Top 10 Changes in IIS 7.0

By Walter Oliver

December 22, 2007

You can find the original Top 10 Changes in IIS 7.0 post on Technet.

1. Simple, configurable command line setup

Install only the IIS components needed to run your site

Example:

start /w pkgmgr /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-Security;IIS-ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI

2. Great compatibility story

  • Most (99%+) ASP and ASP.NET applications worked.
    • One application encountered breaking change
    • Handful of applications required config migration to run in Integrated

(We have about 260 applications running on www.microsoft.com as defined by IIS. There are thousands of pages of code that could have broken but did not.)

  • Integrated Pipeline is the new unified request processing pipeline. Benefits include:
    • Allowing services provided by both native and managed modules to apply to all requests, regardless of handler. For example, managed Forms Authentication can be used for all content, including ASP pages, CGIs, and static files.
    • Empowering ASP.NET components to provide functionality that was previously unavailable to them due to their placement in the server pipeline. For example, a managed module providing request rewriting functionality can rewrite the request prior to any server processing, including authentication, takes place.
    • A single place to implement, configure, monitor and support server features. For example, single module and handler mapping configuration, single custom errors configuration, single URL authorization configuration.
  • Classic ASP mode allows for easy app migration
  • Use AppCmd to migrate apps to Integrated mode
  • IIS 6.0 Metabase compatibility layer
    • Allows you the run old ADSI scripts
    • IIS 6.0 Metabase Compatibility module must be installed

3. No more metabase!

  • Clean clear-text schema
  • IIS settings stored in XML configuration file (applicationHost.config)
    • Metabase exists for SMTP/NNTP/FTP only
  • Site-wide changes made easily
    • Update central applicationHost.config and copy to all web servers
    • Replaces our bulky ADSI based script solution for metabase changes
  • Microsoft.com considerations
    • Be careful copying to production servers under load. (When you push out a new applicationHost.config, your app pools and applications will be recycled. If you are heavily dependent on caching, then you could cause problems in your environment as the CLR reloads.)

4. Centralized configuration

  • applicationHost.config stored on UNC share
  • Allows us to copy to two (maybe four) servers rather than 80

Potential issue - managing password changes for account used to connect to config store. (This is because currently you cannot use the UNC share that is running under the Network service, which we use heavily. It currently requires a domain account, which our security policy mandates a periodic password change.)

5. Delegated configuration

  • Admin can now delegate IIS settings to application owner
  • Settings defined in web.config file in application directory
  • Example of setting to delegate include:
    • System.webServer section of applicationHost.config
    • Caching, defaultDocument, httpErrors, security

For more information, see Delegated Configuration .

6. AppCmd and other new management options

  • Managing via the UI
    • New modular, task-based look and feel
    • Moving away from the right-click/properties paradigm
  • Managing via the Command Line
    • AppCmd
  • Command line utility which replaces adsutil.vbs, iisapp.vbs, and others
  • Allows command line management of sites, applications, vdirs, apppools, modules, tracing, and more Powershell
  • IIS community creating IIS-specific Powershell cmdlets
  • MSCOM Considerations
    • AppCmd limitations - no remote
    • No IIS provider for Powershell

7. Failed request tracing

  • Buffers the trace events for requests and flushes them to disk if they meet your failure criteria
  • Captures trace data while you are sleeping
  • Very little perf impact when targeting failing requests
  • Quick test: Enabling tracing for all file extensions and errors results in approx 5% fewer requests/second at full stress load (do not do this in production).
  • View Currently Executing Requests via AppCmd
    • appcmd list requests (for all request)
    • appcmd list requests /apppool.name:DefaultAppPool
  • New Task Scheduler
    • Trigger tasks on events

For more information, see Failed Request Tracing.

8. Request filtering

  • No more URLScan
  • </requestFiltering> settings in applicationHost.config
  • Issue for Microsoft.com: If filename includes "+" then allowDoubleEscaping must be set to "true"
    • <requestFiltering allowDoubleEscaping="true">
  • Allow or disallow specific file extensions and verbs
    • <add fileExtension=".exe" allowed="false" />
  • DenyURLSequences
    • <add sequence="./" />
    • <add sequence="/." />
  • RequestLimits
    • maxAllowedContentLength="1000000"
    • maxUrl="260"
    • maxQueryString="2048"

9. UNC content

  • Simplified content synchronization
  • Reduced H/W footprint (potentially less cost)
    • Common industry pain point

10. Output caching of dynamic content

Not appropriate for all applications (e.g., not effective for those with very personalized output)