Re: how to create IIsWebDirectory without mapping them to physical

It all depends on when in the request pipeline your ISAPI Filter acts.

If it acts in SF_NOTIFY_PREPROC_HEADER, then it controls which URL and
hence which metadata, including the IIsWebFile settings, is loaded by
IIS. If it acts afterwards, then the IIsWebFile settings will take
effect.

It is always tricky when you want to modify web server behavior like
this, because timing matters.

You haven't given sufficient information about how your filter works,
so I cannot give any better advice.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Sep 7, 3:14 am, Kshitiz <Kshi...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks David for your inputs. However it is not a solution to my problem.

Running your command made changes in metabase.xml.

A ISAPIFilter is already applied even before it reaches the level of
IISWebFile. So if my filter is able to provide output to the request,
whatever I configure at IISWebFile/IISWebDirectory level does not matter. No
SSL/client-cert is required in any case, ISAPIFilter provided output without
even looking at the client cert requirement.

Thanks,
Kshitiz



"David Wang" wrote:
On Sep 6, 10:40 am, Kshitiz <Kshi...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
This is with reference to previous question - "Client Certificate Auth only
for certain urls handled by ISAPI filter"

Ques was :
I have written a ISAPI filter. It handles all the request urls and generate
output. None of the urls are mapped to file system.

Now I want anonymous access to most of the urls served by this ISAPI filter.

However for certain urls, I want to enable client certificate based
authentication.

I got response from David :
Configure IIS to enable SSL and require Client Certificates for those
URLs. If they don't exist as vdirs or physical directories in IIS,
then create IIsWebDirectory and IIsWebFile nodes as appropriate
placeholders for them in the Virtual namespace. Of course, none of
them need to map to the file system

Then, use GetServerVariable() with the various documented server
variable names to read the relevant Client Certificate data and do
your custom authentication/authorization.

//David

Now my ques is :
I do not know how to define those URLs. Please provide more input on
that. If you can point to some document that will be great. Please provide
inputs on how to create IIsWebDirectory and IIsWebFile without mapping them
to physical directory.

Also I do not want to hard-code client certificate verification in my code.
I want it to be outside, which can be modified easily as per client
certificate.

Thanks,
Kshitiz

CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS CREATE W3SVC/1/
ROOT/MyUrl IIsWebDirectory
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS CREATE W3SVC/1/
ROOT/MyUrl/MyFilename.extension IIsWebFile
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS SET W3SVC/1/
ROOT/MyUrl/MyFilename.extension/AccessSSLFlags 320

You will notice that request to:
http://localhost/MyUrl/MyFilename.extension

will now require SSL and Client Certificate

/MyUrl and /MyFilename.extension do not need to exist at all.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//- Hide quoted text -

- Show quoted text -


.

Quantcast