If you’ve worked on a Web site project recently, then you probably know the days of static HTML pages are gone forever. Programming languages such as ASP.NET and VB Script allow you to create feature-rich, dynamic Web pages. One new tool that complements the other available programming languages nicely is DSML Services for Windows. In this article, I’ll explain what the services are and how to implement them.

DSML—what it is
Essentially DSML (Directory Service Markup Language) Services for Windows allows an HTTP session to use SOAP to access Active Directory. The services are based on the OASIS DSML version 2 specifications. Basically, the services allow you to create Web pages that interact with your organization’s Active Directory.

Acquiring DSML Services for Windows
The services are not included with Windows Server 2003 by default. Instead, they’re available as a feature pack. You can download the 720-KB Windows Installer (MSI) file at the DSML Services for Windows Web site. Don’t let the small size of the downloadable file fool you, though. The DSML services have a few dependencies that you may also have to download. I’ll tell you more about the dependencies as we go along.

Before you install DSML, there’s a dependency that you need to be aware of. DSML Services for Windows require that MSXML 4.0 be upgraded to at least Service Pack 1. In case you’re wondering, MSXML is the core XML service for Windows. Although DSML requires the XML services to be upgraded to Service Pack 1, Service Pack 2 was available at the time I wrote this article, and I recommend that you use it instead. You can download MSXML 4.0 Service Pack 2 from the Microsoft Web site.

Once you’ve installed the necessary service pack, you can begin installing the DSML services. Double-click the DSFW.msi file that you downloaded earlier, and Windows will launch the DSML Installation Wizard. Click Next to bypass the wizard’s welcome screen, and you’ll see the software’s end-user license agreement. After accepting the license agreement, the setup wizard will prompt you for an installation path and ask you whether everyone should be able to use it or just you. Make your selection, click Next twice, and the installation will begin. When the installation process completes, you’ll see a message informing you that DSML has been successfully installed. Click Next and Close to get rid of this message.

Enabling DSML
Even though you’ve installed DSML, the services are not enabled by default. You must configure the DSML services before you can enable them. Furthermore, before you can configure the services, you must install the .NET Framework Runtime Library. This library is not actually required for running the services, but the configuration tool is dependent on it. Therefore, if the idea of running the library on your server causes you to have concerns about security, you can always install it, configure DSML, and then remove the library. You can acquire the .NET Framework Runtime Library from the MSDN Download Center. If you’d rather not download and install the library, you can still configure and enable DSML manually. You can find the instructions in the DSML documentation, which you can access from the server’s Start menu at All Programs | Microsoft DSML | DSML Services Documentation. For the purposes of this article, however, I’ll be using the configuration tool.

Once the .NET Framework Runtime Library is in place, you must take care of yet another prerequisite. The DSML services require that IIS be installed on your server. Although previous versions of Windows enabled IIS by default, this isn’t the case with a default installation of Windows Server 2003. You can install IIS by double-clicking the Add / Remove Programs option in the Control Panel. Windows will display the Add / Remove Programs dialog box. Click the Add / Remove Windows Components button, and Windows will launch the Windows Components Wizard. Select the Application Server option, click Details, select the Internet Information Services (IIS) check box, and click OK followed by Next to install IIS.

Once IIS is installed, you should be able to configure the DSML services. Select the All Programs | Microsoft DSML | configuring DSML Services commands from the Start menu. You’ll see the DSML Services Configuration utility, shown in Figure A.

Figure A
Use the DSML Services Configuration utility to configure and enable the services.

To begin the configuration process, you must select the IIS Web site name that you want to associate with DSML. In Figure A, notice that the server name is already filled in for you so the IIS Web site name will contain only the sites on the currently selected server.

Next, you must enter the name for the virtual directory that will be used for the DSML services. DSML is used by default, but you can place the DSML services anywhere you want. Below the virtual directory name is a preview of the URL that will be used to access DSML. You should make note of this URL because you’ll need it later on when you start to code the DSML-dependent site.

Just below the preview URL is a check box that you can use to require anyone who is connecting to the DSML server to use SSL encryption. Keep in mind that DSML exposes your Active Directory over the Web. Therefore, you should require secure authentication and encryption to avoid a huge security hole.

You must also remember, though, that simply requiring SSL encryption does not implement SSL encryption. SSL encryption won’t work until you associate a certificate with the Web site. You can acquire such a certificate either from an enterprise-level certificate authority or from a third-party provider such as VeriSign.

Once you’re satisfied with the settings you’ve chosen, click the Create IIS Virtual Directory Now button. You’ll see a message indicating that DSFW (DSML Services for Windows) has not been registered as a Web service extension that is authorized to be used on the server. When prompted, click Yes to authorize DSFW as a valid Web extension.

After receiving confirmation that DSFW has been authorized, it’s time for step two of the configuration process. You must now enter either the name of the domain that you want DSML to access Active Directory information from, or you must enter the name of the domain controller within that domain. By default, the current domain name is filled in for you.

Just below the text box where you fill in the name of the domain or the name of a domain controller, there is a check box labeled Make DSML Server Read Only. This check box is selected by default and is a security feature. If your DSML-enabled Web application needs to read, but not modify, the Active Directory, this check box should remain selected. However, if your application will be making updates to the Active Directory, remove the check mark from the box.

At this point, click the Add To The DSML Configuration File Now button. You’re now ready for the final configuration step, which simply involves clicking the Yes, Modify Samples Now button. Doing so will modify sample code so that it works with the configuration that you’ve just created. You’ll be asked if you’d like to launch the samples now. Click Yes, and Windows will open a simple DSML-enabled application, as shown in Figure B.

Figure B
This is a sample DSML-enabled application.

Create your own DSML-enabled applications
As you can see in Figure B, the sample application is nothing fancy. However, when you select an option, the application actually displays the code that makes the action possible. Not only is this useful for testing DSML, but it can also be used to easily develop your own DSML-enabled applications.