Apr 032014
 

Microsoft’s Web Platform Installer (Web PI) makes installing applications a breeze. In a recent blog post I covered just how easy installing IIS has become using Web PI. In this walkthrough I’m going to cover installing WordPress, PHP, and MySQL using Web PI.  I remember the days when installing these applications was a manual process. Depending on your level of expertise it was quite a challenge to get everything working properly. If you’ve ever tried to uninstall and then reinstall MySQL you know what I mean.  Now thanks to Web PI with just a few clicks of your mouse you can have WordPress, PHP, and MySQL installed on Windows Server 2012 R2 in a few short minutes.

Setting up Your Site

On my test server I have a new installation of Windows Server 2012 R2 with IIS 8. Using the default site you’ll see the familiar IIS 8 welcome page called IISStart.htm. This page is automatically created for the default site when you install IIS. Be sure to delete it once you deploy your files.

image

Launching Web Platform Installer

After installing the IIS role on your server you’ll be able to launch Web PI directly from IIS Manager by clicking on Get New Web Platform Components . The real power and ease of using Web PI to install WordPress, PHP, and MySQL is evident after you choose WordPress and Click Install. Web PI will automatically select the other application dependencies and include them in the installation.

image

 

Choosing MySQL Root Password

Web PI will prompt you to choose a password for the root administrator user for MySQL. Be sure to make a note of this password because it will be needed later and resetting the MySQL root password manually can be challenge.

image

 

Click Accept. The installation will start running.

image

 

Web PI will download and install all the necessary applications. It will complete within a few minutes.

image

 

 

Configuring the site for IIS

At this stage of the installation Web PI will prompt you to choose a few settings for the IIS configuration. You can either install WordPress on an existing site or select New Web Site. I am going to install WordPress into the root of my site so I am using “/” for the application name. If you plan on running WordPress from a subfolder then enter a name for the application. Once the required parameters have been entered you will be able to click Continue.

image

 

 

You will be prompted to enter a few unique phrases to strengthen the password security.

image

 

Once Web PI completes the installation process your new MySQL Database Name, Database User Name, and Database Password will be displayed on the screen. Make a note of these settings. You will need them later to log into the database.

image

 

Installing WordPress

Once Web PI completes its installation process the WordPress installer will be launched. This final step of installing WordPress completes quite quickly. Enter the Site Title, the admin username and password, and your email address. Click Install WordPress to finish setting it up.

image

 

WordPress is now ready for use. Click Log In to go to the WordPress Dashboard.

image

 

image

 

Securing WordPress

Any serious web developer or server admin knows how important it is to secure your web site.  So after I install WordPress the very next thing I do is secure it. There’s a great WordPress plugin called Limit Login Attempts which can help block automated brute force attacks to your login page.  If you wanted to take it a step further you could even use Url Rewrite to block requests except for your own IP which I chose to do when my site was once targeted by brute force attacks. One other plugin you may want to consider is called Bad Behavior. This is a great plugin for mitigating link spam and the robots that deliver it. Combined with Akismet your site’s blog post comments will be spam free.

Summary

WordPress is one of the most widely used free CMS products. Installing WordPress on Windows Server 2012 R2 also requires PHP and MySQL. Now thanks to Web PI installing WordPress, PHP, and MySQl has never been easier. Your site will be up and running in mere minutes. After installation take some extra time to secure the login page and prevent comment spam. Thanks for reading.

Dec 272013
 

Thanks to Microsoft’s Web Platform Installer (Web PI) installing IIS has never been so easy. Before using Web PI to install IIS became available,  you had to use the Server Manager to install the Web Server (IIS) role and then select various Role Services that you need to be enabled. Depending on your level of expertise this could be a challenging task with lots scrolling back and forth and click upon click to get things just right,  but now you can have IIS deployed with just 3 clicks of your mouse.

Install Web PI

If you’re not familiar with the Web PI, it is a powerful tool that can be used to install not only IIS but also SQL Server Express, Visual Web Developer, Express, PHP, WordPress, Umbraco, and many other 3rd party applications from the Windows Web Application Gallery. If you haven’t already done so first Download Web PI and install it. It’s free and has a small footprint of only 2 MB.

image

 

Select IIS Recommended Configuration

Once Web PI has been installed just launch the program . It will open to the Spotlight tab so just click on the Products tab and click Add next to IIS Recommended Configuration. If you don’t see it in the opening list just search for it. All you need to do after this is just click Install at the bottom of the window.

