« 上一篇下一篇 »

6-4 Administering Internet Information Services

6-38 Chapter 6 Files and Folders Lesson 4: Administering Internet Information Services
Lesson 1 discussed the issues related to sharing a folder so that users, with the Client For Microsoft Networks, can access resources on a server running the File And Print Sharing For Microsoft Networks service. That is, however, only one means by which users can access the files and folders they require. It is also possible to enable access through Internet technologies such as FTP and Web (HTTP) services.
In this lesson, you will learn how to configure and manage IIS. You will discover how to configure Web and FTP sites, virtual directories, and IIS security. After this lesson, you will be able to ■ Install IIS ■ Set up a Web and FTP site ■ Configure a Web default content page ■ Create a Web virtual directory ■ Modify IIS authentication and security settings Estimated lesson time: 20 minutes
Installing IIS 6.0
To decrease the attack surface of a Windows Server 2003 system, IIS is not installed by default. It must be added using the Add/Remove Windows Components Wizard from Add Or Remove Programs, located in Control Panel. Select Application Server, click Details, and then select Internet Information Services (IIS). You can control the sub-components of IIS that are installed, but unless you are very familiar with the role of subcomponents, do not remove any default components. You may, however, want to add components, such as ASP.NET, FTP or FrontPage Server Extensions.
Administering the Web Environment
When IIS is installed, a default Web site is created, allowing you to implement a Web environment quickly and easily. However, you can modify that Web environment to meet your needs. Windows Server 2003 provides the tools necessary to administer IIS and its sites.
After installation has completed, you may open the Internet Information Services (IIS) Manager console from the Administrative Tools group. By default, IIS is configured to serve only static content. To enable dynamic content, select the Web Service Extensions
Lesson 4 Administering Internet Information Services 6-39 node. As shown in Figure 6-16, all the extensions are prohibited. Select the appropriate extension and click Allow. Figure 6-16 The Internet Information Services (IIS) Manager snap-in The fundamental processes that take place as a client accesses a resource from IIS are
■琓he client enters a URL (Universal Resource Locator) in either of the following forms:
http://dns.domain.name/virtualdirectory/page.htm or
ftp://dns.domain.name/virtualdirectory
■珼omain Name Service (DNS) resolves the name to an IP address and returns the address to the client
■琓he client connects to the server’s IP address, using a port that is specific to the service (typically, port 80 for HTTP and port 21 for FTP)
■琓he URL does not represent the physical path to the resource on the server, but a virtualization of the path. The server translates the incoming request into the physical path and produces appropriate resources to the client. For example, the server might list files in the folder to an FTP client, or might deliver the home page to an HTTP client.
■琓he process can be secured with authentication (credentials, including a user name and password) and authorization (access control through permissions).
You can see this process in action by opening a browser and typing http://server01. The server produces the Under Construction page to the client browser.
6-40 Chapter 6 Files and Folders Configuring and Managing Web and FTP Sites
IIS installation configures a single Web site, the Default Web Site. Although IIS, depending on your server’s hardware configuration, can host thousands, or tens of thousands of sites, the Default Web Site is a fine place to explore the functionality and administration of Web sites on IIS. This Web site is accessible if you open a browser and type the URL: http://server01.contoso.com. The page that is fetched is the Under Construction page.
Remember that a browser’s request to a Web server is directed at the server’s IP address, which was resolved from the URL by DNS. The request includes the URL, and the URL often includes only the site name (www.microsoft.com, for example). How does the server produce the home page? If you examine the Web Site tab of the Default Web Site Properties, as shown in Figure 6-17, you see that the site is assigned to All Unassigned IP addresses on port 80. So the request from the browser hits port 80 on the server, which then identifies that it is the Default Web Site that should be served. Figure 6-17 The Web Site tab of the Default Web Site Properties dialog box The next question, then, is what information should be served. If the URL includes only the site name (for example, www.microsoft.com or server01.contoso.com), then the page that will be returned is fetched from the home directory. The Home Directory tab, as shown in Figure 6-18, displays the physical path to the home directory, typically c:\inetpub\wwwroot.
Lesson 4 Administering Internet Information Services 6-41 Figure 6-18 The Home Directory tab of the Default Web Site Properties dialog box Which file, exactly, should be returned to the client? That is defined on the Documents tab, as shown in Figure 6-19. IIS searches for files in the order listed. As soon as it finds a file of that name in the local path of the home directory, that page is returned to the client and the server stops looking for other matches. If no match is found, the IIS returns an error (404–File Not Found) to the client indicating that the page could not be found. Figure 6-19 The Documents tab of the Default Web Site Properties dialog box A browser could, of course, refer to a specific page in the URL, for example http:// server01.contoso.com/contactinfo.htm. In that event, the specific page is fetched from the home directory. If it is not found, a File Not Found error (404) is returned.
To create a Web site, right-click the Web Sites node or an existing Web site in IIS Manager and choose New Web Site. To configure a Web site, open its Properties. You can
6-42 Chapter 6 Files and Folders configure the IP address of the site. If a server has multiple IP addresses, each IP address can represent a separate Web site. Multiple sites can also be hosted using different ports for each site, or using host headers. The specifics of these options are beyond the scope of this book. You can also configure the path to the directory that is used as the home directory. And you can modify the list or order of documents that can be fetched as the default content page.
A URL can also include more complex path information, such as http:// www.microsoft.com/windowsserver2003. This URL is not requesting a specific page; there is no extension such as .htm or .asp on the end of the URL. Instead, it is requesting information from the windowsserver2003 directory. The server evaluates this additional component of the URL as a virtual directory. The folder that contains the files referred to as windowsserver2003 can reside anywhere; they do not have to be located on the IIS server.
