Get Started with IIS 7.0’s Confi guration • Chapter 15 787 Table 15.2 system.webServer Sections Section Name Description asp Contains global defaults for ASP. By default its content is empty, and the defaults are taken from the schema. caching Contains cache-related confi guration. cgi Contains the confi guration for CGI. defaultDocument Contains the confi guration for the default document functionality and the collection of fi les that can be served by default. directoryBrowse Contains the confi guration for the directory listing functionality. globalModules Contains the collection of global native modules on the server. handlers Contains the collection of handlers: both native-code ISAPI extensions and managed-code HTTP handlers. httpCompression Contains confi guration settings for both static and dynamic compression. httpErrors Contains the collection custom errors. httpLoggins Contains global defaults for the per-URL logging confi guration. httpProtocol Contains the collection of HTTP custom and redirect headers. httpRedirect Contains the confi guration settings for the client redirect functionality. httpTracing Contains trace-related confi guration settings. By default its content is empty, and the values are taken from the schema. isapiFilters Contains the collection of ISAPI fi lters, both global fi lters and site fi lters. modules Contains the collection of modules, some native code and all managed code modules reside here. Can be customized per application. odbcLogging Contains confi guration for the ODBC logging functionality. By default its content is empty, and the values are taken from the schema. serverRuntime Contains performance-related confi guration settings that affect the runtime behavior. By default its content is empty, and values are taken from the schema. serverSideInclude Contains settings for the server side including functionality. By default its content is empty, and values are taken from the schema. staticContent Contains confi guration that controls static content serving, including the collection of MIME maps. Continued 788 Chapter 15 • Get Started with IIS 7.0’s Confi guration Now we will examine the security section group which is nested within the system. webServer section group in Table 15.3. The security section group contains sections related to web server security. Table 15.2 Continued Section Name Description urlCompression Used to enable or disable per-URL and dynamic compression. By default its content is empty, and values are taken from the schema. validation Used to confi gure the validation module. It is responsible for detecting the existence of .NET Framework confi guration that will be ignored by the Web server while integrated mode. Table 15.3 Security Section Group Section Description access Contains global defaults for access fl ags. applicationDependencies Contains dependencies between applications or ISAPI fi lters for the purpose of security lockdown. By default its content is empty and is modifi ed as applications are installed. authorization Contains confi guration for authorizing users and roles optionally depending on whether HTTP is being used in the request. ipSecurity Contains the collection of IP addresses to block from accessing the server. isapiCgiRestriction Contains the extension restriction list confi guration to control which functionality is enabled or disabled on the server. requestFiltering Contains confi guration for restricting requests. It contains a collection of physical directories to hide from the Web space. We’ve already shown that the security section group is nested in the system.webServer. Within the security section group is another section group called authentication. This section group contains several sections for authentication. Each section corresponds to a specifi c authentication schema. Table 15.4 displays its sections with some description and the default setting. Get Started with IIS 7.0’s Confi guration • Chapter 15 789 Another section group is nested directly underneath the system.webServer section group: the tracing section group. The tracing section group contains sections for failed requests tracing. Table 15.5 lists its sections a description. Table 15.4 Authentication Section Group Section Description anonymousAuthentication Contains confi guration for anonymous authentication. basicAuthentication Contains confi guration for basic authentication. clientCertifi cateMappingAuthentication Contains confi guration for client certifi cate mapping authentication. digestAuthentication Contains confi guration for digest authentication. iisClientCertifi cateMapping Authentication Contains confi guration for IIS client certifi cate mapping authentication. windowsAuthentication Contains the confi guration for Windows authentication. Table 15.5 Tracing Section Group Section Description traceFailedRequests Contains confi guration for failed requests tracing. By default its content is empty. traceProviderDefi nitions Contains the defi nitions for trace providers. The IIS Schema: Your Cheat Sheet for Success New users to IIS 7.0 are often caught off guard by errors, painful research, and unanswered questions. It isn’t as though IIS 7.0 provides a cheat sheet or anything. Little do many users know that IIS 7.0’s confi guration is an open-book test with the answers living right inside the IIS schema. Many mem- bers of Microsoft’s IIS team learned IIS 7.0 step by step using this schema as their guiding light. You should do the same thing if you want to understand the underlying confi guration and how you work with it. In this section, we will familiarize you with what the IIS schema looks like and show you how to understand what it is you are looking at. 790 Chapter 15 • Get Started with IIS 7.0’s Confi guration What Is a Schema? Before we can read the schema or extend it, we must fi rst defi ne is the term. A schema is an abstract representation of an object’s characteristics and its relationship to other objects. An XML schema, such as the one in IIS 7.0, represents the interrelationship between the attributes and elements of an XML object. In IIS 7.0 the schema is declarative. In IIS 7.0, the schema is extensible in that all that needs to be done is add declarations to the system. Just like the ApplicationHost.confi g fi le, the schema is hierarchical and easy to read. The IIS 7.0 schema is located in the %windir%\ system32\ inetsrv\ confi gs\ chema. Those looking to extend the schema simply need to create their own schema fi les and drop them into the schema directory. You do not extend the schema by modifying any of the default schema fi les. How to Read the Schema Each confi guration section in the schema is read as an XML element. Section groups found in the schema have no schema defi nition. The schema is read as follows: <attribute-name>=“<default-value>” [<metadata>] [<description>] ■ <attribute-name> The name of the confi guration attribute. Every attribute must have a name. ■ <default-value> Value used if no other value is specifi ed. Not all attributes have default values. ■ <metadata> Contains several items such as the runtime type of the attribute. For example: bool, enum, fl ags, int, int64, String, timeSpan. ■ <description> A short description of the attribute. Section Schema The <sectionSchema> is an XML element that represents the base unit of schema information. All schema information is specifi ed underneath it. It has one direct attribute, which is name, and no others. The remaining parts of the schema are in subelements within the <sectionSchema>. Figure 15.9 shows the IIS_schema.xml fi le, notice the <sectionSchema> elements and the schema information in each. Attribute Schema All attributes are defi ned in corresponding <attribute> XML elements in the schema. The <attribute> element can be in the <sectionSchema>, in the element (if in a sub-element within the section), or in the <collection> element. The attribute schema has to specify a name and a runtime type for the attribute. It can also mark the attribute as required. For example, looking at Figure 15.9 you will fi nd the following attribute under <sectionSchema name=“system.webServer/security/authorization”>: <attribute name=“accessType” type=“enum” required=“true”> Get Started with IIS 7.0’s Confi guration • Chapter 15 791 Obviously, the attribute name is accessType, the runtime type is enum, and that it is marked as required. Enum is a set of possible values, where only one of them can be set for the attribute. Below accessType you see the possible values for this attribute. We’ll go over Enum Schema a little later. The attribute schema may also specify any of the following: ■ Whether the attribute is required. ■ Whether the attribute is a unique key or as part of a collection key along with other attributes. ■ Whether the attribute has a default value. Figure 15.9 IIS_schema.xml . server. handlers Contains the collection of handlers: both native-code ISAPI extensions and managed-code HTTP handlers. httpCompression Contains confi guration settings for both static and dynamic. want to understand the underlying confi guration and how you work with it. In this section, we will familiarize you with what the IIS schema looks like and show you how to understand what it is. code and all managed code modules reside here. Can be customized per application. odbcLogging Contains confi guration for the ODBC logging functionality. By default its content is empty, and