Ever wonder how combining the flexibility of ASP and the fortitude of IIS may provide a great deal of power to a Web application? This article explores just that topic. The IIS Metabase contains many objects that can be accessed and manipulated via ASP to help control the flow of an application. Even in terms of application-level error checking, the use of the Metabase may prove to be extremely beneficial.
The Metabase is the database used to house all IIS-centric information on the Microsoft Windows NT 4 (and, some time in the near future, Windows 2000 and IIS 5) platform. The primary function of this database is to govern the local IIS server—similarly to the Windows Registry. The hierarchical structure of the Metabase has been designed to provide logical avenues to the configuration data running your Web server. One of the major benefits of this structure (as opposed to the Windows Registry) is its ability to effect a change on the site or server level and have each related node change as well. In Registry terms, this would have to be accomplished on a “key-by-key” basis.
Another major difference between the Registry and the Metabase is the accessibility of the respective data source. The Metabase is an ADSI (Active Directory Services Interface) object. For example, as with any COM object, there are properties and methods associated with all the Metabase objects. This association makes using the IIS Metabase at run-time very easy for anyone who is familiar with OLE or who has the ability to access OLE-compliant objects (such as Excel).
Using the Metabase
In this Daily Drill Down, I’ll take a look at what you need in order to utilize these objects, and I’ll implement some examples. Before I take a functional look, however, I’ll review some of the basics.
There are a number of objects that are accessible via the ADSI Metabase interface. Let’s start by looking at the high-end qualifiers. First, we have the IIS Computer object. This interface provides configuration data at the server level and may be used as a gateway to all Web and FTP sites on the server.
To navigate to this object in code, you must start at the ADSI-defined object name. Specifically, we would use the IIS://LOCALHOST/W3SVC interface. Breaking this definition apart, we see that the type of interface is defined (IIS), the machine follows (LOCALHOST, assuming the local machine is being accessed), and finally the Web service is identified (W3SVC).
The IIS Computer object (as mentioned previously) is also an interface to other IIS objects. We can use the IIS Computer object as a collection that encapsulates the IIS Web site(s) objects. (I’ll give some specific examples later.) In addition, we have the IIS Virtual Directory object. The Virtual Directory object is incredibly powerful. Very simply put, this interface provides the ability to add, delete, and modify virtual directories on the fly.
With the advent of IIS 5, we also have the IIS Web File object, which allows access on the file level. Again, this object is very important to the skilled ASP Web administrator. You can find detailed data on the object’s properties and methods at Microsoft’s alphabetical property list for IIS 5.0 and at Microsoft’s ADSI reference site .
Using the Metabase “functionally”
We know that there are a number of practical uses for accessing Metabase data from an administrative aspect, but how does that apply to a functional ASP application? With the properties exposed, you can use the statistical information about your server as a guideline for how a specific application operates. Make sense? Let’s go a little further—how about combining some of the properties and methods to enhance the application at run-time? In our example, I will examine how both strategies can take a seemingly normal ASP application and add a little “intelligence” to boost functionality and to provide additional direction.
Accessing the Metabase through ASP
To understand how an ASP application accesses the Metabase, let’s take a minute to review the GetObject function, which is designed to get a handle on a COM or ADSI object. To use this function, you must first declare a variable to which you will assign the value of the object returned. The Set statement follows this variable declaration, which actually calls the function to the specified object. This statement is used to assign the value of the variable declared. For example, accessing the local server’s Web Server object should look something like this:
Set objSRV = GetObject("IIS://LOCALHOST/W3SVC")
The ability to use this function within ASP is governed by what level of security is necessary in order to access the object in question. The first step revolves around the ability to define the user accurately. To achieve this ability, your site must be configured to require NT Challenge Response level security. (It’s possible to use Basic Authentication, but I don’t recommend it.) Configure this option using the MMC (Microsoft Management Console). The MMC provides the administrative interface to IIS. Click the Properties option of the site you’re administering, then select the Directory Security tab. You’ll see the Anonymous Authentication And Access Control option. Under the Edit button is the NT Challenge Response check box. Selecting this option ensures that, when anonymous access is denied, anyone attempting to access your site must supply a valid Windows NT Domain user ID and password. Accessing or modifying ANY Metabase data—either on the site or server level—is restricted to members of the Web Site Operators group. Adding non-administrators to this group, however, may involve security risks. To manage these risks, you can write routines within your ASP application to support administrative analysis ONLY. It will ensure that only properly authorized users of your application may call functions that can affect the state of the application or server.