 

image

 

You may be curious as to what options are installed with the IIS Recommended Configuration. Here is what will be installed:

  • ASP.NET
  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Logging
  • Logging Tools
  • Request Monitor
  • .NET Extensibility
  • Request Filtering
  • Static Content Compression
  • ISAPI Extensions
  • ISAPI Filters
  • WAS Process Model
  • Management Console
  • WAS Configuration API
  • WAS .NET Environment
  • .NET 4.5 Extended with ASP.NET for Windows 8
  • .NET 3.5 for Windows 8

Before the installation starts you need to accept the license terms so just click I Accept.

image

 

The installation will run for a few minutes installing the essential features for IIS to work properly.

image

 

Once Web PI has completed installing IIS just click Finish.

image

 

Using IIS Manager

Your server is now ready for hosting web sites. Open IIS Manager and you’ll see the Default web site has been configured.

image

 

When you browse http://localhost you’ll see the familiar IIS Start Page.

image

This page is named iisstart.htm and appears in the Default Documents list above default.aspx so once you upload your web site files be sure to delete this page.

Next Steps?

Now that you have IIS installed what’s next? Well you’ll want to go back to Web PI and at least install FTP Publishing. Once you have FTP Publishing installed you want to look into configuring FTP User Isolation as well as using FTP over SSL for greater security when transferring content to and from your server. You may also want to look at installing Url Rewrite 2.0 from Web PI. Url Rewrite offers many ways to rewrite urls for SEO and perform 301 redirects as well as blocking page requests.

Summary

The Web Platform Installer (Web PI) is a powerful tool for deploying a wide variety of 3rd party applications such as WordPress and other popular CMS products but it can also be used to install IIS or even SQL Server Express on your server. The Web PI offers  unparalleled ease and convenience with installing applications on Windows servers. Thanks for reading.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Oct 072013
 

When you need quick analysis of your traffic logs you won’t find an better tool than Microsoft’s free Log Parser. With Log Parser you can read a variety of log files including the Registry and Windows event logs. It’s ease of use comes from using SQL queries against your log file. You can get your data even faster by using multiple log parser queries in a batch file.

image

The other day I was helping someone who needed some “top 10” data from their site’s log. Since I had these in my trusty batch file I could provide the text reports within seconds. However, I like to offer a little more pizzazz when possible so this time I decided use Log Parser’s native charting capability to output the results with some nice charts.  As the saying goes a picture is worth a thousand words.

Here’s the query I used to create the chart above:

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10requests.gif 
from <file> group by cs-uri-stem order by count(*) desc" 
-o:CHART -chartType:pieexploded3d -categories:off -chartTitle:"Top 10 Requests"

 

Installing Office Web Components

Charting is a native feature of Log Parser however there is a dependency for Office 2003 Add-in: Office Web Components. Depending on where you are running Log Parser the first time you try to output your query to a chart you may see this error message:

Error creating output format “CHART”: This output format requires a licensed Microsoft Office Chart Web Component to be installed on the local machine

If you didn’t see the error above then you’re all set but if you saw the error then it will be necessary to install the Office Web Components before you can start outputting charts. Once you’ve downloaded the file just accept the License Agreement and click Install.

image

The installation runs quickly. Click OK to close the window.

image

 

Example Log Parser Reports with Charts

Now you’re ready to start creating some colorful charts. The most useful parameters in my opinion are –chartType, –chartTitle, –categories, –values, and –legend. There are some 20+ chart types that you can choose from including:  Pie, PieExploded, PieExlpoded3D, LineStacked, Line3D, BarClustered, ColumnClustered, Smooothline. The default chart type is Line.  To see all the possible chart options run this simple command:

LogParser -h -o:CHART

To take your charts to the highest level of customization you can use an external configuration script with Jscript or VBscript . Take a look at the MSDN ChartSpace Object Model documentation for more information.

Here are a few different charts with various options.

image

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10requests.gif 
from x.log group by cs-uri-stem order by count(*) desc" 
-o:CHART -chartType:pieexploded3d -categories:off -chartTitle:"Top 10 Requests"

 

 

image

logparser.exe -i:iisw3c "select top 10 sc-status, count(*)  into top10errorcodes.gif 
from x.log group by sc-status having sc-status not in ('200') order by count(*) desc" 
-o:CHART -chartType:column3d -categories:on -values:on -chartTitle:"Top Status Codes"

 

 

image

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10_404.gif 
from x.log group by cs-uri-stem, sc-status having sc-status in ('404') order by count(*) desc" 
-o:CHART -chartType:BarClustered3D -values:on -categories:on -chartTitle:"Top 10 404 Status"

 

image

logparser.exe -i:iisw3c "select quantize(time, 60) as TimeGenerated, count(*) as Hits into 
hitsperminute.gif from %1 group by TimeGenerated" -o:chart -chartType:Line –chartTitle:"Hits per Minute"

 

 

 

image

 

logparser.exe -i:iisw3c "SELECT TOP 10 cs-uri-stem AS RequestedFile, COUNT(*) AS TotalHits, 
MAX(time-taken) AS MaxTime, AVG(time-taken) AS AvgTime into slow.gif from x.log 
where EXTRACT_FILENAME(cs-uri-stem) not in('%begin%') GROUP BY cs-uri-stem ORDER BY MaxTime, TotalHits DESC" 
-o:CHART -chartType:barclustered3d -values:off -categories:on -chartTitle:"Top 10 Slowest Requests"

 

In Summary

Microsoft’s Log Parser is a powerful tool for log file analysis. You can use it to analyze text files, csv files, Window’s event logs and even the Windows Registry.  You can make boring reports come alive with colorful charts.  There is a dependency on Office Web Components for charting to work but that is easily solved. Thanks for reading.

Jul 222013
 

Redirecting visitors on your site from one page to another is handled by using either a 301 redirect or a 302 redirect. The numbers 301 and 302 refer to the http status code that is returned by the web server to your browser. They may seem similar but they are quite different. A 302 indicates a temporary change and a 301 indicates a permanent change. This difference is important to understand and will impact how search engines see content changes on your site. There are a number of ways to implement a 301 redirect on your web site. Some are easier than others to configure and will depend on the version of IIS you are using. Here’s the story of how I recently had to use the global.asax and Application_BeginRequest to do a 301 redirect.

Unforeseen consequences of revoking a certificate

The other day I was helping someone who had revoked their site’s SSL certificate. They were no longer going to use SSL on their site so they figured revoking the certificate was a logical decision. Unfortunately what they had not realized was that the https:// url of their site had been indexed by most search engines and they were getting a lot organic traffic to their site using that url. By revoking the certificate many of their visitors were now seeing dire warnings in their browsers like the picture below instead of going to their site. This was not good.

image

 

Not being a technical person they figured that just removing the certificate from the site bindings would solve their problem. This was not a good idea. On the one hand it solved the problem with the browser security warnings being displayed but in fact it just caused a different problem. People were still accessing the https:// url of their site so instead of a security warning now they were just seeing an error. Using Fiddler you can see that a 502 error is generated when you try to access a site using https without having a binding for it.

image

 

The need for a redirect

We needed to take visitors accessing the https url of the site and send them to the http url of the site. This is the perfect application of using either a 301 or 302 redirect. However, here’s where things got a little more complicated. Ordinarily I would just use Url Rewrite or even a Url Rewrite Map to handle the 301 redirects. Unfortunately their site was hosted on IIS 6 so we couldn’t use Url Rewrite. Furthermore we only needed to redirect incoming requests using SSL. The site content was fine so page level redirects such as a meta tag refresh weren’t going to help in this case either.

Since the site was using .Net 2.0 I decided to use the Application_BeginRequest event in the global.asax. This is the first event in the HTTP pipeline change of execution when asp.net responds to a request. Using this event I created a conditional statement to test the HTTPS server variable to see if the request was being made using SSL or not. If the request was made with SSL then we would redirect it to the http url of the site as shown below. Bear in mind however that Response.Redirect’s default status is 302 –a temporary redirect. In my situation I needed a 301 permanent redirect so that search engines would drop the https url from their index. So I had to add the extra line of Response.StatusCode=301.

image

At this point I was pretty satisfied I had solved my friend’s problem. I had setup a test site with an SSL certificate and the redirect worked great. Unfortunately when I set it up on the live site (with the revoked certificate) nothing happened Sad smile.  It turned out that because the site’s certificate had been revoked, browsers weren’t actually loading the site which in turn meant the redirect wasn’t happening. There was only one way to solve this last piece of the puzzle and that meant putting in a valid SSL certificate again. So I created a Certificate Signing Request for my friend’s site and within minutes they had a new $9 RapidSSL certificate from Namecheap.com. Once a new certificate was bound to the site the https page requests started working again and then our custom 301 redirect in the global.asax was able to do it’s job.

