Binding <binding>

Overview

The <binding> element of the <bindings> element allows you to configure the information required for requests to communicate with a Web site.

You can configure binding information when you create a Web site, or you can edit the binding information after you create the site. Binding information includes the protocol that clients use to communicate with the site, the site's IP address, the port number, and a host header.

The <binding> element contains two attributes to configure the binding information: bindingInformation and protocol. The bindingInformation attribute contains the IP address, the port number and, optionally, the host header for the site. The protocol attribute defines the protocol to use to communicate with the site.

You can configure the collection of bindings for a site using IIS Manager by selecting the site and using the Bindings... or Advanced Settings... links in the Actions pane or by clicking Edit Bindings... on the site's shortcut menu.

IIS 8.0 or later enables you to provide security for Web sites by using the certificates in a centralized certificate store on Windows Server 2012. For more information, see IIS 8.0 Centralized SSL Certificate Support: SSL Scalability and Manageability.

The binding element enables you to specify the type of binding used for Secure Sockets Layer (SSL) certificates.

Compatibility

Version Notes
IIS 10.0 The <binding> element was not modified in IIS 10.0.
IIS 8.5 The <binding> element was not modified in IIS 8.5.
IIS 8.0 The sslFlags attribute was added to specify the binding used for Secure Sockets Layer certificates.
IIS 7.5 The <binding> element was not modified in IIS 7.5.
IIS 7.0 The <binding> element of the <bindings> collection was introduced in IIS 7.0.
IIS 6.0 The <bindings> collection replaces sections of the ServerBindings property on the IIS 6.0 IIsWebServer metabase object.

Setup

The <binding> element is included in the default installation of IIS 7 and later.

How to install a Centralized Certificate Store

In IIS 8 and later, the certificates in a centralized certificate store can be used to provide security for a Web site. To use this store on your Windows Server 2012 or later Web server, you must install the Centralized SSL Certificate Store role. To do so with IIS already installed, proceed as follows:

  1. Press the Windows key, and then click Server Manager.
  2. In Server Manager, click Manage and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click through the Before You Begin page, select the installation type and then click Next on the Installation Type page, and select where to install and click Next on the Server Selection pages.
  4. In the Server Roles page, ensure that Web Server (IIS) is selected, and then expand it. Expand Web Server, and then select and expand Security.
  5. Select Centralized SSL Certificate Store, and then click Next.
  6. On the Features page, click Next.
  7. On the Confirm Installation Selections page, click Install.
  8. On the Results page, click Close.

How To

How to add binding information to a site

  1. Open Internet Information Services (IIS) Manager:

    • If you are using Windows Server 2012 or Windows Server 2012 R2:

      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or Windows 8.1:

      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    • If you are using Windows Server 2008 or Windows Server 2008 R2:

      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:

      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, expand Sites, and then click the Web site on which you want to configure the bindings.

  3. In the Actions pane, click Bindings...

  4. In the Site Bindings dialog box, click Add...
    Screenshot of the Site Bindings dialog box.

  5. In the Add Site Binding dialog box, add the binding information, and then click OK.
    Screenshot of the Add Site Binding dialog box.

How to create a centralized certificate store

  1. Press the Start button, and then click Server Manager. In the Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
  2. In the Connections pane, select the server name.
  3. In the Home page, under the Management area, double-click Centralized Certificates.
  4. In the Actions pane, click Edit Feature Settings.
  5. Select Enable Centralized Certificates and enter a physical path. Enter a user name for the path, enter a password for the path, and confirm the password. Click OK.

Configuration

You can add <binding> elements within the <bindings> element for each site in the ApplicationHost.config file. Each site must have at least one HTTP or HTTPS binding to be viewable over the Internet.

Attributes

Attribute Description
bindingInformation Required string attribute.

Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site.
protocol Required string attribute.

Specifies the protocol for communicating with a site.
sslFlags Optional uint attribute.

Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.
  • A value of "0" specifies that the secure connection be made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.
  • A value of "1" specifies that the secure connection be made using the port number and the host name obtained by using Server Name Indication (SNI).
  • A value of "2" specifies that the secure connection be made using the centralized SSL certificate store without requiring a Server Name Indicator.
  • A value of "3" specifies that the secure connection be made using the centralized SSL certificate store while requiring Server Name Indicator
Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address. For more information, see IIS 8.0 Server Name Indication (SNI): SSL Scalability.

