• CarlosAg Blog

    IIS Admin Pack Technical Preview 2 Released


    Today we are releasing the Technical Preview 2 of the IIS Admin Pack, it is an update of the release we made on February.

    Install the Admin Pack and Database Manager today!

    Admin Pack (x86):

    Database Manager (x86):

    Admin Pack (x64):

    Database Manager (x64):

    New Features:

    There are a lot of interesting features we've added to almost every component for this release:

    Database Manager

    1. Specify your own Connections. We heard during TP1 that it was a very important feature to specify your own database connection information without us automatically reading them from Connection Strings, with TP2 now you can do it. We've also added a switch that allows administrators the ability to disable this feature in case they have concerns and want to still enforce the "only read the connectionStrings from config" functionality and prevent users from trying to add their own.
    2. Extensibility. In these release we are making the API's public to write your own Database Provider that allows you to plugin your own database and reuse all of our UI and remoting, all you need to do is implement a few functions (CreateTable, DeleteTable, InsertRow, DeleteRow, etc) and your provider will be ready to use remotely over HTTPS to manage your own DB.
    3. Support for MySQL. In the upcoming weeks we will be releasing support for MySQL using the extensibility model mentioned above.
    4. Small things. New Toolbar in the Connections Panel to simplify discovery of commands
    5. Use of SMO. In this release we are using SQL Server Management Objects for all the schema manipulation, this means that things like "scripts exported from SQL inluding 'GO statements' and others will work in the Query window"

    Configuration Editor

    1. Choose where Configuration is read: now allows you to specify where you want to read and write your configuration from. This feature is great for advanced users that really understand the inheritance of our distributed configuration system and want to take advantage of it. Now ehen you go to a site, application or anywhere else, you will by default have the same experience where we read configuration from the deepest configuration path, however, now you can use the "From:" Combo box and tell us where you really want to read the configuration from, for example the following image shows how the options look like for a folder underneath Default Web Site. As you can see now you can choose if you want to use locationPath's or go directly to the web.config. This plays really nice with locking allowing you to lock items for delegated users, but still be able to change things yourself pretty easily. This change also works with script generation so now when you generate your scripts you can customize where to read/write configuration.
    2. Lots of small things:Now, all the changes you perform will be show bolded untill you commit them. Enhanced the locking functionality to better reflect when attributes/elements are locked. Several minor bug fixes for script generation, collections without keys, etc.

    IIS Reports

    1. No longer depends on LogParser. TP1 was using LogParser for parsing logs. This version no longer uses LogParser which menas no additional installs for this. We also measured performance and we see an increase of up to 40% which means faster reports. (In my machine for logs of up to 6.4GB or 17 million rows it takes about 2 minutes to generate a report, wee see about 5-7 seconds for 1 million rows)
    2. Better Reports. We took a look at the set of reports and we extended the list of reports as well as added new filters for them, for example, the status code report now lets you drill down and see which URL's generated a particular Status code, etc.
    3. Export to CSV and XML.
    4. Extensibility: For this release just as for DBManager we've made the API's of the UI public so that you can extend and add your own set of reports by writing a class derived from either TableReportDefinition or ChartReportDefinition. This means that just by overriding a method a returning a DataTable, we will take care of the formatting, adding a Chart and letting your users export in HTML, MHTML, CSV, XML, etc.

     UI Extensions

    1. Bug fixes for all the features like Request Filtering, FastCGI, ASP.NET Authorization Rules, and ASP.NET Error Pages.

    As you can see the extensibility is a big theme now, and in my following posts I will be showing how to extend both IIS Reports as well as DBManager.

  • CarlosAg Blog

    IIS 7.0 Talk at ASP.NET Connections at Orlando


    Last Monday I gave a presentation at the ASP.NET Connections event in Orlando, the title was IIS 7.0 for ASP.NET Developers. I just wish I had more time to stay at Orlando, weather was great, especially considering that Sunday I was watching Snow in Redmond and then Monday and Tuesday I was around 80 degrees in sunny Orlando.

    Anyway, thanks for all the people who attended the session, you can download the

    Slides and the Demos from here.

