Windows NT, Internet Information Server, and other software components play critical parts in bringing an Active Server application on-line.
Active Server, as a part of Windows NT, relies on built-in services and applications for configuration and management; a good overview of the relevant components can speed the application development process.
Like Windows NT at large, the proper setup and configuration of an IIS system provides a starting point for developing and implementing an Active Server application.
Active Server applications, like all Web-based applications, require understanding security issues. Windows NT and IIS security both play roles in the management of application security issues.
Assuming that, as a developer, you have a network administrator and NT specialist backing you up in the setup and configuration of all related software services, you can skip right over this whole chapter. If you want to have an understanding of all the pieces of the puzzle making this application work, however, spend a few minutes reviewing the components to facilitate application design and to speed troubleshooting problems.
While this book does not focus on hardware requirements, the hardware compatibility list provided with NT 4.0 and the minimum requirements documented for the Internet Information Server all apply to Active Server. The current Hardward Compatibility List or HCL, can be found on your Windows NT Server CD but for the most current information visit Microsoft's Web site at http://www.microsoft.com/ntserver/.
Active Server Pages has become a bundled part of the Internet Information Server version 3.0 (IIS 3.0) and as a result is installed along with IIS 3.0 by default. However, while it is a noble goal to have applications running perfectly right out-of-the-box, based on plug-and-play, the Active Server Pages applications you develop rely on a series of technologies that must work together to operate correctly. Because Active Server Pages relies on a series of different technologies, you need to take some time to understand the critical points at which these applications can break down. By understanding the possible points of failure, you will gain useful insight, not only into troubleshooting the application, but also into how to best utilize these tools in your application development efforts. This chapter explores the related technologies that come together to enable the Active Server Pages you develop including:
This chapter provides an overview of all the tools necessary and available within Windows NT 4.0 to configure the security, database, networking, DCOM, and Web services potentially used in your Active Server application.
You only need to purchase one software product, Windows NT. Active Server applications currently require Windows NT and a compatible Web server. Windows NT Workstation with the Personal Web Server provided or Windows NT Server with the Internet Information Server reflect the two alternative Web server and operating system platforms currently supported. The remainder of this book focuses on an implementation based on Windows NT Server and Internet Information Server, though most of the topics covered apply equally, regardless of which implementation you choose.
If you run Windows NT Workstation with the Personal Web Server, the IIS configuration information will vary, but the syntax and use of objects all apply.
Additional software referenced in examples throughout the book include databases and e-mail servers. The databases referenced include Microsoft SQL Server and Microsoft Access and for e-mail, Microsoft Exchange Server.
All references to Windows NT or NT assume Window NT Server 4.0
Although Windows NT, by default, installs almost all software necessary, certain components may not yet be installed depending upon the initial NT setup options selected by the user. The options required for use of Active Server include:
Although networking protocols generally bind to a network adapter, TCP/IP can be loaded for testing on a standalone computer without a network adapter.
To ensure proper installation of the TCP/IP protocol, from the Windows NT Server, or a computer with network access to the NT Server, perform either of the following tests:
Ping refers to an Internet application standard like FTP or HTTP that, in the case of Ping, enables a computer to request another computer to reply with a simple string of information. Windows NT and Windows 95 come with a command line Ping utility, which is referenced in "Testing TCP/IP Installation."
Depending on your network environment, you may not have a DNS name; or due to Firewall/Proxy Servers, you may not be able to use the IP Address; or you may not be able to directly reference the computer by Netbios computer name. If you think you are facing these problems, you should contact the network administrator responsible for you Firewall for instructions on how to reach your server computer.
This section provides only an overview of the TCP/IP installation instructions; for detailed instructions on installing TCP/IP, consult Windows NT Help files. If you want to attempt to add these services, log on as an administrator to the local machine, and from the Start Button, select Settings and then control panel to open the control panel (see Figure 2.1).
For TCP/IP Services: Select the Network icon, and add the TCP/IP protocol, this step probably will prompt you to insert the Windows NT CD. In addition, this step requires additional information, including your DNS Server IP Addresse(s), your computer IP address, and your gateway IP Address (generally a Router device).
Use the Windows NT Control Panel to install Network TCP/IP.
If you have a server on your network running the Dynamic Host Control Protocol (DHCP), you do not require a local IP and can allow the DHCP server to dynamically allocate it.
Internet Information Server 3.0 should have properly installed both your Active Server Pages components and your Web Server. In addition, it should have turned your Web Server on and set it to automatically launch when Window NT Server starts. The remainder of "Using Internet Information Server with Active Server Pages" provides instructions for confirming that your Web server is operating properly.
