for Developers

Martin ParryDeveloper and Platform GroupMicrosoftmartin.parry@microsoft.comhttp://martinparry.com

Agenda

Top 7 Ways To “Light Up” Your Apps on Windows Server 2008Part 1 emphasis on

IIS7, PowerShell

Part 2 emphasis onWER, Restart and Recovery APIs, TxF

The Top 7 Ways… Part 1

1. Build More Flexible Web Applications2. Design Highly-Manageable Applications3. Develop Federation-Aware Applications4. Build Connected Systems5. Build For Scalability6. Virtualize7. Develop More Reliable Applications

1. Build More Flexible Web Apps

IIS 7.0 Introduction

Client version shipped with Windows VistaLimited throughput

Server version will ship with WS2008Currently available in RC formMore features than client

IIS 6.0 Architecture

IIS 7.0 Architecture

Windows Process Activation ServiceManages configuration

What used to be the metabaseResponsible for starting worker processes...

w3wp.exe...and routing incoming requests to the appropriate worker processAlso hosts the new listener adapter interface

You can build your own listeners for WAS

IIS 6.0 Request Pipeline

IIS 6.0 Request PipelineIIS pipeline extensible using ISAPI

Native codeCan apply to all requests

ASP.NET pipeline extensible using IHttpModuleManaged codeCan only apply to requests routed via ASP.NET

Certain pipeline elements are “always there”IIS authenticationLogging

IIS 7.0 Request Pipeline

IIS 7.0 Request PipelineLinear sequence of modulesAny module can be enabled/disabled

Including “built-in” onesModules can be managed or native codeAny type of module applies to any request

IIS7 Modules

IIS 6.0 Configuration

IIS 6.0 (and earlier) use the metabaseStores all configuration informationOriginally in binary form, then in XMLHard to allow management of separate apps by different groups of people

IIS 7.0 Configuration

machine.config

“root” web.config

web.config

web.config

web.config

applicationHost.config

IIS7 Configuration

Building Native Modules

Export a RegisterModule function from DLLDefine one or more other functions

To process request or response

Inside RegisterModule...Hook up your other functions(s) at specific points in the pipelineE.g. Begin, AuthN, AuthZ, ExecuteHandler, End

Building Managed Modules

Implement IHttpModuleImplement Init function

Attach event handlers for specific points in the pipelineE.g. Begin, AuthN, AuthZ, ExecuteHandler, End

Same as existing ASP.NET HttpModules

IIS7 Managed Module

IIS7 Diagnostics - RSCA

Runtime Status and Control APIShows currently executing: -

Application PoolsRequests

Exposed viaIIS admin toolProgrammatically via WMI and Managed OM

IIS7 Diagnostics – Failed Requests

IIS7 allows you to log trace information just for requests that fail

For some definition of failure

Buffers all trace outputOnly flushes to disk if the request failsLog output is XML, with a stylesheet

Breaks down processing by moduleIncludes timing details for each module

IIS7 – Failed Request Tracing

Enable FREB at the Web Site levelConfigure FREB rules at the application levelEach rule: -

Specifies the type of web content it applies toCan specify a specific failure codeCan specify a duration in secondsCan specify a trace event severity

IIS7 Failed Request Tracing

2. Design Highly-Manageable Apps

Management in Windows Server 2008

MMC v3.0Managed framework for building snap-insMicrosoft.ManagementConsole namespace

– Ships with .NET Framework v3.0

Already seen it in use – IIS Admin Console

Windows PowerShell

Windows PowerShell

It’s a command-line interface!ScriptableCommands may be composedNot based on text, based on .NET objectsAvailable for...

Windows XPWindows Server 2003Windows Vista

Ships inside...Windows Server 2008

Windows PowerShell and Scripting

PowerShell and Developers

Developers can create new commands...and can create PowerShell “drives”Excellent way to provide admin experience for your applications.

Exchange 2007 and SQL Server 2008, for example

PowerShell Cmdlets and Providers

3. Develop Federation-Aware Apps

Developing Federated Identity Apps

With AD FSActive Directory Federation Services

Why?Enables cross-domain, cross-platform access to your Web applicationsProvides Web SSO experiencePromotes a claims-based programming modelAchieve reach for your application

– Think “outside of the firewall”

`

Internal Client

ResourceFederation Server

AccountFederation Server

Web Server

Active Directory

A. DatumAccount Forest

Trey ResearchResource Forest

B2B Federation Scenario

Federation TrustFederation TrustFederation TrustFederation Trust

https

https

https

Application Authorization Using Claims

ClaimsStatements made by an authority about a userUsed for authorization purposes

Three types of ADFS claimsIdentity

– Email– User Principal Name (UPN)– Common Name

GroupCustom

IdentityIdentity

UPN:UPN:eric@adatum.comeric@adatum.com

GroupGroup

PurchaserPurchaserAdministratorAdministratorAdatumAdatum

GroupGroup

PurchaserPurchaserAdministratorAdministratorAdatumAdatum

CustomCustom

DisplayName:DisplayName:Eric ParkinsonEric Parkinson

Position:Position:Purchasing StaffPurchasing Staff

Coding a Federation-Aware app

System.Web.Security.SingleSignOnSystem.Web.Security.SingleSignOn.AuthorizationIn code: -

SsoId = User.Identity as SingleSignOnIdentitySsoId.IsAuthenticated – have we a good security token?SsoId.SecurityPropertyCollection – each item could be...

– Group claim, UPN claim, custom claim

Application can get any/all claim details

4. Build Connected Systems

InteropInteropwith otherwith otherplatformsplatforms

ASMX

Attribute- Attribute- BasedBased

ProgrammingProgramming

Enterprise Services

WS-*WS-*ProtocolProtocolSupportSupport

WSE

Message-Message-OrientedOriented

ProgrammingProgramming

System.Messaging

ExtensibilityExtensibilityLocation transparencyLocation transparency

.NET Remoting

Windows Communication Foundation

Sub-queuesSub-queuesPoison Message Poison Message

HandlingHandling

App-Specific App-Specific

Dead Letter QueuesDead Letter QueuesTransactionalTransactional

Remote ReceiveRemote Receive

MSMQ 4.0

Sub-queues

Never created explicitlyAccessed via DIRECT FormatName...

DIRECT=OS:server\private$\myqueue;mysubq

Created at time of first OpenCan receive in the normal fashionCan only insert with MQMoveMessage

No managed code equivalent

Poison Message Handling

WCF binding configuration...<netMsmqBinding><binding name="PoisonBinding"

receiveRetryCount="0“maxRetryCycles="1“retryCycleDelay="00:00:05“receiveErrorHandling="Move">

</binding></netMsmqBinding>

End of Part One

Build More Flexible Web ApplicationsIIS7

Design Highly-Manageable ApplicationsWindows PowerShell, MMC3

Develop Federation-Aware ApplicationsAD FS

Build Connected SystemsWCF, MSMQ 4

MSDN in the UK

Visit http://msdn.co.uk NewsletterEventsScreencastsBlogs

© 2007 Microsoft Ltd. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the

date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.