    Here are some of the things that I demonstrated:

    1. First Demo: ApplicationHost.config, Web.config and Tools.
      1. Showed the Application Pools list and how Visual Studio 2008 now provides IntelliSense for all the configuration of IIS.
      2. Added a new Application Pool using Notepad, and IIS Manager shows it.
      3. Showed the Sites section and created a new /Temp Application to my c:\temp directory.
      4. Browsed to the application and showed the new detailed error messages that IIS7.0 includes giving you all the details on what     the problem is, and suggestions on how to fix it.
      5. Created a new Web.config where I enabled system.webServer/directoryBrowse and showed how this immediately applied the changes.
      6. Showed all the new tools that IIS includes for managing web.config, including IIS Manager, AppCmd, Javascript, and the new Configuration Editor included in IIS Admin Pack that will allow you     to generate scripts for all of them.
    2. Second Demo: Pipeline Mode and Application Migration
      1. Showed the Application Pools created by IIS, explained some of the differences in Classic Mode versus Integrated Mode.
      2. Showed how to create a new Application Pool and where to specifythe pipeline modes.
      3. Downloaded and created an application for it running in Integrated Mode. Showed the detailed errors when IIS detects compatibility issues with the pipeline mode and settings     like <httpModules/httpHandlers>.
      4. Showed how assigning it to a Classic Mode immediately makes it run in the same way as before.
      5. Then moved it back to Integrated Mode, and showed how to use AppCmd to migrate config (appcmd migrate config "path"), and showed     the changes between the original web.config and the updated one.
      6. Explained these differences and how this is the right way to create applications that will run in IIS6, IIS7 classic mode and     IIS7 integrated mode
    3. Third Demo: Leveraging the Integrated Pipeline
      1. Showed a typical application that was configured using Forms Authentication and ASP.NET Membership and how accessing other content than ASP.NET (i.e. text files, images, classic ASP etc) would not cause authentication to happen.
      2. Showed how easy just by changing the FormsAuthentication module and the UrlAuthorization module you were able to easily now authenticate all the requests, including Classic ASP, PHP, static files, etc.
    4. Fourth Demo: Output Caching
      1. Showed a little performance script using WCAT running against the in my laptop (running Windows Vista) gave around 400 requests per second, and made W3WP.exe take about a 100% of CPU, meaning it couldn’t do anything more.
      2. Enabled Output Caching using IIS Manager for .aspx pages.
      3. Ran the Stress Test again, and this occasion the results were that we got around 1000 requests per second, but more importantly CPU consumed by W3WP.exe was only around 20%. The Stress client was the one taking all the CPU, meaning that the server could easily do more than twice as many request per second if the stress client was done by another machine.
    5. Fifth demo: Extensibility
      1. Showed how easy it is to extend IIS using Managed code, building a Handler that would translate PNG images to Jpeg images as well as embed a copyright information all dynamically at runtime.
      2. Showed another simple example on how to extend using a Module that logged every request to a SQL Server database.

    Then I ran out of time :)

  • CarlosAg Blog

    Not getting IntelliSense in your web.config for system.webServer sections in Visual Studio 2008?


    Today I was playing a bit with Visual Studio 2008 and was surprised to see that I was not getting IntelliSense in my web.config. As you might already know IntelliSense in Xml in Visual Studio is implemented by using a set of schemas that are stored in a folder inside the VS folder, something like: \Program Files\Microsoft Visual Studio 9.0\Xml\Schemas. After looking to the files it was easy to understand what was going on, turns out I was developing using .NET 2.0 settings and Visual Studio now ships different schemas for Web.config files depending on the settings that you are using: DotNetConfig.xsd, DotNetConfig20.xsd and DotNetConfig30.xsd.

    As I imagine I looked into the DotNetConfig.xsd and it indeed has all the definitions for the system.webServer sections as well as the DotNetConfig30.xsd. However, DotNetConfig20.xsd does not include the section details, only its definition, so to fix your IntelliSense you can just open DotNetConfig.xsd, select the entire section from:

    <xs:element name="system.webServer" vs:help="configuration/system.webServer">...</xs:element>

    and just replace the entry in DotNetConfig20.xsd. You might also want to copy the system.applicationHost section and add it to the DotNetConfig20.xsd since it does not include it as well.

