Get Started with IIS 7.0’s Confi guration • Chapter 15 777 ■ <globalModules> This section contains the collection of global modules on the server. All global modules are written in native code, such as C\C++. ■ <modules> This section contains the collection of modules that are written in a supported .NET language such as C# or VB.NET. Native modules written in C\C++ can also reside here as well. ■ <sites> This section contains the collection of site defi nitions. The ApplicationHost. confi g fi le has two main section groups: ■ system.applicationHost This group contains all settings for activation, such as the list of application pools, logging settings, listeners, and sites. It can be defi ned only at the global level, and only Windows systems administrators can edit it. ■ system.webServer This group contains sections for the Web server—for example, a list of modules and ISAPI fi lters, ASP, CGI, and others. Most of the sections in the ApplicationHost.confi g fi le are under this section group. Settings in this section group can also be set in individual web.confi g fi les. Two notable sections within the system.webServer section group of the ApplicationHost.confi g fi le are <globalModules> and <modules>. Figure 15.1 applicationHost.confi g 778 Chapter 15 • Get Started with IIS 7.0’s Confi guration XML 101: The Basics of Confi guration in IIS 7.0 There are some fundamental things that everyone needs to understand to succeed in using IIS 7.0. The IIS 7.0 confi guration offers a great number of ways to edit confi guration, none more useful yet unforgiving than your favorite text editor. In this section, we will spend a little time helping you become familiar with how the XML structure works in IIS 7.0. We will also discuss how to confi gure each of the different types of data. For those familiar with the .NET confi g fi les and how they are laid out, some of this will be a review. The .confi g fi les used with IIS 7.0 are text fi les using the XML structure. Any of the .confi g fi les can be edited using any text editor such as Notepad in Windows. XML is easy to read but case sensitive, making it very strict and easy to make mistakes when you are making changes. You must keep this in mind when working with .confi g fi les. While discussing the XML structure in IIS 7.0, we’ll examine the ApplicationHost.confi g fi le. An understanding of section groups, sections, and location tags is vital to correctly edit the ApplicationHost.confi g fi le. First a section is a basic unit of deployment, registration, locking, searching and containment of confi guration settings. Every section belongs to one section group, known as the immediate parent. The section group contains related sections and is used solely for the purpose of a structured hierarchy. No operations can be done on section groups. They cannot have direct confi guration settings. You cannot create a section group and then begin putting confi guration settings directly underneath them without the use of sections. Also, section groups can be nested, whereas sections cannot. Because most sections are locked down by default, the recommended way to unlock them is by using tags. In IIS 7.0, you use a location tag. A location tag unlocks the section for the location that it specifi es. In Figure 15.2 we see an example of a location tag, multiple section groups, and sections from the ApplicationHost.confi g fi le. As we just mentioned location tags can be used to unlock sections; in Figure 15.2 the location tag has unlocked all sections under the <system.webServer> section group; therefore, the settings under the <security> section group, such as the “access” section can be modifi ed. Get Started with IIS 7.0’s Confi guration • Chapter 15 779 IIS 7.0 supports distributed confi guration, which creates a unifi ed hierarchy merged from multiple sources. Here is how it works: Values contained in the ApplicationHost.confi g and web.confi g fi les are merged into an effective result for each possible URL. Those familiar with the security in NTFS can think of fi les inheriting rights from their parent directory and any directory above that establishing effective rights. The same principle applies to distributed confi guration in IIS 7.0. Figure 15.3 is a graphical representation of the distributed confi guration and hierarchy in IIS 7.0. Figure 15.2 ApplicationHost.confi g Hierarchy 780 Chapter 15 • Get Started with IIS 7.0’s Confi guration For instance, let’s say that you are the site administrator (not the Windows administrator) for Web site 2. Your site has a link to a directory full of old Excel spreadsheets. People who use your site simply click this link on the Web page, and then the directory with all the Excel spreadsheets comes up. To allow this action, you must change the behavior of IIS 7.0. As the site administrator you can do this by creating your own web.confi g fi le that enables directory browsing, as shown in Figure 15.4. After you’ve deployed the new web.confi g fi le, users can now see the directory with all the Excel spreadsheets. Figure 15.3 Distributed Confi guration and Hierarchy Get Started with IIS 7.0’s Confi guration • Chapter 15 781 How is this possible? As the site administrator you can do this because the overrideModeDefault for the directoryBrowse setting in the ApplicationHost.confi g fi le is set to Allow (see Figure 15.5). This setting enables this feature to be delegated to developers or lower level administrators and allows them to change the behavior of IIS 7.0 without having to be system administrators. Reexamining Figure 15.3 shows us again how the new hierarchy in IIS 7.0 works. Notice that changes can be made at all levels, but changes can also be blocked at certain points, or for that matter, all levels in the case of denying a feature in the ApplicationHost.confi g fi le. Figure 15.4 Sample web.confi g File . such as the list of application pools, logging settings, listeners, and sites. It can be defi ned only at the global level, and only Windows systems administrators can edit it. ■ system.webServer. system.webServer This group contains sections for the Web server—for example, a list of modules and ISAPI fi lters, ASP, CGI, and others. Most of the sections in the ApplicationHost.confi g fi le are under this. structure in IIS 7.0, we’ll examine the ApplicationHost.confi g fi le. An understanding of section groups, sections, and location tags is vital to correctly edit the ApplicationHost.confi g fi le.