To create a virtual directory, right-click a Web site and choose New Virtual Directory. The wizard will prompt you for the alias, which becomes the folder name used in the URL, and the physical path to the resource, which can be on a local volume or remote server. ! FTP sites work, and are administered, similarly to Web sites. IIS installs one FTP site, the Default FTP Site, and configures it to respond to all incoming FTP requests (all unassigned addresses, port 21). The FTP site returns to the client a list of files from the folder specified in the Home Directory tab. FTP sites may also include virtual directories so that, for example, ftp://server01.contoso.com/pub may return resources from a different server than ftp://server01.contoso.com/vendor-uploads. FTP URLs and sites do not use default documents.
Complex IIS servers may host tens of thousands of sites, each with customized settings to make them tick. Losing all that configuration information could be painful, so although a normal file system backup might allow you to restore the data files after a failure, the configuration would be lost. To back up or restore IIS configuration, you must back up or restore the metabase, an Extensible Markup Language (XML) document that is used to store settings. Right-click the server node in IIS Manager and, from the All Tasks menu, choose Backup/Restore Configuration. See Also For more information about IIS, see the Microsoft IIS 6.0 Administrator’s Pocket Consultant (Microsoft Press, 2003). Exam Tip You can also create a Web virtual directory on an NTFS drive by right-clicking a folder, choosing Properties, then clicking the Web Sharing tab.
Lesson 4 Administering Internet Information Services 6-43 Securing Files on IIS
Security for files accessed by way of IIS falls into several categories: authentication, authorization through NTFS permissions, and IIS permissions. Authentication is, of course, the process of evaluating credentials in the form of a user name and password. By default, all requests to IIS are serviced by impersonating the user with the IUSR _computername account. Before you begin restricting access of resources to specific users, you must create domain or local user accounts and require something more than this default, Anonymous authentication.
Configuring Authentication Methods
You may configure the following authentication methods on the Directory Security tab of the server, a Web (or FTP) site, a virtual directory, or a file:
Web Authentication Options
■ Anonymous authentication Users may access the public areas of your Web site without a user name or password.
■ Basic authentication Requires that a user have a local or domain user account. Credentials are transmitted in clear text.
■ Digest authentication Offers the same functionality as Basic authentication, while providing enhanced security in the way that a user’s credentials are sent across the network. Digest authentication relies on the HTTP 1.1 protocol.
■ Advanced Digest authentication Works only when the user account is part of an Active Directory. Collects user credentials and stores them on the domain con-troller. Advanced Digest authentication requires the user to be using Internet Explorer 5 or above and the HTTP 1.1 protocol.
■ Integrated Windows authentication Collects information through a secure form of authentication (sometimes referred to as Windows NT Challenge/ Response authentication) where the user name and password are hashed before being sent across the network.
■ Certificate authentication Adds Secure Sockets Layer (SSL) security through client or server certificates, or both. This option is available only if you have Certificate Services installed and configured.
■ .NET Passport authentication Provides a single sign-in service through SSL, HTTP redirects, cookies, Microsoft JScript, and strong symmetric key encryption.
FTP Authentication Options
■ Anonymous FTP authentication Gives users access to the public areas of your FTP site without prompting them for a user name or password.
■ Basic FTP authentication Requires users to log on with a user name and pass-word corresponding to a valid Windows user account.
6-44 Chapter 6 Files and Folders Defining Resource Access with Permissions
Once authentication has been configured, permissions are assigned to files and folders. A common way to define resource access with IIS is through NTFS permissions. NTFS permissions, because they are attached to a file or folder, act to define access to that resource regardless of how the resource is accessed.
IIS also defines permissions on sites and virtual directories. Although NTFS permissions define a specific level of access to existing Windows user and group accounts, the directory security permissions configured for a site or virtual directory apply to all users and groups.
Table 6-2 details Web permission levels:
Table 6-2 IIS Directory Permissions
Permission Explanation
Read (default) Users can view file content and properties.
Write Users can change file content and properties.
Script Source Users can access the source code for files, such as the scripts in an Active
Access Server Pages (ASP) application. This option is available only if either Read or Write permissions are assigned. Users can access source files. If Read permission is assigned, source code can be read. If Write permission is assigned, source code can be written to as well. Be aware that allowing users to have read and write access to source code can compromise the security of you server.
Directory browsing Users can view file lists and collections.
The Execute permissions control the security level of script execution and are as described in Table 6-3.
Table 6-3 Application Execute Permissions
Permission Explanation
None Set permissions for an application to None to prevent any programs or scripts from running.
Scripts only Set permissions for an application to Scripts only to enable applications mapped to a script engine to run in this directory without having permissions set for executables. Setting permissions to Scripts only is more secure than setting them to Scripts and Executables because you can limit the applications that can be run in the directory.
Scripts and Set permissions for an application to Scripts and Executables to allow any
Executables application to run in this directory, including applications mapped to script engines and Windows binaries (.dll and .exe files).
Lesson 4 Administering Internet Information Services 6-45 Exam Tip If IIS permissions and NTFS permissions are both in place, the effective permissions will be the more restrictive of the two. !
Practice:

  还没注册Payoneer的朋友可免费申请一个,现在申请Payoneer可获得25美元奖励并且直接享受1.2%全包的优惠:不仅入账免费,全币种提现只收1.2%的费用,无汇损,当你累积收款1000美元时将一次性获得25美元奖励。此外,若自注册之日起的3个月内全币种累积收款达到等值的25000美元,Payoneer将额外奖励你250美元。需要注意的是,如果你直接打开Payoneer官网进行注册,是没有上述优惠的,请务必打开【野猪尖的推荐链接】进行注册。Payoneer注册咨询QQ:2822129880

Payoneer

野猪尖的推荐链接https://www.payoneer.com/zh/znp (此地址要完整地复制,建议直接点击)

【Payoneer申请教程:个人账户企业账户订购Payoneer实体卡(P卡)

Payoneer注册与使用指南(包括P卡申请、Payoneer官方、手续费、收款、提现和消费):
注册-收款工具那么多,为何选择Payoneer? | 为何申请Payoneer万事达预付卡+欧美日收款银行账号
   Payoneer有卡账户和无卡账户的区别Payoneer个人账户注册申请教程P卡公司帐户注册教程
   Payoneer欧元帐户虚拟卡) | Payoneer英镑帐户Payoneer日元帐户Payoneer加元帐户
   订购实体卡(P卡Payoneer卡年费啥时候扣? | Payoneer卡休眠和激活P卡到期后如何更换
   买卖Payoneer(P卡)的风险如何注销P卡

官方-Payoneer秉承公正、公开、透明服务Payoneer官方最新政策汇总官方客服联系方式
   Payoneer官方费用表如何减少Payoneer的手续费?点此免除入账费点此降低提现费
   跨境收款服务商拷问篇——PayoneerPayoneer客户答疑手册(FAQ)Payoneer手机App

收款-跨境电商/外贸收款方式对比Payoneer可以错名收款吗
   Amazon亚马逊卖家设置Payoneer卡收款教程Payoneer可提供亚马逊KYC审核所需银行账单
   Amazon亚马逊收款方式对比(Payoneer,World First,PingPong,美国/香港银行卡)
   CJ联盟设置Payoneer卡收款ClickBank联盟设置Payoneer收款Amazon联盟设置P卡收款
   Payoneer如何从东南亚电商平台Lazada收款如何在Lazada开店
   Payoneer如何从拉美电商平台Linio收款? | Payoneer绑定非洲电商平台Jumia收款
   Payoneer支持从美国电商平台Newegg收款Payoneer支持从虾皮Shopee收款
   Payoneer如何从跨境移动电商Wish收款? | Payoneer针对Wish卖家推出提前放款服务
   Payoneer支持从法国乐天Priceminister收款法国电商平台CDiscount对接Payoneer收款
   如何使用Payoneer请求付款?如何向Payoneer充值
   从PayPal提现到Payoneer卡教程及手续费用PayPal无法绑定并转账到Payoneer卡

提现-从Payoneer卡提现到国内银行账户Payoneer无法从Dating联盟收款并限制提现方式
   用P卡在中国银行ATM机取款4000元用Payoneer卡在中国建设银行ATM机取款500元

消费-Payoneer为卖家提供更便捷的VAT缴费方案用Payoneer卡在GoDaddy买域名主机教程


人在做天在看,转载请以链接的形式注明本文地址
本文地址:http://www.zhaoniupai.com/blog/archives/219.html