Using the Metabase to “direct” your application
The use of the Metabase to “direct” your Web app is a strategy not currently emphasized in most ASP applications. There’s an overwhelming benefit to using the tools available via ADSI: As an administrator, you can call one function (by the push of a button, if desired) and roll through tremendous change on the application level. All of the administrative features exposed via the MMC are available through the ADSI interface and callable through ASP.
Some of the ways that I can demonstrate this concept involve the security, Metabase backup, and default documents of a specified Web site. However, before we dive into how, let’s talk briefly about why.
The security and flow of a Web application may be something that does not dramatically change on a daily basis. So, how can we administer these tasks easily, if even on a temporary basis? Creating an ASP page to handle all these tasks at once (or a subset) provides a way of facilitating these tasks (and possibly directing site visitors to entirely new applications) through a custom interface or an event-driven script.
Creating a script to run a site backup of the Metabase could potentially save a great deal of time and effort in the future. The performance of this process may be determined by event-driven data. (This is a concept I will discuss further in the examples below.) For the purposes of our example, I will perform a Metabase backup entitled foBack, using the MD_BACKUP_NEXT_VERSION constant for versioning and MD_BACKUP_OVERWRITE for instructing if an existing backup is found.
CONST BACK_NAME = "foback"
Set objSRV = GetObject("IIS://LocalHost")
ObjSRV.Backup BACK_NAME, _
Administering site security via ASP can be a little tricky. The options are great, but if you’re not careful, you can apply inappropriate security to your Web site. Handling the application of these permissions is really no different from doing so via the MMC. However, the simple fact remains that you are not “Applying” or “Committing” these changes manually. Anything you script will be set without prompting you to double-check!
On the other hand, if you’re confident in the logic you’re binding to your site, the ability to change site permissions on the fly is very powerful. For example, one of the biggest benefits of using ASP is data access. ASP is a natural fit with ADO (Active X Data Objects) and, subsequently, any OLE DB providers. The ability to trigger (or, even on an ad-hoc basis, to initiate) a query returning pertinent data that leads to the revocation of write permissions on a virtual directory can be extremely useful. This type of example (performing administrative maintenance based on data and/or events) is defining intuitive Web applications.
For this example, we’ll revoke write access on a virtual directory. To accomplish this, we must first access the IIS Virtual Directory object, which we’ll do by defining the objDIR object. Once we’ve set the value of our variable, we’ll reset the value of the AccessWrite property and use the SetInfo method to process the change. (The name of the virtual directory in this example is virt_dir, which was determined by the Webmaster at the time the directory was created.)
Set objDIR = GetObject("IIS://LOCALHOST/W3SVC/3/ROOT/virt_dir")
objDIR.AccessWrite = False
Our final example could very well be our most dynamic. Often overlooked, the default document of a Web site is truly the portal to the application. The ability for the site administrator to apply a new default doc in time of need, or even when a new application revision is being implemented, can be very useful.
Again, when you apply logic to this concept, your ability to use this function may be based on data stored within your application database. This function, as well as the others, may be event-driven .vbs scripts (VBScript files). Rather than being required to call this type of routine from the user interface, you may use it as part of any administrative maintenance.
To demonstrate this example, we will set the value of the objSRV object again. Next, we will set the value of the DefaultDoc property. To prove our “set,” we will call the GetInfo method to retrieve the current site configuration and use Response.Write to echo the changes out to our HTML page.
dim objSRV, strDefaultDoc
strDefaultDoc = "foHome.htm"
Set objSRV = GetObject("IIS://LOCALHOST/W3SVC")
For Each objSITE In objSRV
If objSITE.class = "IIsWebServer" and objSite.Name = "3" Then
objSITE.DefaultDoc = strDefaultDoc
Response.Write "DEFAULT DOC SET!"
Response.Write "NEW DEFAULT DOC = " & objSITE.DefaultDoc
As we have demonstrated, the practicality of Metabase data is overwhelming. Using the tools provided (and, on the way, IIS 5!), we can truly incorporate administrative logic into our ASP applications.
Joe Barnes is a senior project manager for Fundamental Objects, Inc. He works with large-scale infrastructure and software development projects, and his specialties include Windows NT, Visual Basic, and Lotus Notes. If you’d like to contact Joe, send him an e-mail .The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.