IIS 6 Administration

The final chapter of this book deals with the topic of publishing content to IIS using WebDAV and FrontPage Server Extensions (FPSE). It also covers managing various aspects of web content including redirection, content expiration, and content ratings.

WebDAV

WebDAV is a method for publishing to web servers that lets you publish and manage any content including HTML files, graphics, ASP pages, scripts, and executables. WebDAV stands for Web Distributed Authoring and Versioning, and is a proposed extension of the HTTP/1.1 protocol described in RFCs 2518 and 3253.

The traditional way of publishing and managing content on web servers is using the File Transfer Protocol (FTP), which we discussed in Chapter 9, “Creating and Configuring FTP Sites.” One disadvantage of using FTP is that it requires additional ports to be opened on your firewall. Another disadvantage is that FTP has no file locking mechanism to prevent two users from trying to simultaneously upload files to a web server. Finally, to modify web content using FTP you have to download the content to your client machine, modify it, and then upload it again to the web server.

WebDAV, on the other hand, is designed to use the same port used by HTTP itself (TCP port 80), thus reducing the number of open ports required on your firewall. WebDAV also supports a locking mechanism that lets multiple users read files concurrently but allows only one user at a time to modify files. WebDAV additionally lets you manage resources on a remote web server transparently as if the files were located on your local client machine, including dragging and dropping files to copy or move them on the server, searching for text within files, and modifying the properties of files.

How WebDAV Works

WebDAV works by using standard HTTP/1.1 verbs like GET and PUT and also by implementing an extended set of HTTP verbs including the LOCK, and PROPFIND methods. To use WebDAV for publishing web content, you need a WebDAV-enabled web server such as IIS and a WebDAV client such as Windows XP Professional or Windows Server 2003, both of which have integrated WebDAV clients. Then you must set up a publishing directory on your IIS machine and assign appropriate NTFS and web permissions to this directory, and users with suitable permissions will be able to publish and manage content. I’ll walk you through these procedures next.

Enabling WebDAV

Unlike earlier versions of IIS, WebDAV is neither installed nor enabled by default in IIS 6. To install WebDAV, use Add or Remove Programs in Control Panel to add the WebDAV Publishing component, a subcomponent of the WWW Publishing Service (Figure 16-1).

Figure 16-1: Installing WebDAV

After installing WebDAV, you need to enable it. To do this, open IIS Manager and select the Web Service Extensions (WSE) node to display the list of service extensions installed on your server. Then right-click WebDAV in the results pane and select Allow to enable the extension (Figure 16-2). Note that this globally enables WebDAV for all websites and virtual directories on the server. There is no way in IIS 6 to enable or disable WebDAV on a per-site or per-directory basis.

Figure 16-2: Enabling WebDAV using WSE

Tip 

You can find out what component of IIS provides WebDAV support by double-clicking the WebDAV extension to open a properties sheet for this extension. On the Required Files tab, you’ll see that WebDAV support is provided through httpext.dll.

Enabling WebDAV Clients

To use WebDAV to create, access, and modify web content on Internet servers, you also need to enable the client to support WebDAV. To fully take advantage of WebDAV support on IIS 6, you need to use Windows XP Professional or a member of the Windows Server 2003 family as your client machine. To enable WebDAV on these platforms, do the following:

  1. Open the Services console in Administrative Tools.

  2. Scroll down and find the WebClient service in the console.

  3. If this service is Disabled, double-click it to open the properties sheet for the service.

  4. Change the Startup Type setting from Disabled to Automatic if you plan to use the machine regularly for publishing content.

  5. Click Apply and then click Start to start the WebClient service on the client machine.

    Tip 

    In addition to Windows XP and Windows Server 2003, WebDAV is supported to various degrees by Windows 2000 machines with Internet Explorer 5 or higher installed and by Office 2000 and Office XP. Consult the documentation for these products to see which WebDAV features are supported.

Configuring WebDAV

The main issues in configuring WebDAV are

Enterprise Content Management

In an enterprise environment, it's generally not a good idea to publish content directly to a production web server using WebDAV or any other mechanism. A better practice is to first create or edit your content on a development server with WebDAV or FrontPage Server Extensions enabled. Once this content has been approved, it can then be moved to a staging server such as Microsoft Application Center, which can then publish the changed content to the product server or web farm. For more information on this procedure, see the Microsoft Application Center Resource Kit.

Creating a WebDAV Virtual Directory

Begin by creating a target virtual directory for publishing content to the Default Web Site on your IIS machine. To do this, right-click the Default Web Site and select New | Virtual Directory to start the new Virtual Directory Wizard. Create a new virtual directory with alias “Test” that maps to a folder C:\stuff on your hard drive. If necessary, refer back to Chapter 7, “Creating and Configuring Websites,” for more information on how to create virtual directories on IIS.

Note 

Use the default Virtual Directory Access permissions when creating the virtual directory because you will configure these later in the section “Configuring Web Permissions.”

