N342 Setting Up the IIS Web Server - The Basics

IUS Web server

Use the IUS Web server (www.ius.edu) for assignments by first creating a personal Web page on the IUS LAN.

1. Login to the IUS LAN.
2. Read and follow the instructions for Creating Your Own Web Page.

• Copying files

  On campus, use the W: drive

Off campus, files can be copied to the W: drive by:

1. In the IE browser address bar enter:

   ftp://webftp.ius.edu
    

2. Login using your IUS username and password. A listing of files on W: should appear.
3. Open the directory containing the files to copy.
4. Copy files to W:

• Executing

www.ius.edu/username/directory/filename.asp

where:

• username - your IUS username
• directory - location on the W: drive of the file
• filename - the name of the file to execute

Your own Web server

IIS is the Web server for Windows. Web server installation and administration is relatively simple, mainly setting up directories accessible to the Internet.

• Installing IIS - IIS is not automatically installed on Vista or XP systems. To install:

  XP

  1. Insert XP installation CD.
  2. Start | Run | Control | Add or Remove Programs | Add/Remove Windows Components
  3. Check Internet Information Services (IIS) and click Next. The Windows Components Wizard should start.

  Vista

  1. Start | Run | Control | Programs and Features
  2. Click Turn Windows features on or off
  3. Check Internet Information Services (IIS).
  4. Open Internet Information Services | World Wide Web Services | Application Development Features
  5. Check ASP

  When IIS is installed, go through the tests and configuration below this section.

   

• IP address or host name - At IUS, the IP will be dynamically and automatically assigned. All machines are known locally (on themselves) as localhost. IUS machines also have a name assigned that is accessible Internet-wide. To connect to the Web server on the same machine and get the default page, in a browser enter:

http://localhost

To find out what the Internet name or IP of a Windows machine use:

• ipconfig /all

from the Command Prompt. You should see something like below.
 

C:\ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . : LF111-201.ius.edu DNS Servers . . . . . . . . : 129.79.1.1 198.88.18.1 0 Ethernet adapter : Description . . . . . . . . . : PPP Adapter. Physical Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . . . . . . . : 149.160.29.92 Subnet Mask . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . : 149.160.29.92

The IP is 149.160.29.92 and the Internet name is LF111-201.ius.edu. To connect to the Web server on the LF111-201.ius.edu machine from the Internet and get the default Web page enter from a browser:
 

http://149.160.29.92 http://LF111-201.ius.edu

 

• Virtual directories - The default location for Microsoft server scripts/pages is C:\InetPub\wwwroot. To use other directories one must define a virtual directory.

XP

• Login with administrator privileges
• Create a directory using Windows Explorer on: C:\N342
• Start | Run | Control | Administrative Tools | Internet Information Services
• Expand local computer, Web Sites, and Default Web Site.
• Right click on Default Web Site.
  • New | Virtual Directory
    • Alias: N342
    • Directory: C:\N342
    • Execute (including scripts) and Browse

Vista

• Login with administrator privileges
• Create a directory using Windows Explorer on: C:\N342
• Start | Run | Control | Administrative Tools | Internet Information Services
• Expand local computer, Web Sites, and Default Web Site.
• Click Default Web Site.
• Click View Virtual Directories
• Click Add Virtual Directory
  • Alias: N342
  • Physical path: C:\N342
• Click N342 folder
• Click Features View (at bottom of middle panel)
• Click Directory Browsing icon
  • Actions | Open Feature
  • Enable

With the virtual N342 directory, an HTML file named C:\N342\guru.htm could be loaded from the local machine by:

http://localhost/N342/guru.htm

• XP User Account for IIS - XP IIS requires a user account and sufficient access privileges to update files.
  • Login with administrator privileges
  • Start | Run | Control | Administrative Tools | Computer Management | Local Users and Groups | Users
  • Select Launch IIS Process Account
  • Check User Cannot Change Password and Password Never Expires
  • Select Member Of
    • Enter: Administrators
  • OK each menu

   

• Error messages - Web servers can return error messages (syntax and runtime) back to the browser; critical when debugging your application. By default, error messages useful to the developer are not returned and must be enabled as follows.

  Vista

  • Start | Run | Control | Administrative Tools | Internet Information Services
  • Expand local computer, Web Sites, and Default Web Site.
  • Click Default Web Site.
  • Open ASP.
  • Open Debugging Properties.
  • Send Errors to Browser should be True.
  • Click Apply.

 

Server program execution

The IIS server can execute programs and return the program output to the browser. We will use ASP JavaScript for programming. Below examples illustrate how to execute server programs.

• ASP Scripts - Server scripts (designated with ASP or ASPX extension) are similar to client scripts but run on the server, sending output to the browser.