  • CarlosAg Blog

    How to register a new Section Definition using Microsoft.Web.Administration


    Today I was asked how can someone would be able to add a new section definition using Microsoft.Web.Administration, so I thought I would post something quickly here just to show how this could be achieved.

    using System;
    using Microsoft.Web.Administration;

    class Program {
    static void Main(string[] args) {
    using (ServerManager m = new ServerManager()) {
    Configuration config = m.GetApplicationHostConfiguration();

    SectionDefinition definition =
    RegisterSectionDefinition(config, "system.webServer/mySubgroup/mySection");
    definition.OverrideModeDefault = "Allow";


    public static SectionDefinition RegisterSectionDefinition(Configuration config, string sectionPath) {
    string[] paths = sectionPath.Split('/');

    SectionGroup group = config.RootSectionGroup;
    for (int i = 0; i < paths.Length - 1; i++) {
    SectionGroup newGroup = group.SectionGroups[paths[i]];
    if (newGroup == null) {
    newGroup = group.SectionGroups.Add(paths[i]);
    group = newGroup;

    SectionDefinition section = group.Sections[paths[paths.Length - 1]];
    if (section == null) {
    section = group.Sections.Add(paths[paths.Length - 1]);

    return section;

    The idea is that you can grab a Configuration object they usual way, it could be ApplicationHost.config or any web.config, and then you call the method RegisterSectionDefinition which will ensure the whole hierarchy is added (in the case of multiple nested Section Groups) and then it will return the newly added Section Definition that you can then use to change any of their properties.

    A very similar functionality is exposed for scripts and native code in the AHADMIN COM library exposing the RootSectionGroup as well from any IAppHostConfigFile that you can manipulate in the same way.

    Hope this helps,

  • CarlosAg Blog

    Host your own Web Server in your application using IIS 7.0 Hostable Web Core


    IIS 7.0 includes a very cool feature that is not so well known called Hostable WebCore (HWC). This feature basically allows you to host the entire IIS functionality within your own process. This gives you the power to implement scenarios where you can customize entirely the functionality that you want "your Web Server" to expose, as well as control the lifetime of it without impacting any other application running on the site. This provides a very nice model for automating tests that need to run inside IIS in a more controlled environment. 

    This feature is implemented in a DLL called hwebcore.dll, that exports two simple methods:

    1. WebCoreActivate. This method allows you to start the server. It receives three arguments, out of which the most important one is applicationHostConfigPath that allows you to point it to your very own copy of ApplicationHost.config where you can customize the list of modules, the list of handlers and any other settings that you want your "in-proccess-IIS" to use. Just as ApplicationHost.config you can also specify the "root web.config" that you want your server to use, giving you the ability to completely run an isolated copy of IIS.
    2. WebCoreShutdown. This method basically stops the server listening.

    The real trick for this feature is to know exactly what you want to support and "craft" the IIS Server configuration needed for different workloads and scenarios, for example:

    1. Static Files Web Server - Supporting only static file downloads, good for HTML scenarios and other simple sites.
    2. Dynamic Web Sites
      1. ASPX Pages
      2. WCF
      3. Custom set of Http Modules and Handlers
    3. All of the above

    An interesting thing to mention is that the file passed to ApplicationHostConfigPath parameter is live, in the sense that if you change the configuration settings your "in-process-IIS" will pick up the changes and apply them as you would expect to. In fact even web.config's in the site content or folder directories will be live and you'll get the same behavior.


    To show how easy this can be done I wrote a small simple class to be able to run it easily from managed code. To consume this, you just have to do something like:

    internal class Program {
    private static void Main(string[] args) {
    int port = 54321;
    int siteId = 1;

    WebServer server = new WebServer(@"d:\Site", port, siteId);
    Console.WriteLine("Server Started!... Press Enter to Shutdown");


    Console.WriteLine("Shutting down");

    This will start your very own "copy" of IIS running in your own process, this means that you can control which features are available as well as the site and applications inside it without messing with the local state of the machine.

    A very interesting thing is that it will even run without administrator privileges, meaning any user in the machine can start this program and have a "web server" of their own, that they can recycle, start and stop at their own will. (Note that this non-administrative feature requires Vista SP1 or Windows Server 2008, and it only works if the binding will be a local binding, meaning no request from outside the machine).

    You can download the entire sample which includes two configurations: 1) one that runs only an anonymous static file web server that can only download HTML and other static files, and 2) one that is able to run ASP.NET pages as well.

