Friday, May 02, 2008

IIS 6.0 and ASP.NET - XML, Security, and More

Dear Andi GolekUpo,

Andi Purwito ( wants you to read
the following article .

IIS 6.0 and ASP.NET - XML, Security, and More
Thiru Thangarathinam

This article can be found online at the following location:

In this part of the series, we will comprehend the new IIS Metabase
storage format that is completely based on XML. We then will outline the
advantages of this new format, such as the ability to edit the
configuration settings by using familiar tools such as Notepad, the
ability to make changes while IIS is running without even having to stop
and restart the service, and so on. After that, we will look at the
changes in the security model of IIS 6.0 and the impact of those changes
in ASP.NET applications. Finally, we will see how to secure ASP.NET
applications by using the different authentication mechanisms in IIS.


The typical Internet Web site no longer operates on just one server. Web
sites now spread across multiple Web servers, or across Web farms. Even
intranet sites have increased in number as businesses and organizations
are developing and deploying more applications, especially Web-enabled
applications. In addition, as remote administration has become more
common, there has been an increasing demand to improve API access and
direct configuration support. With the Internet and intranet changes
over the past few years, managing a Web site is no longer as simple as
managing one or a few Web servers from an office, but has become an
intricate and complex process. IIS 6.0 introduces new features to
improve the administration of Web sites. The IIS 6.0 configuration store
is now expressed as plain text XML, which allows for direct text editing
of the metabase configuration in a robust and recoverable fashion, even
while the server is running.

XML Metabase

In previous versions of IIS, such as IIS 5.0, IIS configuration
settings are stored in binary format, making the manual editing of
configuration settings almost an impossible thing. The only way you
could change the configuration settings is by using the IIS Management
console. But now, in IIS 6.0, the configuration file is now stored in
native XML format, which you can edit with any standard text editor.
Furthermore, it also provides an excellent feature named "Edit While
Running," which allows administrators to change server configuration
while the server continues running. For example, you can use this
capability to add a new site, create virtual directories, or change the
configuration of application pools and worker processes. Note that you
can do all of the above even while IIS 6.0 continues to process
requests without having to reboot the computer.

The metabase is a hierarchical store of configuration values used by IIS
6.0 that provides rich functionality, such as inheritance, data typing,
change notification, and security. The metabase configuration for IIS
4.0 and IIS 5.0 was stored in a proprietary binary file and was not
easily readable or editable. IIS 6.0 replaces the proprietary binary
file, called MetaBase.bin, with a plain text XML formatted file named
MetaBase.xml. The new XML metabase improves server manageability by
enabling the following scenarios:

* Direct metabase configuration troubleshooting and editing in a
robust fashion

* Reuse of rich text tools such as windiff, version control systems, and
editing tools

* Configuration rollback

* Versioned history archives containing copies of the metabase for
each change

* Web site and application configuration cloning

* Server-independent backup and restore

Editing the metabase using Notepad

To be able to edit the metabase by using familiar editors such as
Notepad, you need to enable direct editing of the metabase file
(MetaBase.xml) by using the IIS manager. To do this, select the Computer
name node from the IIS manager and right-click on it to select


from the context menu to bring up the following dialog box.

In the above dialog box, check the option

Enable Direct Metabase Edit

. Once this is done, you can edit the Metabase.xml file by using an
editor such as Notepad and effect changes in the IIS configuration.

Structure of MetaBase

As mentioned before, the configuration settings for IIS 6.0 are stored
in an XML file named MetaBase.xml. When you double-click on the
Metabase.xml from Windows Explorer, it will open up in the Internet
Explorer. When viewed in the browser, the MetaBase.xml file looks like
the following.

Click here for a larger image.

The schema for the MetaBase.xml file is called MBSchema.xml and is
located in the same directory as that of the MetaBase.xml file. You
can't make changes to the schema file. Using an XML file to store the
IIS configuration settings provides a number of advantages. Two main
advantages of this approach are:

* Automatic Configuration Versioning and History

* Edit-While-Running Feature

We will provide an in-depth look at the above features in the
following sections.

Automatic Configuration Versioning and History

As mentioned before, IIS 6.0 provides an automatic versioning and
history feature by tracking changes to the configuration MetaBase file
(MetaBase.xml). This file contains all the configuration settings
related to IIS and can be found in the folder

<Drive Name>:\Windows\system\inetsrv

. Any time a change is made, the metabase history feature automatically
keeps track of the changes to the metabase. When the metabase is
written to disk, IIS 6.0 marks the new MetaBase.xml file with a
version number and saves a copy of the file in the history folder.
Each history file is marked with a unique version number, which is
then available for rollback or restore. If IIS 6.0 has been running
while configuration changes are being made, IIS 6.0 responds to
configuration errors by automatically reverting to a previous history
file, preventing errors in the configuration metabase from crashing
the server.

Edit-While-Running Feature

IIS 6.0 also gives administrators the capability to change the server
configuration while the server continues running, through direct edit of
the MetaBase.xml file. For example, this feature can be used to add a
new site, create virtual directories, or change the configuration of
application pools and worker processes&mdash;all while IIS 6.0 continues
to process requests. No recompilation or restart is required. The
administrator can do this easily by opening the MetaBase.xml file using
Notepad, creating the virtual directory needed, and saving the
file&mdash;again, all while IIS is running. The new changes will be
detected, scanned for correctness, and applied to the metabase if the
changes are valid according to the schema.

*** This article contains an HTML image showing comparative data.
*** To view the image, visit:

The Internet is great for exchanging information and ideas, but nothing
beats in-person learning and networking.
Check out's upcoming conferences and expositions including:
** Search Engine Strategies ** 802.11 Planet (Wireless) ** E-Mail Strategies
and more. Visit today!

This message was sent to you by Andi Purwito -- if it was sent to you in
error, we apologize for the inconvenience. If you feel we should look
into why this happened, please visit

Advertising: If you are interested in advertising in our newsletters,
call Claudia at 1-203-662-2863 or send email to
For details on becoming a Commerce Partner, contact David Arganbright on
1-203-662-2858 or visit for the contact form
To learn about other free newsletters offered by Jupitermedia or to
change your subscription visit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'s network of more than 160 Web sites is organized into 12
channels: Developer Download International Internet Lists Internet News

Internet Resources IT Small Business

Linux/Open Source Windows Technology Wireless Internet xSP Resources

To find an answer -
Looking for a job? Filling an opening? -
This newsletter is published by Jupitermedia Corporation
Copyright (c) 2004 Jupitermedia Corporation. All rights reserved.
For information on reprinting or linking to Jupitermedia content: