at the level you are working with. Inherited entries are configured at a higher level of the configuration hierarchy.

You can add a custom control by following these steps:
1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, double-click the Pages And Controls feature, and then, in the Actions pane, click Register Controls.

2. In IIS Manager, on the Controls Page, click Add Custom Control. The Add Custom Control dialog box appears.

3. In the Tag Prefix text box, type the tag prefix assigned to the control, such as aspx.

4. In the Namespace text box, type the ASP.NET namespace in which the custom control type is defined, such as System.Web.UI.WebControls.WebParts.

5. In the Assembly text box, type the assembly details associated with the custom control. This includes the control's top-level namespace, version, culture, and any additional information required to register the assembly properly, such as its public key token. Then click OK.

You can edit registered control entries by clicking the control entry you want to modify and then clicking Edit. In the Edit Custom Control dialog box, modify the settings as necessary, and then click OK to save your changes. To remove a registration entry for a custom control that is no longer needed, click the control entry you want to remove, and then click Remove. When prompted to confirm the action, click Yes.


Configuring ASP.NET Settings for Pages and Controls
You can modify the way ASP.NET is used by Web applications by using the configuration settings on the Pages And Controls page in IIS Manager. To access this page, navigate to the level of the configuration hierarchy you want to manage, and then double-click the Pages And Controls feature.

The below are the available ASP.NET settings for pages and controls. In the related server, site, or application Web.config file, you manage these settings by using the sessionState configuration section.

• Base Type for Pages (pageBaseType) - Sets the base type that .aspx pages inherit by default. The default value in most cases is System.Web.UI.Page. This value can be overridden by the Inherits attribute.

• Base Type for User Controls (userControlBaseType) - Sets the base type that user controls inherit by default. The default value in most cases is System.Web.UI.UserControl.

• Buffer (buffer) - Determines whether .aspx pages and .ascx controls use response buffering. The default setting is True. When True, IIS uses response buffering in much the same way as it uses response buffering for ASP.

• Compilation Mode (compilationMode) - Determines whether an ASP.NET page or control should be compiled at run time. The default is Always, which ensures that pages and controls are always compiled at run time. A value of Never specifies that pages and controls are not compiled and should be interpreted instead. A value of Auto allows IIS to compile pages and controls as necessary and otherwise set them to be interpreted.

• Enable Authenticated View State (enableViewStateMAC) - Determines whether ASP.NET should run a message authentication code (MAC) on the page's view state when the page is posted back from the client. The default setting is True.

• Enable Session State (enableSessionState) - Specifies whether and how IIS maintains session state information for ASP.NET applications. The default setting is True. When True, IIS maintains session state information for ASP.NET. Alternately, you can use a value of ReadOnly to have IIS maintain non-editable, read-only session state data. If you don't want IIS to maintain session state information for ASP.NET, configure this setting to False.

• Enable View State (enableViewState) - Determines whether the page maintains the view state and the view state of any server controls it contains when the current page request ends. The default setting is True.

• Master Page File (masterPageFile) - Sets an optional master page path relative to the local configuration file. This allows applications to reference locations in the master page path by name rather than full file path.

• Maximum Page State Field Length (maxPageStateFieldLength) - Sets the maximum number of characters for individual view state fields. When the value is greater than zero (0), IIS breaks the view state field into chunks that are less than the specified length. Clients receive this chunked view state as a series of view state fields rather than a single, possibly very long view state field. When the value is set to -1, IIS does not chunk the view state field and instead sends the entire value to the client in a single view state field.

• Namespaces (namespaces) - Specifies the namespaces included for all pages. IIS imports these namespaces during assembly pre-compilation. If you expand the Namespaces node, you'll see a list of namespaces that will be imported.

• Style Sheet Theme (styleSheetTheme) - Sets the optional name of the theme folder that IIS will use to apply a theme before control declarations. You can specify a theme to apply after control declaration by using the theme attribute.

• Theme (theme) - Sets the optional name for the theme that is used for pages that are in the scope of the configuration file. The specified theme must exist as either an application or a global theme. If the theme does not exist, IIS generates an HttpException exception.

• Validate Request (validateRequest) - Determines whether ASP.NET validates requests to screen for potentially dangerous or malicious input. The default setting is True, which causes ASP.NET to validate input from client browsers. Although you should rarely disable validation, you can do so by using a value of False.


You can configure the list of namespaces that IIS imports during assembly pre-compilation by completing the following steps:

1. To view currently configured Pages And Controls settings, in IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then double-click the Pages And Controls feature.