 

Testing a 301 Redirect

Because I needed the redirect to be permanent I wanted to be sure it was really returning a 301 status. Checking the web site’s www logs would have confirmed this but that’s a bit cumbersome especially when a tool like Fiddler makes it so easy to check. Fiddler is a free web debugging tool. As one can see in the pictures below the redirect was in fact returning a 301 status code.

image

Here you can see the raw header and body of the request.

image

If you need to remove a url from a search engine’s index you can contact them directly:

https://support.google.com/webmasters/answer/164734?hl=en

http://www.bing.com/webmaster/help/how-can-i-remove-a-url-or-page-from-the-bing-index-37c07477

Please note that is is not a fast process and using a 301 permanent redirect is the best solution.

Summary

Sending traffic to a different location on your site can be accomplished using either a 301 permanent redirect or a 302 temporary redirect and this will ensure your search engine ranking isn’t impacted. There are many techniques to implement a redirect such as using Url Rewrite, meta tags, or even Response.Redirect. If you’re going to revoke an SSL certificate or remove one from your site, first be absolutely sure that there isn’t traffic using the certificate. Thanks for reading.

Jun 302013
 

Server Core for Windows Server 2012 offers a low-maintenance, limited functionality operating system. The primary benefits of Server Core are Reduced Servicing, Reduced Management, and Reduced attack surface. Management of Server Core is performed locally or remotely using Windows PowerShell, a terminal server connection from a command line or by using the Microsoft Management Console (MMC). There are many server roles available for Server Core instances such as Active Directory, DHCP Server, DNS Server, File Services, BITS Server, HyperV, Printing Services, and IIS, just to name a few. Here is a list of more Server Core roles that are available. This walkthrough will focus on installing IIS 8.

Install Windows 2012 Server Core

As you might have guessed the first step will be to install Windows 2012 Server Core. Launch your install media and select Server Core Installation and click next. If you’ve ever installed any other Windows operating system the menus at this point will look pretty familiar.

image

The installation goes quickly. You will receive status updates as it progresses.

image

 

Change the Administrator Password

Once the installation has completed you’ll need to change the administrator password. Just follow the prompts to complete this step.

image

 

Installing IIS 8

Once the base installation of Server Core has completed you’re ready to install IIS. Open Powershell and enter the following cmdlet:

install-windowsfeature web-server

Once the process completes you should see a Success result similar to the picture below.

image

 

Install IIS Remote Management Service

Since this is Windows Server Core we’re not going to see the IIS Manger GUI as with the other versions of Windows. So to maintain IIS we’ll need to configure the Remote Management Service. This can be installed by entering the following cmdlet:

Install-windowsFeature Web-Mgmt-Service

You’ll again see a Success result if everything worked properly as shown below.

image

You can use the following commands to start or stop the management service:

Net Stop WMSVC

Net Start WMSVC

 

Enable Remote Management (Web Management)

Next we’ll install Remote Web Management by entering the following cmdlet:

Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1

image

 

Create Firewall Rule for Web Management Service

Before we can remotely connect with the IIS Manger we need to create a rule for the local Windows Firewall. The following command will create the rule we need:

netsh advfirewall firewall add rule name=”Allow Web Management” dir=in action=allow service=”WMSVC”

image

 

Connect to IIS 8 on Server Core using IIS Manager

Now we’re ready to connect to IIS 8 on our Windows 2012 Server Core. Installing IIS Manger for Remote Administration on your PC is very straight forward. Once you have IIS Manager installed just right-click under Connections and select Connect to a Server.

image

Next just enter the server address.

image

Enter your administrator username and password.

image

You’ll be prompted to accept the server’s certificate for security.

image

 

Having properly authenticated on the server we can now see our default site and configure additional sites as well as maintain all of the usual IIS features and settings.

image

 

Summary

If you’re in the market for Windows Cloud Server hosting and aren’t really technically inclined then Windows 2012 Server Core may not be the right fit for you. However Windows 2012 Server Core offers a variety of server roles and has clear security benefits. Running IIS 8 on Server Core is very manageable thanks to the IIS Remote Administration Service. I will cover adding FTP in a future blog post. Thanks for reading.