     Download the entire sample source code (9 kb)

    You might be asking why would I even care to have my own IIS in my executable and not just use the real one? Well there are several scenarios for this:

    1. Probably one of the most useful, as mentioned above this actually allows non-administrators to be able to develop applications that they can debug, change configuration and pretty much do anything without interfering with the machine state.
    2. Another scenario might include something like a "Demo/Trial CD" where you can package your application in a CD/DVD that users then can insert in their machine and suddenly get a running/live demo of your Web Application without requiring them to install anything or define new applications in their real Web Server.
    3. Test Driven Development. Testing in the real Web Server tends to interfere with the machine state which is by definition something you don't want in your test environments, ideally you want your tests to be done in an isolated environment that is fully under control and that you will not have to do any manual configuration. This makes this feature an ideal candidate for such scenario where you own the configuration and can "hard-code" it as part of your automated tests. No more code for "preparing the server and site", everything starts pre-configured.
    4. Build your own service. You can build your own service and use Hostable WebCore as a simple yet powerful alternative to things like HttpListener, where you will be able to execute Managed and Native code Http Modules and Handlers easily without you having to do any custom hosting for ASP.NET infrastructure.
    5. Have your own Development Web Server where you can have advance interaction between both the client and the server and trace and provide live debugging information.
    6. many, many more...

    In future posts I intent to share more samples that showcase some of this cool stuff.


    IIS 7.0 Hostable WebCore feature allows you to host a "copy" of IIS in your own process. This is not your average "HttpListener" kind of solution where you will need to implement all the functionality for File downloads, Basic/Windows/Anonymous Authentication, Caching, Cgi, ASP, ASP.NET, Web Services, or anything else you need; Hostable WebCore will allow you to configure and extend in almost any way the functionality of your own Web Server without having to build any code.

  • CarlosAg Blog

    IIS Admin Pack: Configuration Editor


    Today I will be talking about one of the features included in the new IIS Admin Pack called Configuration Editor.

    Configuration Editor is an IIS Manager feature that will let you managed any configuration section available in your configuration system. Configuration Editor exposes several features from configuration that are not exposed anywhere else in IIS Manager, including:

    1. Schema Driven - Config Editor is entirely driven by the configuration schema (found in \windows\system32\inetsrv\config\schema\), this means that if you extend the configuration system creating your sections, they will be available for managing inside config editor, no need to build additional UI for them.
    2. Additional Information - Config Editor exposes more information such as the deepest place where the section is being used, or where a particular element in a collection is coming from (where is it inherited from?), etc.
    3. Script Generation - Allows you to make changes and it generates the code to automate those tasks, generating Managed Code (using Microsoft.Web.Administration), JavaScript (using AHADMIN) or Command Line (using AppCmd).
    4. Searching - Allows you to quickly perform scoped searches of the configuration system for all the sections and where they are being used, becoming a great way to get a bigger picture of the server as well as to prevent configuration locking violations and many other uses.
    5. Locking - Allows you to do advanced locking such as locking specific attributes so that they cannot be used in deeper locations, lock individual items in a collection or lock the entire section, etc.

    Please give us feedback on things you would like to see or change at the IIS Forums:

    OK, but rather than keep with more and more text, I will just show you a video on how it looks and all its features (for those of you who like text, there is a transcript below).


    So I have here Windows Vista SP 1 with the IIS Admin Pack installed, in my machine I have very few applications installed but should be good to show some of the features on config editor. When entering Config Editor, first thing you will notice is that at the top you have a drop-down list that shows all the sections currently schematized and ready to be used in your system.

    Since this is sorted alphabetically, the first section that gets selected is AppSettings, for I can very easily switch between ASP.NET configuration sections, such as system.web/authentication, or the IIS configuration sections such as system.webServer/defaultDocument or the system.applicationHost/sites that contains all the sites configuration for IIS.

    As you can see the user interface displays the configuration elements and properties of the section that is selected, providing you an easy way to see every single configuration property available in the system.

    At the top you'll get a label specifying the deepest path where this section is being used relevant to your scope, so in this case its telling us that its been set in ApplicationHost.config. After that, all the elements and properties are shown in a Property Grid, that displaye elements as a collapsible set of properties. One of the interesting things is that we provide validation for the properties for example, when entering string characters in a numeric property type an error message will be displayed giving you the details of the expected types. Additionaly other benefits such as type editors, so that when editing a property of type boolean, you get the True/False drop-down, or when a property that is of type enumeration such as the LogFormat inside the SiteDefaults, you will get a drop-down list with only the list of options that are allowed for that enumeration. Same way, when editing a property of type flags such as the logExtFileFlags that contains the fields to include in the log file, you will get a multi-select drop-down list where you can select and de-select the different options. Also, you will notice that additional information is displayed as you select the different properties, giving you details of their data type as well as additional validations for those that have some, for example, the truncateSize property has specified that only a certain range is considered valid, if I type a value that is not within that range it will show this message giving me details of the problem.