2. On the Pages And Controls page, expand the Namespaces node to display a list of namespaces that will be included during assembly pre-compilation.

3. If you click the Namespaces entry, IIS Manager displays a selection button on the far right side of the second column. Clicking this button displays the String Collection Editor dialog box, which you can use to edit the imported namespace values. Edit the namespace entries as necessary. Add additional namespaces by typing each additional namespace on a separate line.

4. When you are finished editing namespace values, click OK. In the Actions pane, apply the changes to the configuration by clicking Apply.

When you are working with managed code applications, you may need to store information used by an application as key/value pairs in the application's Web.config file. Storing application settings in this way ensures that the stored values can be accessed from anywhere within the application. If you store application settings at the server or site level, multiple applications could access and use the same settings. With this in mind, you can view and work with key/value pairs for applications by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage.

2. Access the Application Settings page by double-clicking the Application Settings feature.

3. In the main pane, you'll see a list of the currently defined key/value pairs. Be sure to note whether the entry type is listed as local or inherited. Local entries are configured at the level you are working with. Inherited entries are configured at a higher level of the configuration hierarchy.

4. Use the following techniques to work with application settings:

• Add a setting Click Add. In the Add Application Setting dialog box, type the name and value for the application setting, and then click OK.

• Edit a setting Click the setting you want to modify, and then click Edit. In the Edit Application Setting dialog box, type the desired name and value for the application setting, and then click OK.

• Remove a setting Click the setting you want to remove, and then click Remove. When prompted to confirm the action, click Yes.

E-mail services are an important part of most Internet, intranet, and extranet server operations. Often, you'll find that applications installed on a server generate e-mail messages that need to be delivered. For this purpose, IIS includes the Simple Mail Transfer Protocol (SMTP) feature so that IIS can deliver e-mail messages for Web applications that use the System.Net.Mail API. The configuration restricts the sending of messages that are generated by remote users, which include the Internet Guest account and any other named user on the Web server. The configuration also restricts relaying of e-mail through SMTP.

SMTP is just one of several components that make up a typical e-mail system. Windows Server 2008 includes the optional SMTP Server feature to provide a more robust solution. However, if you want to receive e-mail and store it on the server so that users and applications can retrieve it, you need to install a full-featured messaging server in the enterprise, such as Microsoft Exchange Server 2007.

You can use the SMTP E-mail feature in two key ways. You can use this feature to deliver e-mail messages generated by applications to a specific SMTP server running on the local system or a remote server. Or you can use this feature to drop e-mail directly into the pickup directory for later processing by an application or for direct processing by an SMTP server running on the local system. Because SMTP servers monitor their pickup directories continuously for new messages, any message placed in this directory is picked up and transferred to a queue directory for further processing and delivery.

E-mail messages have To, Cc, Bcc, and From fields to determine how the message should be handled. To, Cc, and Bcc fields are used to determine where the message should be delivered. The From field indicates the origin of the message. E-mail addresses, such as williams@tech.microsoft.com, have three components:

• An e-mail account, such as Williams

• An at symbol (@), which separates the account name from the domain name

• An e-mail domain, such as tech.microsoft.com

The key component that determines how the server handles messages is the e-mail or service domain. Service domains can be either local or remote. A local service domain is a Domain Name System (DNS) domain that's serviced locally by the server. A remote service domain is a DNS domain that's serviced by another server or mail gateway.

You can deliver e-mail to a locally hosted or remote SMTP server by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the SMTP E-Mail page by double-clicking the SMTP E-Mail feature.

2. On the SMTP E-Mail page, shown in the E-Mail Address text box, type the address you want to use as the default address from which e-mail messages are sent.

3. Select the Deliver E-Mail To SMTP Server option.

4. In the SMTP Server text box, type the fully qualified domain name of the SMTP server, such as mailer5.adatum.com. Or select the Use Localhost check box to set the name of the SMTP server to localhost, allowing System.Net.Mail to send e-mail directly to the SMTP server on the local computer.

5. In the Port text box, type the TCP port number to use to connect to the SMTP server. The standard TCP port for SMTP is 25, so this is the default and recommended setting.

6. The Authentication Settings options allow you to specify the authentication mode and credentials. If your SMTP server does not require authentication, choose Not Required. Otherwise, choose one of the following options:

• Windows Choose this to use the application identity for connecting to the SMTP server.

• Specify Credentials Choose this to specify a user name and password for connecting to the SMTP server. Credentials are sent as clear text across the network. To specify credentials, click Set. Type the user name, type and then confirm the user password, and then click OK.

