SteveOH » iis

ASP.NET ServerVariable Collection

Steve Hernandez — Tue, 20 Jan 2009 20:58:10 +0000

Syntax

Request.ServerVariables (server_variable)

Parameter	Description
server_variable	Required. The name of the server variable to retrieve

Server Variables

Variable	Description
ALL_HTTP	Returns all HTTP headers sent by the client. Always prefixed with HTTP_ and capitalized
ALL_RAW	Returns all headers in raw form
APPL_MD_PATH	Returns the meta base path for the application for the ISAPI DLL
APPL_PHYSICAL_PATH	Returns the physical path corresponding to the meta base path
AUTH_PASSWORD	Returns the value entered in the client’s authentication dialog
AUTH_TYPE	The authentication method that the server uses to validate users
AUTH_USER	Returns the raw authenticated user name
CERT_COOKIE	Returns the unique ID for client certificate as a string
CERT_FLAGS	bit0 is set to 1 if the client certificate is present and bit1 is set to 1 if the cCertification authority of the client certificate is not valid
CERT_ISSUER	Returns the issuer field of the client certificate
CERT_KEYSIZE	Returns the number of bits in Secure Sockets Layer connection key size
CERT_SECRETKEYSIZE	Returns the number of bits in server certificate private key
CERT_SERIALNUMBER	Returns the serial number field of the client certificate
CERT_SERVER_ISSUER	Returns the issuer field of the server certificate
CERT_SERVER_SUBJECT	Returns the subject field of the server certificate
CERT_SUBJECT	Returns the subject field of the client certificate
CONTENT_LENGTH	Returns the length of the content as sent by the client
CONTENT_TYPE	Returns the data type of the content
GATEWAY_INTERFACE	Returns the revision of the CGI specification used by the server
HTTP_<HeaderName>	Returns the value stored in the header HeaderName
HTTP_ACCEPT	Returns the value of the Accept header
HTTP_ACCEPT_LANGUAGE	Returns a string describing the language to use for displaying content
HTTP_COOKIE	Returns the cookie string included with the request
HTTP_REFERER	Returns a string containing the URL of the page that referred the request to the current page using an tag. If the page is redirected, HTTP_REFERER is empty
HTTP_USER_AGENT	Returns a string describing the browser that sent the request
HTTPS	Returns ON if the request came in through secure channel or OFF if the request came in through a non-secure channel
HTTPS_KEYSIZE	Returns the number of bits in Secure Sockets Layer connection key size
HTTPS_SECRETKEYSIZE	Returns the number of bits in server certificate private key
HTTPS_SERVER_ISSUER	Returns the issuer field of the server certificate
HTTPS_SERVER_SUBJECT	Returns the subject field of the server certificate
INSTANCE_ID	The ID for the IIS instance in text format
INSTANCE_META_PATH	The meta base path for the instance of IIS that responds to the request
LOCAL_ADDR	Returns the server address on which the request came in
LOGON_USER	Returns the Windows account that the user is logged into
PATH_INFO	Returns extra path information as given by the client
PATH_TRANSLATED	A translated version of PATH_INFO that takes the path and performs any necessary virtual-to-physical mapping
QUERY_STRING	Returns the query information stored in the string following the question mark (?) in the HTTP request
REMOTE_ADDR	Returns the IP address of the remote host making the request
REMOTE_HOST	Returns the name of the host making the request
REMOTE_USER	Returns an unmapped user-name string sent in by the user
REQUEST_METHOD	Returns the method used to make the request
SCRIPT_NAME	Returns a virtual path to the script being executed
SERVER_NAME	Returns the server’s host name, DNS alias, or IP address as it would appear in self-referencing URLs
SERVER_PORT	Returns the port number to which the request was sent
SERVER_PORT_SECURE	Returns a string that contains 0 or 1. If the request is being handled on the secure port, it will be 1. Otherwise, it will be 0
SERVER_PROTOCOL	Returns the name and revision of the request information protocol
SERVER_SOFTWARE	Returns the name and version of the server software that answers the request and runs the gateway
URL	Returns the base portion of the URL

ASP.NET: Accessing files on a Network Share

Steve Hernandez — Thu, 10 Jul 2008 20:27:49 +0000

Now, there are plenty of places to find resources on this issue, because it’s quite common to have to do so. My issue, was a little different, in that there were multiple layers of security (authentication and authorization) for me to access the files that were needed. Here’s what the setup looked like:

Web Server -> WorkGroup -> Firewall -> Domain -> File Server -> Network Share -> SAN

As you can see, there are several issues are hand. Not only do the accounts have to exist to allow for this communication (and an Administrator account is the only way to go), all sorts of permissions have to be valid for this to function (ie. Local Permissions within each OS on each Server, NTFS (file permissions) on each local server, Access permissions through the Firewall, Access permissions of Domain Resources, Local process level permissions, etc). It was a nightmare, but I believe I figured it out.

There are a few things that needed to be done in this situation. First, the permissions on the SAN needed to allow Administrators full control. Additionally, the local user on the file server needed to have administrative privileges, to both the system and the SAN, thus allowing the network share. Next, the firewall rules needed to allow file traffic (I can’t remember the SMB ports right now – and Windows needs netBios and something else to let file transfers go through, as well as authentication). Finally, the Web Server local user needs admin rights.