    Making Changes

    Now, lets move to a simpler section so that we can show other features of the Configuration Editor. For example here in default documents, if I want to disable it I just change it to False and click Apply. As you would expect all the changes are applied and to see what changes this actually made in my system I'm going to show a Diff of the configuration that I have backed up and indeed the only change that happened in my configuration system is that it changed from true to false.

    Collection Editor

    As you will notice there is a collection in this section, all the collections are shown in an advanced collection editor that will let you see all the information of the items on it, including the ability to add, remove and clear the collection, as well as lock individual items on it. It additionally shows where each of the individual items is coming from making it easier to understand the distributed configuration.

    Another thing you will notice is that this collection editor shows some visual cues to help you deal with data, for example this little key here tells you that this property is the unique key of the collection item.

    So lets actually add a new one, for that I just need to click Add and fill the values, in this case, lets add Home.aspx as a new default document. After doing that, I can close dialog and click Apply. And lets take a look at what happened to my configuration. As you can see the new item was added. So as you can see its really easy to see and change configuration in collections.

    Script Generation

    Now, one of the interesting things that it also has is those changes that I just did, its great but sometimes I don’t want to apply them immediately but instead automate them so that I can apply them at a later time. For example, lets just change the attribute Enabled back to true, and rather than just applying the change as we did before, I want to generate the script cause probably I'm creating a provisioning script for my site and I want to include this as part of it, so just by clicking Generate Script I get this dialog that gives you the code for Managed Code using Microsoft.Web.Administration in C#, and as you can see its quite easy to read. It also gives you JavaScript code that uses a COM library that our configuration system ships called Microsoft.ApplicationHost, and just as the managed code version it just sets the value. It also gives you command line for it, so you don’t need to build code or scripts, you can just run the command line and to prove that, lets actually just run this command line. First lets show the diff again so that we see that its set to false. Now lets run the command line AppCmd which lives in Inetsrv directory. Now lets show the difference again, and as you can see it actually sets the value as expected. As you can see this will help you write scripts or code to manipulate IIS and ASP.NET settings without requiring additional knowledge.


    Another interesting feature is locking, for example if I want to make sure that my default documents are always enabled and no one else can override them, I can go here and select the enabled attribute and click lock attribute which will prevent it from being changed in any other web.config file.

    Search Configuration

    Now, another interesting feature which is probably one of the most powerful features is the ability to search configuration so that you can see a high-level overview of the configuration system and all the web.config files on it. Just click Search Configuration. This shows me this dialog that shows me the root web.config that includes all the section that are being set on it, it also shows me applicationHost.config that includes again all the sections being used on it, as well as a location tag for a particular application that includes also some sections for it. you will notice that I also have a couple of applications that include web.config's in their folders, and sub-folders. where we can see how for example in this web.config it includes some

    one of the neat features is that you can actually click any of this nodes and it will immediately display the content of the section as well as where its coming from. For example if I click the web.config my entire web.config is displayed, if I click a specific section it only displays the content of the section. I can even click the locationPath that I'm interested and only get that particular one.

    Additionally you can easily search who is changing the authorization settings from and as easy as that you can see all the places in your server where the authorization settings are being set and quickly identify all the settings that are being used in your server. This feature is extremely useful because now, you can easily search for example default Document and make sure nobody is changing it and make sure no one else is violating the locking we just did.

    It also allows you to see the files in a flat view where it gives you all the different paths and files where each of them is coming from. You get the exact functionality, its just a different visual representation of the config.


    Another interesting thing is that if you want to build your own sections and extend our configuration system, you can go to the schema folder and write your own configuration section, declare it using our schema notation, here I'm just defining a section named mySection, that includes an attribute called enabled of type bool and an attribute called message of type string and an attribute password of type string that should be encrypted.. Now, I just need to edit applicationHost.config to define the section so that config system knows we are going to consume it . Just by doing that, now I can go back to config editor and refresh the window, and my section is now available in the drop down, and as you would expect it displays all of the properties I defined, and I can just go ahead and set them, and I get all the locking functionality, I get all the script generation, I get all the UI validation.

    And if I apply, you will see that as expected the changes are done, the password attribute is encrypted, etc.

    So as you can see configuration editor is an extremely powerful feature that will be really useful for successfully managing the web.config's in your system.

  • CarlosAg Blog

    IIS 7.0 Admin Pack: Request Filtering


    My last post talked about the Technical Preview release of the IIS 7.0 Admin Pack, and how it includes 7 new features that will help you manage your IIS 7.0.