To ensure proper installation of the Internet Information Server (IIS), from the Windows NT Server, or a Windows NT Server with IIS installed:
The Start Menu illustrates the program groups installed on the Windows NT Server, including the Internet Information Server program items.
Use the IIS Manager Connect To Server dialog box to browse, or type in the Web server to which you want to connect.
This section provides only an overview; for detailed instructions on installing TCP/IP and IIS, consult the Windows NT Help files.
To add the missing services, log on as an administrator to the local machine and open the control panel.
For IIS Installation: Run the Windows NT add software icon from the control panel and add the Internet Information Server option (see Figure 2.4). This step will probably require the Windows NT CD and will launch a setup program to guide you through the installation.
Use the Add Software icon in the Control Panel to add and remove registered programs.
For the examples in this book and for many applications, accessing a database becomes a driving component to a Web- based application. While the majority of Active Server syntax and objects have nothing to do with databases and simply can't use them, the ActiveX Data Object (ADO), which is discussed in Chapter 15 "Introducing ActiveX Data Objects," requires ODBC-compliant databases. The ADO Component, if used, requires an additional software component, the 32-bit ODBC Driver. While not natively installed with Windows NT, this software can be freely downloaded from http://www.microsoft.com/ and probably already resides on your server computer. Because ODBC drivers are installed by default with most database programs, chances are that if you have Microsoft Access, Microsoft SQL Server, or some other ODBC compliant database installed, you already have ODBC drivers installed.
Active Server's Connection Component requires the 32 bit version of ODBC
To test if ODBC drivers are currently installed, open the control panel on the local machine, and look for the ODBC 32 icon as illustrated in Figure 2.5.
Use the Control Panel to invoke the ODBC 32 ICON if it is installed.
After working with Windows NT since the Beta release of 3.1 in August of 1993, we have developed an appreciation for the elegance, stability, security, and, unfortunately, the complexity of this powerful server product. Although administration has become greatly simplified by the developing GUI tools in version 4.0, understanding how Active Server relies on the built-in NT infrastructure and understanding some basic tools for controlling these built-in features greatly simplifies bringing your Active Server application on-line. The primary NT features that impact Active Server include:
Windows NT has four file systems (HPFS, NTFS, FAT, CDFS) that it supports, but only one, NTFS, supports the file and directory security that has enabled NT to boast C2 security clearance for the Federal Government applications. In practice, the CD file system and the High Performance file system can be ignored. You need to know if the hard drive upon which your application will reside runs FAT or NTFS. If your hard drive runs the standard file allocation table (FAT) used in most DOS-based systems, for all intents and purposes you have lost the ability to invoke security based on the file and directory-level permissions. If, on the other hand, your system runs NTFS-which this book recommends-you will have access to managing file and directory-level permissions.
Among other tests, you can test the file system simply by opening Windows Explorer on the local machine and looking at the file system designation next to the drive letter, e.g. NTFS, FAT. You also can check the Admin Tools, Disk Manager to find the file system designation.
By running NTFS, the NT operating system can set properties on each file and directory on your hard drive. In operation, the Web server evaluates the permissions on every file requested by a Web browser, and if the permissions required exceed those allocated to the default user specified in the Web server, the Web server will force the browser to prompt the user for a username and password to authenticate. This authentication provides the primary means by which the IIS manages what files and directories can be used by users requesting files from the Web server. The permission options are detailed in Figure 2.6 and can be configured from the Windows Explorer on the local machine by selecting Properties and then the Security tab as illustrated in Figure 2.7.
Use the Permissions window to set file and directory permissions for users and groups on the NT Server or Domain.
Use the permissions configuration to assign Users and Groups with the appropriate level of permissions.
What is a User? A user is an individual or program whose transactions have received a Security Token containing the transaction's permissions, based on a user account's permissions. In more detail, an individual accessing an NT Server either goes through a logon process or utilizes the permissions of an already running program, which has logged on on behalf of the Individual. During the logon, the NT Server has authenticated the individual or program, based on a user account to issue the transactions conducted by that individual or program a Security Token containing the transactions permission level.
The NT standard file and directory permissions and the methods for configuring them, drive the Active Server security model.
NT Server manages security permissions relating to file, directory, and access to programs through assigning permissions to users and groups. Even if you chose not to utilize the features of NTFS for securing files and directories, IIS still relies on the security tokens assigned by the operating system to users and groups as they access the NT Server for managing the security permissions of the Web server.
When a Web browser accesses the NT Server, the Web browser does not always invoke the NT Server security. In the case of a standard, non-authenticated Web browser request, the Web server uses the security permissions of the user account setup as the annonymous user in the IIS configuration.
The user manager, as illustrated in Figure 2.8, operates both for a domain-level security list and for local machine security lists. If your server operates as part of a domain, the user accounts will be managed by the computer empowered as the domain server or Primary Domain Controller (PDC). Alternatively, your computer may operate independently, similar to peer to peer networks, where your computer maintains its own user and group accounts. Either way, these accounts drive the permissions checked as the IIS attempts to comply with requests from Web browsers.
Use the User Manager to assign permissions to user and group accounts.
This summary look at security should be complemented by a review of the NT help files if you are responsible for managing user and group accounts.
Similarly to how UNIX runs Daemons or how Windows or MAC machines run multiple applications, Windows NT runs services. Services reflect the running programs that the NT Server has available. An example of services includes the "Simple TCP/IP service," which enables your computer to support communication over a network. For Active Server, you should expect to see at least the following services running:
To view the running services, select the Start button followed by Settings and then Control Panel. When the Control Panel window appears, select the Services icon to view the active services as illustrated in Figure 2.9. Other services of importance to your development that may be running include Microsoft SQL Server and the series of services associated with Exchange Server.
Use the Control Panel Services utility to start and stop services, as well as to set their behavior when Windows NT Server starts up.
The importance of this area primarily results from a need to do some quick troubleshooting if something goes wrong or if you need to restart your Web server. This utility provides an authoritative method for ensuring that your programs are running.
When the IIS Manager launches and shows a running or stopped status, it is the same thing as viewing the service in the control panel services. And restarting has the same effect regardless of whether you are in the control panel services or the IIS Manager.
Registration plays an important role in the NT world. Your overview understanding of NT's registry model will support your development efforts when utilizing Distributed Components (DCOM) and the Active Server model in general. COM and DCOM objects are discussed in detail in Chapter 5 "Understanding Objects and Components."
The NT registry provides NT with a hierarchical database of values that NT uses during the loading of various operating system components and programs. This environment replaces load variables that windows included in files such as the win.ini, sys.ini, autoexec.bat, and config.sys. The RegEdit program provides a graphical user interface for managing registry settings as illustrated in Figure 2.10
Use the RegEdit Program to review and, when necessary, to edit operating system and program configuration information.
While viewing the registry is safe, changing registry settings incorrectly can cause your NT system to fail. Be cautious when attempting direct changes, and whenever possible, avoid directly tampering with the Registry.
The registry stores settings related to, among other things, your IIS setup. The ISAPI filters and components all have their settings maintained in the registry. Your primary use of the regedit.exe program is a read-only one. By default, NT does not even include the regedit.exe program as an icon in the program groups, precisely because they are difficult to understand settings maintained in the Registry by the operating system and installed software programs. Users attempting to manage these settings run the risk of damaging their NT installation.
All ISAPI and DCOM components that take the form of DLL files will be installed and registered as part of setup programs and will not require direct use of the registry. If a new DCOM object is made available and requires registration, a separate command line utility can be used to register it. To invoke a command, select the Start button and then Run. When prompted by a dialog box, type command and then press OK. The command prompt will start, which by default will look very similar to the DOS environment with the c:> prompt. With this command line utility, type the following line in at the c:> prompt:
Regsvr [/u][/s] dllname
where the u is for un-register and the s is for silent or with no display messages.
In addition to the standard registry, NT provides a utility for managing the extended features of DCOM. This utility is not set up in the NT Admin tools group and may require review if you incur security problems invoking your components. For the review of this utility, run the DCOMCnfg.exe in the NT System32 directory. The configuration window illustrated in Figure 2.11 starts.
Use the DCOM Configuration Properties areas to assign security permissions for executing DCOM objects.
The primary DCOM problem users run into results from a lack of access being assigned to the default user account defined in the IIS configuration. If you have these problems, check to ensure that the default user account in your IIS has permissions in the DCOM configuration utility shown in Figure 2.11
COM represents the evolution of what previously was OLE Automation Servers, and DCOM represents enhanced COM features. DCOM and COM vary only slightly for the purposes of this book. The COM standard provides the framework for building DLLs that will be used as components by the Active Server. DCOM provides a richer threading model and enhanced security for distributed processing, but because all calls are generated by IIS invoking DLLs existing on the local machine, understanding the subtleties of this model is not important for the purposes of this book.
For a more detailed treatment of COM and the enhancements provided by DCOM, try http://www.microsoft.com/.
The Internet Information Server acts as the gateway for all incoming client requests. For requests of files ranging from HTML to graphics to video, the process follows conventional Web server methods, such as sending a requested file to the browser. Unlike conventional Web server methods, when an .asp file request comes to the Web server from the browser, it invokes the ISAPI filter or DLL component, which parses the requested .asp file for Active Server related code. As a result, the requester must have the authority to execute the ASP page and to conduct any of the actions that the code attempts to perform at the server. The Web server then returns what, you hope, resembles a standard HTML or other type of file.
For this process to perform successfully, you must have:
The importance of understanding this process increases as your application performs more and more complex activities on the server. For example, to execute a script that counts to ten, you only need to ensure execute permission in the directory served for the default user. To write a file to the server hard drive, however, you need to have provided a default or other user with sufficient permissions to write a file to a location on your hard drive. Further still, to enable a user to request a page that accesses a SQL Server database, the user must have further permissions still in order to gain access to the SQL Server.
The IIS provides access or serves information from directories on your server's hard drives. All requests to the Web server attempt to get authentication for access to the information initially based on the user account set up in the IIS configuration. As illustrated in Figure 2.12, the default or anonymous logon in the IIS manager matches the user account setup with full control in the directory permissions window for the served directory. This ensures that the NT file system authorizes the user, not only to read, but also to execute files in the directory.
Use the IIS Default User configuration to set the user account that the Web server will invoke for security access.
The file system permissions are only invoked for files running on NTFS drives as discussed in the previous section "Secure NT File System (NTFS)."
In addition to the file system permissions, one prior level of basic security is invoked by the IIS before even attempting to request the file from the operating system. A basic read or execute permission is established on every directory served by the IIS. This level of permission is configured at the IIS level and can be configured through the IIS Manager as illustrated in Figure 2.13.
Use the IIS Manager to set Read/Execute permissions levels separate from the standard NT file system security.
User accounts provide the primary vehicle for managing security within an IIS application of any kind. Because the IIS completely integrates with the NT security model, understanding user and group permissions becomes critical to any application that utilizes more than just the anonymous logon. The key areas of concern relating to security include:
Establishing Enough Authority to Get Started
As illustrated in "Web Server Directories," the IIS configures a default account for accessing all pages requested. Many initial problems can result if you create .asp files that the default user can read but then secure components that the default user cannot invoke, thus forcing your code to generate an error. The default account must have execute permissions for any Active component that your pages will utilize, including the registered directory where the basic Active Server Pages file resides. Focus on securing your .asp files and directories, not your components. Additional areas of caution for security include accessing databases and trying to write files to a server hard drive.
The execute permissions for the Active Server default components should already be configured for the anonymous logon account, but if you have unexplained security problems, you may want to start in the IIS configuration area for debugging.
A comprehensive security implementation can be created without ever going to the User Manager. Before diving into the complex and powerful world of NT user and group accounts, make sure you have exhausted the simple and flexible alternatives. One method involves tracking users in a database and authenticating by lookup. This approach enables you to more easily manage users through database or file lookups. If this model does not provide sufficient control or security, however, many enhanced security options can be invoked to control access and use of your application.
For more sophisticated security, you can set up directories and .asp files where the logon permissions provided by the Web server's default user account are insufficient. When insufficient file system security is detected by the Web server, the browser will be prompted for a logon, which the Web server attempts to authenticate. Once authenticated, this user ID is passed with subsequent requests from the browser allowing the Web server to utilize the authority of the logged-in user.
Ensure that these new users have the execute permissions available to the anonymous account. The system setup process automatically provides permissions to the anonymous user account for execute permissions in directories in which key DLLs reside, but all users may not have these permissions by default.
Users and groups allow you to differentiate permissions at the .asp file level. Providing file level control over what permissions a user has on the system. This mechanism enables you to take advantage of the comprehensive auditing and tracking features available in NT.
From our brief overview of the setup, configuration, and/or maintenance of the Windows NT and IIS environment, we now turn to the specifics of building an Active Server application. Although many of the chapters rely on the proper configuration of your network and server, our focus will be on the application development model enabled by Active Server, not on network and operating system issues. If you are responsible for setting up the NT server and found this section to be inadequate, STOP and consult more authoritative support documents or our Web site for greater details. At this point, if you have a properly set up NT server, you should turn to the design and development of the application itself.
For additional discussions of some of the topics covered in this chapter try:
© 1997, QUE Corporation, an imprint of Macmillan Publishing USA, a Simon and Schuster Company.