Configuring NTFS Permissions

It's extremely important that NTFS permissions be properly configured for the folder mapped to your WebDAV virtual directory. This is because to use WebDAV, you must enable Write web permission and this constitutes a security risk on your IIS machine unless NTFS permissions prevent unauthorized users from writing to the virtual directory.

To view the current NTFS permissions on the C:\stuff folder mapped to your \test directory, right-click the Test virtual directory under the Default Web Site in IIS Manager and select Permissions (Figure 16-3).

Figure 16-3: Open NTFS permissions for the Test virtual directory

The important permissions are those for the Users group because you generally want to control WebDAV publishing for ordinary users on your network. The default permissions configured for Users and how they affect users access to IIS using WebDAV are as follows (Figure 16-4):

Figure 16-4: Default NTFS permissions on a virtual directory

If you scroll down the Permissions list box. you’ll see that Special Permissions is allowed for Users. To view these Special Permissions, click the Advanced button on the properties sheet (as shown in Figure 16-3) to open the Advanced Security Settings properties sheet for the \stuff folder. Select the Special Permission entry for Users in this list and click Edit to open the Permission Entry properties sheet (Figure 16-5). Note the two special permissions assigned to the Users group in this list:

Figure 16-5: Special permissions for Users on a virtual directory

These two permissions are required for Users to be able to write content to the \stuff folder using WebDAV.

Security Alert! 

If your website is a public one that allows anonymous users to access its content, you should also add the Internet guest account (IUSR_servername) to the NTFS permissions for Users (as shown in Figure 16-3) and assign this account the single permission Deny Write. This will prevent anonymous users from being able to publish or modify content on your server using WebDAV.

Configuring Web Permissions

Once you’ve configured NTFS permissions properly on the \stuff folder to prevent unauthorized users from using WebDAV on the folder, you still need to configure web permissions for the Test virtual directory to which \stuff is mapped. How you configure these web permissions depends on what sort of actions you want users to be able to perform using WebDAV.

Web permissions are configured on the Virtual Directory tab of the properties sheet for the virtual directory (Figure 16-6). The settings to configure here are

Figure 16-6: Configuring web permissions on a virtual directory

In addition, the following two settings are important to how WebDAV works:

For purposes of testing WebDAV later, make sure Read, Write, and Directory Browsing are all enabled for your Test virtual directory. This will allow users to display a list of files in the directory; publish additional files to the directory; and manipulate files in the directory by moving, copying, or modifying them.

Note 

The Indexing service is enabled by default on IIS, but its startup type is set to manual instead of automatic. To start this service, type net start cisvc at the command prompt. This will initiate the process of building a catalog file for virtual directories on which indexing is enabled. These catalog files are required to perform text searches using this service.

Publishing Using WebDAV

Now you can test publishing to your WebDAV-enabled virtual directory from another machine. Open Internet Explorer on the Windows XP or Windows Server 2003 machine from which you want to publish content. Select File | Open from the menu and type the URL http://servername/test, where servername is the IP address or NetBIOS name of the IIS machine where Test resides (or the DNS name if you are using Active Directory). Be sure to select the check box labeled Open As Web Folder, and click OK. This will open a web folder showing the contents of the virtual directory on the remote web server (Figure 16-7).

Figure 16-7: Open a web folder using Internet Explorer.

Now create some HTML files on your client computer that you will publish to your IIS machine. For example, create three files: stuff1.htm, stuff2.htm, and stuff3.htm in the C:\morestuff folder on the local machine (Figure 16-8).

Figure 16-8: Content directory on client machine

With both the web folder \\servername\test (Figure 16-7) and local folder \morestuff (Figure 16-8) open on your client machine, you can publish these files by dragging and dropping them from the local folder to the web folder. You may need to press F5 to refresh the web folder afterward to see the published files. Try viewing one of the published files using Internet Explorer, for example, by opening the URL http://servername/test/stuff1.htm on the client machine.

Now try modifying the file you just opened. Return to the web folder on the client, right-click the stuff.htm file, and select Open With | Notepad. Make some changes to the HTML in the file, save the file, and try opening it again using Internet Explorer. You’ve now used WebDAV to publish and modify files on your remote IIS machine!

Tip 

Add the web folder URL to your Favorites list on Internet Explorer so you can more easily open it in the future.

Another way of publishing using WebDAV is to create a shortcut to the web folder in My Network Places. To do this, perform the following steps:

  1. Open Windows Explorer and select My Network Places.

  2. Double-click Add Network Place to open the New Network Place Wizard, and click Next.

  3. Select the option Choose Another Network Location and click Next.

  4. Type http://servername/test and click Next.

  5. Specify a friendly name for the new shortcut or accept the suggested name, and click Next.

The new shortcut to your web folder should now be visible in My Network Places (Figure 16-9). To create a shortcut to this web folder on your desktop for easy drag-and-drop publishing, right-click it and select Send To | Desktop.

Figure 16-9: Adding a web folder to My Network Places

Категории