    Today I was going to start writing about more details about each feature and Bill Staples just posted something (How to (un)block directories with IIS7 web.config) that almost seems that it was planned for me to introduce one of the features in the Admin Pack, namely Request Filtering UI.

    IIS 7.0 includes a feature called Request Filtering that provides additional capabilities to secure your web server, for example it will let you filter requests that are double escaped, or filter requests that are using certain HTTP Verbs, or even block requests to specific "folders", etc. I will not go into the details on this functionality, if you want to learn more about it you can see the Request Filtering articles over

    In his blog Bill mentions how you can easily configure Request Filtering using any text editor, such as notepad, and edit the web.config manually. That was required since we did not ship UI within IIS Manager for it due to time constraints and other things. But now as part of the Admin Pack we are releasing UI for managing the Request Filtering settings.

    Following what Bill just showed in his blog, this is the way you would do it using the new UI instead.

    1) Install IIS Admin Pack (Technical Preview)

    2) Launch IIS Manager

    3) Drill down using the Tree View to the site or application you want to change the settings for.

    4)  Enter into the new feature called Request Filtering inside the IIS category

    5) Select the Hidden Segments and choose "Add Hidden Segment" from the Task List on the right

    6) Add the item

    As you would expect the outcome is exactly as Bill explained in his blog, just an entry within you web.config, something like:

    <add segment="log" />

    So as you can see the Request Filtering UI will help you discover some of the nice security settings that IIS 7.0 has. The following images show some of the additional settings you can configure, such as Verbs, Headers, URL Sequences, URL Length, Quey String size, etc.

  • CarlosAg Blog

    IIS Admin Pack Technical Preview 1 Released


    NOTE: IIS Admin Pack Technical Preview 2 has been released:

    I'm really exited to announce that today we released the Technical Preview of the IIS Admin Pack and it includes 7 new features for IIS Manager that will help you in a bunch of different scenarios.


    You can download the IIS 7.0 Admin Pack Technical Preview from (It requires less than 1MB):



    These UI modules include the following features:

    • Request Filtering UI - This UI exposes the configuration of the IIS runtime feature called Request Filtering.
    • Configuration Editor UI - This UI provides an advanced generic configuration editor entirely driven by our configuration schema. It includes things like Script Generation, Search functionality, advanced information such as locking and much more.
    • Database Manager UI - This UI allows you to manage SQL Server databases from within IIS Manager, including the ability to create tables, execute queries, add indexes, primary keys, query data, insert rows, delete rows, and much more.
    • IIS Reports UI - This extensible platform exposes a set of reports including some log parser based reports, displaying things like Top URL's, Hits per User, Page Performance, and many more.
    • FastCGI UI - This UI exposes the configuration for the FastCGI runtime feature.
    • ASP.NET Authorization UI - This UI allows you to configure the ASP.NET authorization settings.
    • ASP.NET Custom Errors UI - This UI allows you to configure the Custom errors functionality of ASP.NET

    Please, help us, we want to ask for your help on trying them and give us feedback of all these modules, do they work for you? what would you change? what would you add? What features are we missing?

    Some things to think about,

    Database Manager, what other database features are critical for you to build applications?

    IIS Reports set of reports, what reports would you find useful?, would you want to have Configuration based reports (such as summarizing the Sites and their configuration, which configuration)? More Security Reports (such as)?

    Configuration Editor, is it easy to use?, what concepts from configuration would you like to see?, etc

    Given that each individual feature above has a lot of interesting features that can easily be missed, or might be confusing, I will be blogging in the near feature talking about why we decided to build each feature, what makes them different from any other thing you've seen as well as how you can make the most out of each of them.

    NOTE: IIS Admin Pack Technical Preview 2 has been released:


  • CarlosAg Blog

    Search your configuration sections in web.config files using IIS 7.0 API's



    In IIS 7.0 we have the great functionality to allow you to configure the Web Server settings in a distributed way, including the IIS configuration along with the ASP.NET configuration in the web.config files by using Configuration Sections. For example, the following shows a web.config adding a default document (home.aspx) to a Web Application inside my Default Web Site:

    <add value="home.aspx" />
    <authentication mode="Forms" />

    Now, that is great but it does come with a price, specially for server administrators it means that now you need to deal with a distributed configuration environment where certain settings are applied at the server level and certain settings are applied along with the application or even folders.

    Another interesting challenge is that given the nature of distributed configuration, we've added the functionality to lock certain configuration sections so that they can only be set by a server administrator. Again this is good, however before the server administrator locks any section in order to prevent breaking applications they should search configuration and see if anyone is using that configuration section underneath.

