Microsoft Iis Isapi Services Are Enabled Vs Disabled

admin

-->

  1. Microsoft Iis Isapi Services Are Enabled Vs Disabled Windows 7
  2. Microsoft Iis Isapi Services Are Enabled Vs Disabled Iphone
  3. Cryptographic Services Are Enabled

IIS 6.0 and later: ASP, CGI, and ISAPI functionality is available but is disabled on new installations of IIS, and must be enabled in IIS Manager. In This Section Section. Norbert, I observed same thing. IMO, CGlobalModule was designed to use for ISAPI adapters. If it’s disabled for whatever reason, ISAPI filters/handlers won’t be executed.

Microsoft Iis Isapi Services Are Enabled Vs Disabled Windows 7

Overview

The <windowsAuthentication> element defines configuration settings for the Internet Information Services (IIS) 7 Windows authentication module. You can use Windows authentication when your IIS 7 server runs on a corporate network that is using Microsoft Active Directory service domain identities or other Windows accounts to identify users. Because of this, you can use Windows authentication whether or not your server is a member of an Active Directory domain.

Windows authentication (formerly named NTLM, and also referred to as Windows NT Challenge/Response authentication) is a secure form of authentication because the user name and password are hashed before being sent across the network. When you enable Windows authentication, the client browser sends a strongly hashed version of the password in a cryptographic exchange with your Web server.

Windows authentication supports two authentication protocols, Kerberos and NTLM, which are defined in the <providers> element. When you install and enable Windows authentication on IIS 7, the default protocol is Kerberos. The <windowsAuthentication> element can also contain a useKernelMode attribute that configures whether to use the kernel mode authentication feature that is new to Windows Server 2008.

Windows authentication is best suited for an intranet environment for the following reasons:

  • Client computers and Web servers are in the same domain.
  • Administrators can make sure that every client browser is Internet Explorer 2.0 or later.
  • HTTP proxy connections, which are not supported by NTLM, are not required.
  • Kerberos version 5 requires a connection to Active Directory, which is not feasible in an Internet environment.

New in IIS 7.5

The <extendedProtection> element was introduced in IIS 7.5, which allows you to configure the settings for the new extended protection features that have been integrated into Windows authentication.

Compatibility

VersionNotes
IIS 10.0The <windowsAuthentication> element was not modified in IIS 10.0.
IIS 8.5The <windowsAuthentication> element was not modified in IIS 8.5.
IIS 8.0The <windowsAuthentication> element was not modified in IIS 8.0.
IIS 7.5The <extendedProtection> element was added in IIS 7.5.
IIS 7.0The <windowsAuthentication> element was introduced in IIS 7.0.
IIS 6.0The <windowsAuthentication> element replaces portions of the IIS 6.0 AuthType and AuthFlags metabase properties.

Setup

The default installation of IIS 7 and later does not include the Windows authentication role service. To use Windows authentication on IIS, you must install the role service, disable Anonymous authentication for your Web site or application, and then enable Windows authentication for the site or application.

Note

After you install the role service, IIS 7 commits the following configuration settings to the ApplicationHost.config file.

Windows Server 2012 or Windows Server 2012 R2

  1. On the taskbar, click Server Manager.
  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
  4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Windows Authentication. Click Next.
    .
  5. On the Select features page, click Next.
  6. On the Confirm installation selections page, click Install.
  7. On the Results page, click Close.

Windows 8 or Windows 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
  3. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Windows Authentication.
  4. Click OK.
  5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, select Windows Authentication, and then click Next.
  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

Windows Vista or Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, then World Wide Web Services, then Security.
  4. Select Windows Authentication, and then click OK.