To get this to work, I needed everything involved to run with elevated privileges, from IIS, to each thread in the application. Since there was going to be a large amount of file movement, as well as resource and memory manipulation, it’s required.

Therefore, the admin credentials were inputted into IIS to map the network share from the Web Server to the File Server. Next, I had to impersonate the admin user in each thread within the application, a pain, but the guide can be found via Google (if I have time, I’ll track them down again). Next, the machine.config needed to be modified to allow the ASP.NET process to run with the elevated permissions. The web.config needs to be altered to allow impersonation with the credentials as well.

Now here’s the kicker, and something that’s not quite known but buried within Microsoft’s documentation. For this to work (Work Group computer to authenticate to another computer) is to mirror the accounts (same username and password) on both servers (these are local accounts, not domain accounts – since the share was local on the server, the domain can be bypassed. If it were a domain resource, we would have to authenticate via NTLM to an Active Directory server, which would have been a bit more complicated). This allows the hash sent from one system to another to be identical, and thus, you will authenticate (if you know the username and password on one workgroup computer, and it’s the same on another, chances are you’re who you say you are).

This took me a week to figure out, which was not enjoyable. I hope this saves you some time.

Where is ASP.NET 3.5 on IIS?

Steve Hernandez — Wed, 07 May 2008 15:45:39 +0000

Where is ASP.NET 3.5 on IIS ?

Most people on installing .NET 3.5 on the server “expect” an entry for v3.5 under the ASP.NET version Tab in IIS manager. And not finding that entry start panicking. If you have been one of those read on. The more tech savvy folks try to run aspnet_regiis -i from the v3.5 framework folder… but even that is missing

That brings us to the question

What exactly is ASP.NET 3.5 ?

Take a look at the v3.5 framework folder you will not find most of the files needed for ASP.NET to run like aspnet_isapi.dll / aspnet_filter.dll / aspnet_regiis.exe / aspnet_regsql.exe…

The reason being .NET 3.5 is not a stand alone framework like v2.0 or v1.1 . It is just an extension of the 2.0 framework. The extension provides developers with new language features like Anonymous Types, Extension Methods, Lambda Expressions and of course LINQ …. and AJAX is now integrated … also you have a few new ASP.NET controls , ,

Will I get ASP.NET version 3.5 under the ASP.NET tab in IIS 6.0 ?

Nope. Because as far as IIS is concerned nothing has changed. The aspnet_isapi.dll from the version 2.0 folder will still handle the requests and there is no new ISAPI dll specific to version 3.5. So you don’t have to change any Script Mappings in IIS …just leave the web application pointing to v2.0 under the ASP.NET Tab. And this brings us to the next question

What exactly is the extension ?

For that if you have Visual Studio 2008 go ahead and create a Website targeting the .NET 3.5 framework. Then go to the Property Pages of the Website and select References. You will find an entry like this

And those four assembly references provide the new features of v3.5. Here is a 10,000 ft view of the functionality implemented in these assemblies

System.Core – Provides namespaces like System.Linq, System.IO

System.Data.DataSetExtensions – LINQ to DataSet

System.Web.Extensions – AJAX

System.Xml.Linq – New XML API.. supports LINQ to XML

Do I have to configure anything manually ?

No. When you install the .NET 3.5 redistributable on the server it installs these assemblies in the GAC. And any website that refers to these assemblies can fetch them from the GAC so you do not have to configure anything manually. All you need to do is publish the content to a web application that is marked with ASP.NET v2.0

And now you should be thinking

The new language features should require a new compiler. How exactly is the new compiler used ?

The answer is your web.config file. When you create an ASP.NET 3.5 website in Visual Studio 2008 an entry is made in the web.config something like


  
    "c#;cs;csharp" extension=".cs" warningLevel="4"
              type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
      "CompilerVersion" value="v3.5"/>
      "WarnAsError" value="false"/>

The new features do require a new compiler to be used and the web.config tells .NET that the v3.5 compiler has to be used.

What about IIS 7.0 ?

IIS 7.0 is no different.

Securing Microsoft Virtual Server using SelfSSL

Steve Hernandez — Tue, 26 Jun 2007 20:01:57 +0000

I found this great article regarding using SelfSSL (Self Signed Certificates). The original document can be found here. Virtual Server can be found here.

I followed the very easy instructions and it ran great. Here is a shorter version of the directions and the links to get everything you need:

Download and install IIS 6.0 Resource kit: here
Open the IIS Manager (Start > Run > inetmgr), open the properties of the Virtual Server website (usually the 2nd one) (right click > Properties)
Change the SSL port to 1024 (default VS port) and change the TCP port to 1020 (or any other port number) > Apply
Open a command promt (Start > Run > cmd) and go to the SelfSSL director (/program files/iis resources/selfssl) and run the following command > selfssl /N:CN=/K:1024 /V:730 /S:2 /P:1024
1. Where is the website domain name (ie. steve-oh.com, yahoo.com, etc) and /S:2 means the second site on the server.
Now browse to the Virtual Server website and install the certificate and you’re done!

Now you have a Secure Socket Layer (SSL) connection from any remote computer to your server at 1028 bit encryption, so you can rest easy when logging in over the internet.