  Assume that a directory C:\N342 has been defined as a virtual directory named N342 with execute privileges. Any ASP file placed in the directory can then be executed; a program named test.asp located on directory C:\N342 can then be executed by:

http://localhost/N342/test.asp

• C++ - Any executable file can be a CGI program. Assume that a directory C:\CGI has been defined as a virtual directory named CGI with execute privileges. Any exe file placed in the directory can then be executed; a program named test.exe located on directory C:\CGI can then be executed by:

http://localhost/CGI/test.exe

• Perl - Perl can be used as a CGI or script programming language. It can be freely downloaded from http://www.ActivePerl.com
• IIS - Under Windows 2000/XP, assuming ActivePerl is installed at C:\Perl:

Login with administrator privileges Create a directory using Windows Explorer on: C:\N342 Start | Run | Control  | Administrative Tools | Internet Information Services Expand local computer and Web Sites. Right click on Default Web Site and open the Properties editor. Click on Home Directory tab. Set Local Path to C:\inetpub\wwwroot Click Configuration button. Click App Mappings tab then Add button. Enter: Executeable: C:\Perl\bin\perl.exe %s %s Extension: .pl Click OK to back out of menus.

The Perl program in virtual directory N342 could then be executed without specifying the Perl interpreter by:

http://localhost/N342/test.pl

• Command Prompt - To execute a Perl program with a .pl extension at the command prompt or by clicking on the file icon, the simplest approach is to associate the file extension with the Perl interpreter.

Locate the perl.exe interpreter using Find. It is probably located as Perl\bin\perl.exe Open Windows Explorer and point to the perl.exe file. Tools | Folder Options | File Types Look for a .pl extension in the list of files types, if not found, continue. Click New and enter .pl as the File Extension. Click Change | Other... Locate and click on perl.exe Open | OK | Close

The Perl program in directory C:\N342 could then be executed without specifying the Perl interpreter by:

C:\N342\test.pl

• Warnings - Placing executable files in public directories allow any Internet user access to execute those files on your machine. Be careful what you place in public directories. Test that the programs execute as intended and attempt to defend against common attacks. These will be discussed later in the course.

Exercise 2 - Testing IIS Scripts Verify that the server will execute server-side scripts from the N342 directory: Login with administrator privileges to the drive (e.g. C: or W:). Create a directory C:\N342\ASP (using Windows Explorer): Copy and paste the following ASP script to the file named HelloWorld.asp: <%@ LANGUAGE = JScript %> <%         for(i=0; i<10; i++) { %>               <h1>Hello World <%= i %> times <%        } %> Test by entering in the browser address: http://localhost/N342/ASP/HelloWorld.asp

 

Adding Secure Access to the Server on XP

The following restricts access to virtual directories by the Integrated Windows Authentication, a secure login method. Only those users or groups explicitly listed will be able to access the directory over the Internet.

Disable Simple File Sharing

Disabling Simple File Sharing is necessary in order to enable the creation of Access Control Lists for shared disks and folders:

1. Click Start | My Computer | Tools | Folder Options | View.
2. Scroll to the bottom of the list of advanced settings and un-check Use Simple File Sharing (Recommended).
3. Click OK.

Create User Accounts

There are a couple of ways to create user accounts, but let's start simply by clicking Start | Control Panel | User Accounts.

You'll see all of the existing accounts on the computer.

Click Create a new account, and enter the new user's name.

Click Next, and choose the account type. This determines (rather simplistically) which group the user will be placed in. There's generally no good reason to grant remote users Computer administrator privileges, so select Limited, and then click Create Account. The new account appears in the User Accounts window.
 

Create Passwords

By default, Windows XP will not permit a network user to access the XP machine using an account set up without a password.

In Control Panel | User Accounts, click the desired account, and then click Create a password. Enter the password, and then enter it again to confirm it. Enter a password hint if you'd like – a user who forgets the password can look at the hint at the logon screen as a memory aid. Then click Create Password to make it take effect.

Define Virtual Drive Access

1. Locate the folder of the virtual drive defined for IIS.
2. Right click | Sharing and Security | Security
3. Add the names of users (or group) that should be given access to the folder. Set the permissions for each user (group).
4. Click Advanced and uncheck the Inherit from parent .... This will restrict access to only those users (groups) explicitly listed.

Define Database Directory Access

The database directory must be accessible by IIS and the program updating the database.

1. Locate the folder of the database.
2. Right click | Sharing and Security | Security
3. Add the names of users (or group) that should be given access to the database folder. Set the permissions for each user (group) to FULL.
4. Add the name of the IIS Guest account, IUSR_machinename and set the permissions to FULL.

Authentication Method

By default IIS allows anyone to access the virtual drive as an anonymous user.

1. Start | Run | Control | Administrative Tools | Internet Information Services
2. Expand local computer, Web Sites, and Default Web Site.
3. Right click on the virtual directory | Properties | Directory Security | Edit 
4. Only Integrated Windows authentication should be checked.