The sslFlags attribute is only set when the protocol is https. The default value is 0.

Child Elements

None.

Configuration Sample

The following example defines a site named Contoso with two bindings. The first binding is for a hostname of "www.contoso.com" on port 80 for the IP address of 192.168.0.1, and the second binding is for an HTTPS binding for all IP addresses over port 443.

<site name="Contoso" id="2">
   <application path="/" applicationPool="Contoso">
      <virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot" />
   </application>
   <bindings>
      <binding protocol="http" bindingInformation="192.168.0.1:80:www.contoso.com" />
      <binding protocol="https" bindingInformation="*:443:" />
   </bindings>
</site>

Sample Code

The following examples configure a site named Contoso with a hostname of "www.contoso.com" on port 80 for the IP address of 192.168.0.1, and an HTTPS binding for all IP addresses over port 443.

AppCmd.exe

appcmd.exe set site /site.name:Contoso /+bindings.[protocol='http',bindingInformation='192.168.0.1:80:www.contoso.com']

appcmd.exe set site /site.name:Contoso /+bindings.[protocol='https',bindingInformation='*:443:']

Or you can use:

appcmd.exe set config -section:system.applicationHost/sites /+"[name='Contoso'].bindings.[protocol='http',bindingInformation='192.168.0.1:80:www.contoso.com']" /commit:apphost

appcmd.exe set config -section:system.applicationHost/sites /+"[name='Contoso'].bindings.[protocol='https',bindingInformation='*:443:']" /commit:apphost

Note

You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
          Configuration config = serverManager.GetApplicationHostConfiguration();
          ConfigurationSection sitesSection = config.GetSection("system.applicationHost/sites");
          ConfigurationElementCollection sitesCollection = sitesSection.GetCollection();
          ConfigurationElement siteElement = FindElement(sitesCollection, "site", "name", @"Contoso");

          if (siteElement == null) throw new InvalidOperationException("Element not found!");

          ConfigurationElementCollection bindingsCollection = siteElement.GetCollection("bindings");
          ConfigurationElement bindingElement = bindingsCollection.CreateElement("binding");
          bindingElement["protocol"] = @"http";
          bindingElement["bindingInformation"] = @"192.168.0.1:80:www.contoso.com";
          bindingsCollection.Add(bindingElement);

          ConfigurationElement bindingElement1 = bindingsCollection.CreateElement("binding");
          bindingElement1["protocol"] = @"https";
          bindingElement1["bindingInformation"] = @"*:443:";
          bindingsCollection.Add(bindingElement1);

          serverManager.CommitChanges();
      }
   }

   private static ConfigurationElement FindElement(ConfigurationElementCollection collection, string elementTagName, params string[] keyValues)
   {
      foreach (ConfigurationElement element in collection)
      {
         if (String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase))
         {
            bool matches = true;
            for (int i = 0; i < keyValues.Length; i += 2)
            {
               object o = element.GetAttributeValue(keyValues[i]);
               string value = null;
               if (o != null)
               {
                  value = o.ToString();
               }
               if (!String.Equals(value, keyValues[i + 1], StringComparison.OrdinalIgnoreCase))
               {
                  matches = false;
                  break;
               }
            }
            if (matches)
            {
               return element;
            }
         }
      }
      return null;
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample
   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetApplicationHostConfiguration
      Dim sitesSection As ConfigurationSection = config.GetSection("system.applicationHost/sites")
      Dim sitesCollection As ConfigurationElementCollection = sitesSection.GetCollection
      Dim siteElement As ConfigurationElement = FindElement(sitesCollection, "site", "name", "Contoso")

      If (siteElement Is Nothing) Then
         Throw New InvalidOperationException("Element not found!")
      End If

      Dim bindingsCollection As ConfigurationElementCollection = siteElement.GetCollection("bindings")

      Dim bindingElement As ConfigurationElement = bindingsCollection.CreateElement("binding")
      bindingElement("protocol") = "http"
      bindingElement("bindingInformation") = "192.168.0.1:80:www.contoso.com"
      bindingsCollection.Add(bindingElement)