How To

How to enable Windows authentication for a Web site, Web application, or Web service

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or Windows Server 2012 R2:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

    • If you are using Windows 8 or Windows 8.1:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

    • If you are using Windows Server 2008 or Windows Server 2008 R2:

      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    • If you are using Windows Vista or Windows 7:

      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, expand Sites, and then the site, application, or Web service for which you want to enable Windows authentication.
  3. Scroll to the Security section in the Home pane, and then double-click Authentication.
  4. In the Authentication pane, select Windows Authentication, and then click Enable in the Actions pane.

How to enable Extended Protection for Windows authentication

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or Windows Server 2012 R2:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

    • If you are using Windows 8 or Windows 8.1:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

    • If you are using Windows Server 2008 or Windows Server 2008 R2:

      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    • If you are using Windows Vista or Windows 7:

      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, expand Sites, and then the site, application, or Web service for which you want to enable Extended Protection for Windows authentication.
  3. Scroll to the Security section in the Home pane, and then double-click Authentication.
  4. In the Authentication pane, select Windows Authentication.
  5. Click Enable in the Actions pane.
  6. Click Advanced Settings in the Actions pane.

  7. When the Advanced Settings dialog box appears, select one of the following options in the Extended Protection drop-down menu:

    • Select Accept if you want to enable extended protection while providing down-level support for clients that do not support extended protection.
    • Select Required if you want to enable extended protection without providing down-level support.
  8. Click OK to close the Advanced Settings dialog box.

Configuration

The <windowsAuthentication> element is configurable at the site, application, or virtual directory level in the ApplicationHost.config file.

Attributes

AttributeDescription
authPersistNonNTLMOptional Boolean attribute.
Specifies whether IIS automatically reauthenticates every non-NTLM (for example, Kerberos) request, even those on the same connection. False enables multiple authentications for the same connections.
Note: A setting of true means that the client will be authenticated only once on the same connection. IIS will cache a token or ticket on the server for a TCP session that stays established.
The default is false.
authPersistSingleRequestOptional Boolean attribute.
Setting this flag to true specifies that authentication persists only for a single request on a connection. IIS resets the authentication at the end of each request, and forces reauthentication on the next request of the session.
The default value is false.
enabledRequired Boolean attribute.
Specifies whether Windows authentication is enabled.
The default value is false.
useKernelModeOptional Boolean attribute.
Specifies whether Windows authentication is done in kernel mode. True specifies that Windows authentication uses kernel mode.
Kernel-mode authentication may improve authentication performance and prevent authentication problems with application pools that are configured to use a custom identity.
As a best practice, do not disable this setting if you use Kerberos authentication and have a custom identity on the application pool.
The default is true.

Child Elements

ElementDescription
extendedProtectionOptional element.
Specifies extended protection options for Windows authentication.
Note: This element was added in IIS 7.5.
providersOptional element.
Specifies security support providers used for Windows authentication.

Configuration Sample

The following default <windowsAuthentication> element is configured at the root ApplicationHost.config file in IIS 7.0, and disables Windows authentication by default. It also defines the two Windows authentication providers for IIS 7.0.

The following example enables Windows authentication and disables Anonymous authentication for a Web site named Contoso.

Sample Code

The following examples disable Anonymous authentication for a site named Contoso, then enable Windows authentication for the site.

AppCmd.exe

Note

You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

VB.NET

JavaScript

VBScript

-->

Overview

The <filter> element of the <isapiFilters> collection configures an ISAPI filter to process client request data or server response data.

Compatibility

VersionNotes
IIS 10.0The <filter> element was not modified in IIS 10.0.
IIS 8.5The <filter> element was not modified in IIS 8.5.
IIS 8.0The <filter> element was not modified in IIS 8.0.
IIS 7.5The <filter> element was not modified in IIS 7.5.
IIS 7.0The <filter> element of the <isapiFilters> collection was introduced in IIS 7.0.
IIS 6.0The <isapiFilters> collection replaces the IIS 6.0 FilterEnableCache and FilterPath metabase properties.

Setup

To use the <isapiFilters> element, you must install the ISAPI Filters module on your IIS 7 and later server. To do so, use the following steps.