7. In the Actions pane, click Apply to save your settings.

You can deliver e-mail to a pickup directory by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the SMTP E-Mail page by double-clicking the SMTP E-Mail feature.

2. On the SMTP E-Mail page, in the E-Mail Address text box, type the address you want to use as the default address from which e-mail messages are sent.

3. Select the Store E-Mail In Pickup Directory option, and then click Browse.

4. Use the Browse For Folder dialog box to specify the location of the pickup directory, and then click OK.

5. In the Actions pane, click Apply to save your settings.

Source of Information : Microsoft Press Internet Information Services IIS.7.0 Administrators Pocket Consultant

In the default configuration, IIS manages session state for ASP.NET in much the same way as it manages session state for ASP. Beyond the basic settings, however, you have many more options. For ASP.NET pages, you use the Enable Session State setting of the Pages And Controls feature as the master control to turn on or off session state management or to configure IIS to use a read-only session state. You use the Session State feature to fine tune how session state management is used.

By default, IIS maintains session state in process as does ASP. Each ASP.NET application configured on your server can have its own session state settings. When you've activated the ASP.NET State Service and configured it to start automatically, you can use out-of-process session state management for ASP.NET. Out-of-process state management ensures that session state information is preserved when an application's worker process is recycled. You can configure out-of-process state management to use a State Server or a Microsoft SQL Server database. Before you configure a SQL Server for session state, you must run the InstallSqlState.sql script on the server. By default, this script is stored in %SystemRoot%\Microsoft.NET\Framework\FrameworkVersion, where FrameworkVersion is the version of the .NET Framework you are using, such as V2.0.50727.

You turn on or off session state management or use a read-only session state by following these steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the Pages And Controls page by double-clicking the Pages And Controls feature.

2. On the Pages And Controls page, the Enable Session State text box shows the current session state. As necessary, change this setting to False to disable session state maintenance, True to enable session state maintenance, or ReadOnly to use a read-only session state.

3. In the Actions pane, click Apply to save your settings.


Once you've enabled a ReadWrite or ReadOnly session state, you can use the settings of the Session State feature to optimize the session state configuration. Follow these steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the Session State page by double-clicking the Session State feature.

2. On the Session State Mode Settings frame in the main pane, use the following options to set the session state mode:

• Not Enabled Select this option to disable session state.

• In Process Select this option to store session state data for a managed-code application in the worker process where the application runs. This is the default setting.

• Custom Select this option to configure IIS to use a custom provider to handle session state for ASP.NET applications.

• State Server Select this option to enable the ASP.NET State Service and store session state data outside the worker process where the application runs. The ASP.NET State Service stores the session state in an internal database by default or in a database of your choosing. You must start the service and configure it for automatic startup.

• SQL Server Select this option to configure IIS to use a SQL Server database to store session state data instead of storing it in the worker process where the application runs. The ASP.NET State Service stores the session state in the SQL Server database you designate. You must start the service and configure it for automatic startup.

3. With the State Server or SQL Server option, the Connection String text box sets the connection string that is used to connect to the state server or SQL Server. If you click the related selection drop-down list, you can choose a previously created connection string to use. If you click the related Create button, you create the required connection string by using the Create Connection String dialog box.

4. With the State Server or SQL Server option enabled, the related Time-Out text box sets the time, in seconds, that the connection will be maintained. The default for a state server is 10 seconds. The default for a server running SQL Server is 30 seconds.

5. With the SQL Server option enabled, you can select the Enable Custom Database check box to enable a custom SQL Server database for storing session state data.

6. On the Cookie Settings pane, in the Mode drop-down list, select the desired item to specify how cookies are used to store session state data. The items are:

• Auto Detect IIS uses cookies if the browser supports cookies and cookie support is enabled. Otherwise, IIS doesn't use cookies.

• Use Cookies Allows IIS to track the session state by using cookies. IIS passes the session state in cookies for all requests between a client browser and the Web server. Because cookies do not require redirection, cookies allow you to track session state more efficiently than any of the methods that do not use cookies. Using cookies also has several other advantages. Cookies allow users to bookmark Web pages, and they ensure that state is retained if a user leaves one site to visit another and then returns to the original site.

• Use Device Profile IIS uses cookies if the device profile supports cookies regardless of whether cookie support is enabled or disabled. The only time that IIS doesn't use cookies is when the device profile indicates that the browser doesn't support cookies.

• Use URI IIS inserts the session ID as a query string in the Uniform Resource Identifier (URI) request, and then the URI is redirected to the originally requested URL. Because the changed URI request is used for the duration of the session, no cookie is necessary.

7. Keep the following in mind when you are specifying how cookies are used to store session state data:

• When you use the Auto-Detect cookie, Use Device Profile, or Use URI modes, the Regenerate Expired Session ID check box is selected automatically. This ensures that IIS rejects and reissues session IDs that do not have active sessions. You should require that expired session IDs be regenerated because this ensures that IIS expires and regenerates tokens, which gives a potential attacker less time to capture a cookie and gain access to server content. If you want to disable session ID regeneration, as may be necessary when initially testing a new deployment in a development environment, clear this check box. Be sure to re-enable this feature later to enhance server security.

• When you use the Auto-Detect cookie, Use Cookies, or Use Device Profile modes, the entry in the Time-Out (In Minutes) text box sets the period of time that IIS maintains a session object after the last request associated with the object is made. The default time-out is 20 minutes. For a high-usage application in which you expect users to move quickly from page to page, you might want to set a fairly low time-out value, such as 5 or 10 minutes. On the other hand, if it's critical that the user's session is maintained to complete a transaction, you might want to set a long time-out value, such as 60 minutes.

• When you use the Auto-Detect cookie, Use Cookies, or Use Device Profile modes, the Name text box sets a name for the cookie. The default is ASP.NET_SessionId. To enhance security, you may want to change this value to a name that isn't as readily identifiable as the session ID.

• The Use Hosting Identity For Impersonation option enables Windows authentication for remote connections using the host process identity. Typically, this is the setting you want to use to ensure that IIS can read and write session state data.

8. In the Actions pane, click Apply to save your settings.

Source of Information : Microsoft Press Internet Information Services IIS.7.0 Administrators Pocket Consultant

IIS 7.0 has been re-engineered at its core to deliver a modular and extensible Web server platform, forming the foundation for lean, low-footprint Web servers that power customized workloads and Web applications. The new extensible architecture enables the Web server to be completely customized; you can select only the required IIS features and add or replace them with new Web server features that leverage the new rich extensibility application programming interfaces (APIs). In addition, the Web server enables the use of a new distributed configuration system and management tools that simplify Web server deployment and management. The core feature set of IIS 7.0 continues to leverage the reliability and security-focused architecture established by its predecessor, IIS 6.0, and it adds additional improvements to enhance the reliability and security of the Web server platform. IIS 7.0 also includes extended support for application frameworks, including better integration with ASP.NET and built-in support for FastCGI-compliant application frameworks.

Among its many improvements, IIS 7.0 delivers the following:

Modular Web server architecture. Unlike its monolithic predecessors, IIS 7.0 is a completely modular Web server, containing more than 40 components that the administrator can individually install to create low-footprint, reduced surface-area Web server deployments that play a specific role in the application topology. Furthermore, the new extensibility architecture enables any of the built-in modular features to be replaced with customized implementations that Microsoft and third parties provide.

.NET Extensibility through ASP.NET integration. The new ASP.NET integration capabilities enable you to develop IIS 7.0 features with the power of ASP.NET and the .NET Framework, reducing development and maintenance costs for custom Web server solutions. You can use existing ASP.NET services in this mode to enhance any application technologies, even those that were not developed with ASP.NET in mind. These abilities enable Web applications using IIS 7.0 to further customize the Web server to their needs without incurring the higher development costs associated with the previously used Internet Server Application Programming Interface (ISAPI).

Enhanced application framework support. In addition to improved ASP.NET integration for extending the Web server, IIS 7.0 provides more options for hosting other application frameworks. This includes the built-in support for the FastCGI protocol, a protocol used by many open source application frameworks such as PHP Hypertext Preprocessor (PHP) so that they can be reliably hosted in a Windows environment.

Distributed configuration system with delegation support. IIS 7.0 replaces the centralized metabase configuration store with a new configuration system based on a distributed hierarchy of XML files, which enables applications to control their own configuration. The new configuration system enables simplified application deployment without the overhead of required administrative involvement and provides the foundation for more flexible Web server configuration management.

Improved management tools. IIS 7.0 offers a host of management tools that leverage the new configuration system to provide more flexible and simpler configuration management for the Web server. This includes a brand new task-based IIS Manager tool, which offers remote delegated management; a new tool for command line management (Appcmd); and several APIs for managing Web server configuration from scripts, Windows Management Instrumentation (WMI), and .NET Framework programs.

Enhanced diagnostics and troubleshooting. IIS 7.0 provides diagnostic features to help diagnose Web server errors and troubleshoot hard-to-reproduce conditions with a Failed Request Tracing infrastructure. The diagnostic tracing features are integrated with ASP.NET applications to facilitate end-to-end diagnostics of Web applications.