      Dim bindingElement1 As ConfigurationElement = bindingsCollection.CreateElement("binding")
      bindingElement1("protocol") = "https"
      bindingElement1("bindingInformation") = "*:443:"
      bindingsCollection.Add(bindingElement1)

      serverManager.CommitChanges()
   End Sub

   Private Function FindElement(ByVal collection As ConfigurationElementCollection, ByVal elementTagName As String, ByVal ParamArray keyValues() As String) As ConfigurationElement
      For Each element As ConfigurationElement In collection
         If String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase) Then
            Dim matches As Boolean = True
            Dim i As Integer
            For i = 0 To keyValues.Length - 1 Step 2
               Dim o As Object = element.GetAttributeValue(keyValues(i))
               Dim value As String = Nothing
               If (Not (o) Is Nothing) Then
                  value = o.ToString
               End If
               If Not String.Equals(value, keyValues((i + 1)), StringComparison.OrdinalIgnoreCase) Then
                  matches = False
                  Exit For
               End If
            Next
            If matches Then
               Return element
            End If
         End If
      Next
      Return Nothing
   End Function


End Module

JavaScript

var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
var sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST");
var sitesCollection = sitesSection.Collection;
var siteElementPos = FindElement(sitesCollection, "site", ["name", "Contoso"]);

if (siteElementPos == -1) throw "Element not found!";

var siteElement = sitesCollection.Item(siteElementPos);
var bindingsCollection = siteElement.ChildElements.Item("bindings").Collection;

var bindingElement = bindingsCollection.CreateNewElement("binding");
bindingElement.Properties.Item("protocol").Value = "http";
bindingElement.Properties.Item("bindingInformation").Value = "192.168.0.1:80:www.contoso.com";
bindingsCollection.AddElement(bindingElement);

var bindingElement1 = bindingsCollection.CreateNewElement("binding");
bindingElement1.Properties.Item("protocol").Value = "https";
bindingElement1.Properties.Item("bindingInformation").Value = "*:443:";
bindingsCollection.AddElement(bindingElement1);

adminManager.CommitChanges();

function FindElement(collection, elementTagName, valuesToMatch) {
   for (var i = 0; i < collection.Count; i++) {
      var element = collection.Item(i);
      if (element.Name == elementTagName) {
         var matches = true;
         for (var iVal = 0; iVal < valuesToMatch.length; iVal += 2) {
            var property = element.GetPropertyByName(valuesToMatch[iVal]);
            var value = property.Value;
            if (value != null) {
               value = value.toString();
            }
            if (value != valuesToMatch[iVal + 1]) {
               matches = false;
               break;
            }
         }
         if (matches) {
            return i;
         }
      }
   }
   return -1;
}

VBScript

Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"
Set sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST")
Set sitesCollection = sitesSection.Collection
siteElementPos = FindElement(sitesCollection, "site", Array("name", "Contoso"))

If siteElementPos = -1 Then
   WScript.Echo "Element not found!"
   WScript.Quit
End If

Set siteElement = sitesCollection.Item(siteElementPos)
Set bindingsCollection = siteElement.ChildElements.Item("bindings").Collection

Set bindingElement = bindingsCollection.CreateNewElement("binding")
bindingElement.Properties.Item("protocol").Value = "http"
bindingElement.Properties.Item("bindingInformation").Value = "192.168.0.1:80:www.contoso.com"
bindingsCollection.AddElement(bindingElement)

Set bindingElement1 = bindingsCollection.CreateNewElement("binding")
bindingElement1.Properties.Item("protocol").Value = "https"
bindingElement1.Properties.Item("bindingInformation").Value = "*:443:"
bindingsCollection.AddElement(bindingElement1)

adminManager.CommitChanges()

Function FindElement(collection, elementTagName, valuesToMatch)
   For i = 0 To CInt(collection.Count) - 1
      Set element = collection.Item(i)
      If element.Name = elementTagName Then
         matches = True
         For iVal = 0 To UBound(valuesToMatch) Step 2
            Set property = element.GetPropertyByName(valuesToMatch(iVal))
            value = property.Value
            If Not IsNull(value) Then
               value = CStr(value)
            End If
            If Not value = CStr(valuesToMatch(iVal + 1)) Then
               matches = False
               Exit For
            End If
         Next
         If matches Then
            Exit For
         End If
      End If
   Next
   If matches Then
      FindElement = i
   Else
      FindElement = -1
   End If
End Function