    Searching Configuration

    The IIS 7.0 configuration system has a not so well-known feature that allows you to "query" the configuration system to get an overview of the configuration files in the system as well as the configuration sections that are used in each of them. This feature is implemented as a magical section called configPaths, that has the following schema:

      <sectionSchema name="configPaths">
    <collection addElement="searchResult">
    <attribute name="path" type="string" />
    attribute name="locationPath" type="string" />
    attribute name="status" type="uint" />
    collection addElement="section">
    <attribute name="name" type="string" isUniqueKey="true" /> 

    How to use it

    One thing that is pretty cool is that you can consume this section from all of our tools, including a command line (AppCmd.exe), a script (such as vbscript or javascript using Microsoft.ApplicationHost.AdminManager), or using Managed Code (Microsoft.Web.Administration) including the ability to use it under PowerShell. For this exercise we will only use Microsoft.Web.Administration,  but the concepts are exactly the same in the other tools.

    In its simplest form you can use the following function to display all the configuration files in your server as well as the sections included on them (just add a reference to Windows\System32\Inetsrv\Microsoft.Web.Administration.dll):

        /// <summary>
        /// Displays the list of configuration files as well as the 
        ///     sections being used in each file
        /// </summary>
        private static void DisplaySections() {
    using (ServerManager serverManager = new ServerManager()) {
    Configuration appHost = serverManager.GetApplicationHostConfiguration();
    ConfigurationSection configPaths = appHost.GetSection("configPaths");

    foreach (ConfigurationElement configPath in configPaths.GetCollection()) {
    string path = (string)configPath["path"];
    string locationPath = (string)configPath["locationPath"];


    Console.WriteLine("Config Path:" + path);
    if (!String.IsNullOrEmpty(locationPath)) {
    Console.WriteLine("  <locationPath path=" + locationPath + "'>");

    foreach (ConfigurationElement section in configPath.GetCollection()) {
    Console.WriteLine("    " + section["name"]);
    An example result of running this is:
      <locationPath="Default Web Site/BlogApp">
      <locationPath path="Default Web Site/aspnet_client">
      <locationPath path="Site2/aspnet_client">
      <locationPath path="Default Web Site">
    Config Path:MACHINE/WEBROOT/APPHOST/Default Web Site

    This tells us that in ApplicationHost.config we have a lot of sections begin used including applicationPools and many more.

    Now, lets focus on the last two set of entries, the one with "MACHINE/WEBROOT/APPHOST" with locationPath set to "Default Web Site" tells us that anonymousAuthentication was used as well as windowAuthentication. The locationPath basically tells the configuration that even though this is set in ApplicationHost.config this configuration should only be applied to Default Web Site and its children. The next entry with path "MACHINE/WEBROOT/APPHOST/Default Web Site", basiclally tells you that in the Web.config inside the Default Web Site (in other words in c:\inetpub\wwwroot\web.config) the section appSettings is being used.

    Now, what is interesting is that this is walking the entire server to find configuration files and do a lot of processing, however if you already know that you only want to search within a Site, or a particular application, then you can scope it down by using the GetWebConfiguration() method instead and this will give you only the configuration sections that apply for that site or application. Note that this will also report the sections that are specifically set for that object inside ApplicationHost.config making it much more than just a "findstr" inside the site folder and their virtual directories.

        DisplaySectionsForSite("Default Web Site");

    private static void DisplaySectionsForSite(string siteName) {
    using (ServerManager serverManager = new ServerManager()) {
    Configuration appHost = serverManager.GetWebConfiguration(siteName);
    ConfigurationSection configPaths = appHost.GetSection("configPaths");

    foreach (ConfigurationElement configPath in configPaths.GetCollection()) {
    string path = (string)configPath["path"];
    string locationPath = (string)configPath["locationPath"];


    Console.WriteLine("Config Path:" + path);
    if (!String.IsNullOrEmpty(locationPath)) {
    Console.WriteLine("  <locationPath path=" + locationPath + "'>");

    foreach (ConfigurationElement section in configPath.GetCollection()) {
    Console.WriteLine("    " + section["name"]);


    Now, lets look at other examples, lets consider that we are a server administrator and I want to lock the defaultDocument section, but as a good citizen I first want to see if I would be breaking any application in my entire server if I do this. Just for fun lets do this using PowerShell instead, to test this just copy the entire code below and paste in inside an elevated PowerShell window.

    $sectionToLookFor = "*defaultdocument*"

    $iis = new-object Microsoft.Web.Administration.ServerManager

    $configPaths = $iis.GetApplicationHostConfiguration().GetSection("configPaths").GetCollection()

    foreach($path in $configPaths.GetCollection()) {
    foreach($section in $path.GetCollection()) {
    if ($section.GetAttributeValue("name") -like $sectionToLookFor) {
    write ($path.GetAttributeValue("path") + " LocationPath:" + $path.GetAttributeValue("locationPath"))
    write ("    " + $section.GetAttributeValue("name"))

    The result in my machine gives you something like follows:

    MACHINE/WEBROOT/APPHOST/Default Web Site/aspnet_client

    This tells us that inside the c:\inetpub\wwwroot\aspnet_client\web.config file we are actually using that section so if we end up locking this in the server we would break that application.


    The configPaths section is a very useful section that allows you to search configuration files and the configuration sections being used in each of them, making it an invaluable tool for scenarios like understanding the configuration usage as well as locking and many others.

  • CarlosAg Blog

    IIS 7.0 Manager for Windows XP, 2003 and Vista SP1

    Technorati Tags:

    Last Wednesday we released the IIS Manager 7.0 client for Windows XP SP2, Windows Server 2003 and Windows Vista SP1.
    This is basically the IIS 7.0 Manager GUI that provides the ability to connect remotely to a Windows Server 2008 running the Web Management Service (WMSVC) to manage IIS 7.0 remotely.

    There are several key differences in this version of IIS Manager and its remote infrastructure:

    1) It allows for the first time users without administrative privileges to connect and manage their web sites and applications remotely

    2) It runs over SSL, no more DCOM, which makes this a firewall friendly feature easy to setup.

    3) Runs as a smart client, which means if a new feature is installed on the server it will automatically download the updated versions to the client machines.

    You can download it from:

    IIS.NET Web Site


    To learn more about remote management and how to install it:

    Now, to really show you what this is, I created a very simple demo that briefly shows the remote management capabilities over SSL. (Below there is a transcript in case my accent makes it difficult to understand my english :))


    The purpose of this demonstration is to show you how easy it is to manage IIS 7.0 running in Windows Server 2008, from any machine that has Windows XP or Windows 2003 or Windows Vista by downloading the IIS Manager 7.0 that runs on all of those platforms.

    Now, today I am not going to focus on the details of how to configure it and how to setup the server to support remote management, but mainly just focus on the client aspect.

    On of the most interesting aspects of this remote management infrastructure is that it now uses an architecture that uses HTTPS to communicate to the server making this a nice firewall friendly remote management feature. Another key feature of this functionality is that it allows users without administrative privileges to connect and manage their Web Sites or their applications in a delegated way, where an administrator can restrict which options they can modify or not.

    OK, so to show you this I have here a Windows Server 2008 installed with IIS 7.0, and as you would expect I can manage it locally quite easily using IIS Manager, whether its adding a Web Site or managing the configuration from both IIS or ASP.NET I can do it here.

    This is all good, but now turns out I don’t want to connect locally but instead be able to remotely from my development machine connect to the server and still be able to do that and have the same experience as if I was locally logged on to the machine.

    To show this, I have here a Virtual PC image running a clean install of Windows XP SP2, the only thing it has installed additionally is the .NET Framework 2.0 which is the only requirement for the installation of IIS Manager 7.

    I have already downloaded the IIS Manager installer which takes only about 3MB of disk, that you can find at http://www. or

    Installing it is really simple and fast, just double click the icon and click next…

    Once installed I can now connect to any machine running Windows Server 2008 that has been configured to support remote management. To do that I just need to choose the option “Connect To Server/Site/Application” from the File Menu or the Start Page.

    Today, I will not drill down on the multiple differences between these connections, so for now I will just show how you can connect and manage the entire server by using a Windows Administrator account.

    Another interesting feature of the remote management platform is that if some new feature built on top of the UI Management extensibility API is installed on the server, when I connect again to the server, it will automatically prompt me if I want to get the new functionliaty and I can choose which features to install or not.

    To summarize, the IIS Manager 7 for Windows XP SP2, 2003 SP1 and Vista SP1 is available now, it only depends on the .NET FX 2.0 and it will allow you to connect to a remote server to manage it and have the same rich experience as if you were locally but using its new SSL remoting architecture.

Page 7 of 10 (94 items) «56789»