Datasheet
<requestFiltering>
<hiddenNamespaces>
<add hiddenDirectory=”BIN” />
</hiddenNamespaces>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Using allow or deny in request filtering doesn’t override any MIME-type settings or other security; it
simply evaluates the HTTP request and allows it to be processed or rejects it based on filtering rules. If
your Word documents were protected from being served by ACLs, they would be denied even without
using request filtering, except the request would have to be processed to the step where access is denied
instead of returning a failed result code immediately. The IIS result codes have been modified to indicate
whether a request has been denied by request filtering.
Remote Management
Whilst IIS could be remotely managed in previous versions using the IIS Manager over RPC, this wasn’t
firewall friendly. A HTML based management option also existed, however this didn’t allow manage-
ment of all IIS features. In both cases, users were required to be in the local Administrators group on the
machine.
IIS 7.0 introduces a new remote Management Service that permits the IIS Manager tool to administer
remote IIS 7.0 installations over HTTPS. By utilizing the new delegation features in IIS 7.0, remote users
can be given access to the entire server, a single website or even just a single web application.
Additionally, features that have not been delegated will not be visible to the end user when connecting
remotely.
Lastly, the Remote Management service introduces the concept of IIS Users. These user accounts do not
exist outside of IIS. An administrator can choose to permit either Windows users, or IIS users, access to
administer IIS remotely. IIS Users do not consume Windows client access licenses (CALs), nor do they
have any permissions outside IIS itself, so are a cheaper and more secure option for permitting external
IIS administration.
Although many security administrators will wisely insist on using a VPN for access from a public net-
work, the remote Management Service is useful in hosting scenarios where a company has many exter-
nal customers that you do not wish to allow access to the internal network. The remote Management
Service is covered in Chapter 6, “Web-Site Administration.”
IIS Administration Tools
IIS 7.0 uses a new IIS Manager that brings all the IIS and ASP.NET configurations into one management
location. IIS 7.0 also has a full-functioned command-line tool for configuration,
AppCmd.exe, as well as
an ASP.NET namespace,
Microsoft.Web.Administration, for management of all IIS functions
through ASP.NET managed code. In addition, not only is there still WMI management functionality, but
the management API has also been extended to allow complete control of all IIS features.
19
Chapter 1: Background on IIS and New Features in IIS 7.0
97823c01.qxd:WroxPro 2/4/08 6:47 PM Page 19