Windows Server 2012 or Windows Server 2012 R2

  1. On the taskbar, click Server Manager.
  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
  4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Application Development, and then select ISAPI Filters. Click Next.
    .
  5. On the Select features page, click Next.
  6. On the Confirm installation selections page, click Install.
  7. On the Results page, click Close.

Windows 8 or Windows 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
  3. Expand Internet Information Services, expand World Wide Web Services, expand Application Development Features, and then select ISAPI Filters.
  4. Click OK.
  5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, select ISAPI Filters, and then click Next.
  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

Windows Vista or Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. In the Windows Features dialog box, expand Internet Information Services, then World Wide Web Services, then Application Development Features.
  4. Select ISAPI Filters, and then click OK.

How To

How to add an ISAPI filter

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or Windows Server 2012 R2:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

    • If you are using Windows 8 or Windows 8.1:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

    • If you are using Windows Server 2008 or Windows Server 2008 R2:

      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

    • If you are using Windows Vista or Windows 7:

      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, go to the connection or site for which you want to configure ISAPI filters.
  3. In the Home pane, double-click ISAPI Filters.
  4. In the Actions pane, click Add...
  5. In the Filter name text box of the Add ISAPI Filter dialog box, type a friendly name for the ISAPI filter.
  6. In the Executable box, type the file system path of the location of ISAPI filter file or click the ellipsis (...) to navigate to the folder that contains the ISAPI filter file, and then click OK.

Configuration

Attributes

AttributeDescription
enableCacheOptional Boolean attribute.
Specifies whether HTTP.sys caching is enabled (true) or disabled (false) for filtered server responses.
The default value is false.
enabledOptional Boolean attribute.
Specifies whether the installed filter is enabled (true) or disabled (false).
The default value is true.
nameRequired string attribute.
Specifies the unique name of the ISAPI filter.
pathRequired string attribute.
Specifies the full physical path of the ISAPI filter .dll file.
preConditionOptional string attribute.
Specifies conditions under which the ISAPI filter will run.
The preCondition attribute can be one or more of the following possible values. If you specify more than one value, separate the values with a comma (,).
ValueDescription
bitness32Specify the bitness32 value when the ISAPI filter is a 32-bit .dll file and IIS should load the filter only for worker processes that run in WOW64 mode (32-bit simulation) on a 64-bit operating system.
bitness64Specify the bitness64 value when the ISAPI filter is a 64-bit .dll file and IIS should load the filter only for worker processes that run in 64-bit mode.
integratedModeSpecify the integratedMode value when the ISAPI filter should use the integrated request-processing pipeline to process requests for managed content.
ISAPIModeSpecify the ISAPIMode value when the ISAPI filter should use the ASP.NET ISAPI extension, Aspnet_isapi.dll, to process requests for managed content.
runtimeVersionv1.1Specify the runtimeVersionv1.1 value when the ISAPI filter should load only for application pools that are configured to use .NET Framework version 1.1.
runtimeVersionv2.0Specify the runtimeVersionv2.0 value when the ISAPI filter should load only for application pools that are configured to use .NET Framework version 2.0.

Child Elements

None.

Isapi

Configuration Sample

The following configuration example adds an ISAPI filter named SalesQueryIsapi to a Web site or application. The sample names and enables the ISAPI filter with the name and enabled attributes. It also uses the enableCache attribute to disable HTTP.sys caching and the path attribute to specify the location of the ISAPI DLL.

Sample Code

The following examples configure an ISAPI filter named SalesQueryIsapi on the server. Each of the examples use the name property to specify a name for the ISAPI filter, the enableCache property to disable HTTP.sys caching, and the path property to specify the location of the ISAPI DLL.

AppCmd.exe

Note

You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

VB.NET

Microsoft Iis Isapi Services Are Enabled Vs Disabled Iphone

JavaScript

Cryptographic Services Are Enabled

VBScript