May 042013
 

FTP User Isolation is a great way to lock down your FTP site and prevent users from accessing resources they are not supposed to. Regardless if your server is providing shared hosting or dedicated hosting, FTP User Isolation can be leveraged for greater FTP security. It is particularly beneficial in hosting environments when you have a limited number of IP addresses to utilize but have several users requiring FTP access. In this case you’ll want to create 1 master FTP site and configure user virtual directories. Alternatively if your web server has several IP addresses available then one will typically deploy FTP Publishing on each site being hosted using a dedicated IP address. FTP user isolation in this case is not as critical but can still be implemented if you need multiple users accessing different folders on the same site.

In This Walk-through

In this walk-through I’ll be configuring 1 master FTP that will be used to isolate FTP users for 3 different web site’s I’ve created. To see how to setup an FTP site please check my recent blog post on setting up an FTP site with SSL. Our FTP site will use c:\inetput\ftproot as the root directory. Double check the FTP Authentication section has Anonymous Authentication disabled and Basic Authentication enabled.

image

 

Create User Group for FTP Users

Our server has 3 user accounts we want to use for FTP access: ftpuser1, ftpuser2, ftpuser3. In the Computer Management console under Local Users and Groups create a new group called FTPUsers.

image

 

Add the 3 FTP users to the group and then go to the root folder of the FTP site c:\inetpub\ftproot and add FTPUsers group to the folder permissions.

image

 

Check the FTP Authorization Rules

Go back to the Features View of the FTP site in the IIS Manager and click on FTP Authorization. In the FTP Authorization settings select Specified roles or user groups enter the FTPUsers group we just created.  By storing the users in 1 group it will make it easier to maintain in the future if we have to add more FTP users. We want the users to have Read and Write permissions.

image

 

Configure LocalUser Virtual Directory

Now on the the FTP site we need to create a virtual directory called LocalUser. This is a special directory which is required to make the user isolation work properly. Right click on the master FTP site and then click Add Virtual Directory.

image

Enter the name LocalUser and specify the root folder of the FTP site c:\inetpub\ftproot.

image

 

Create FTP User Virtual Directories

Under the LocalUser virtual directory create an additional virtual directory for each FTP user. Enter the name of the FTP user and set the physical path to the web site they will be accessing. In this example ftpuser1 will be access c:\domains\domain1.com. Ftpuser2 will access c:\domains2.com and Ftpuser3 will access c:\domains3.com.

image

Since we have 3 FTP users we’ll have a virtual directory for each user under LocalUser.

image

 

Configure FTP User Isolation

On the Features View of the FTP Site and click on FTP User Isolation. Under the section Isolate Users select User name directory (disable global virtual directories). As a reminder If you are deploying FTP Publishing at the site level with only 1 user accessing the site content then user isolation is not necessary and selecting the first option FTP root directory will be sufficient. The FTP user will be dropped into the root of the site.

image.

 

Testing FTP Client

Now our FTP site is ready for testing. With my FTP client I connect to the site using ftpuser1 and I am correctly logged into domain1.com root folder.

image

You can test if the isolation is working properly by trying to change the directory to the parent level or another ftp user’s folder. If you remember back to FTP and IIS 6  this would have been possible or at least you you would have been able to get into the root folder of the FTP site and potentially seen other FTP users’ folders. In the example below I login as ftpuser2 and then try to change to the directory of ftpuser1 however thanks to FTP Isolation we get an error message that the path does not exist. Each user is now completely isolated from the others.

image

In Summary

Starting with IIS 7, Microsoft completely redesigned the FTP service offering the highest level of security. FTP User Isolation will completely shield web site content from other FTP users. It is particularly beneficial when you have an FTP site that needs to allow access to multiple users to different folder paths. Thanks for reading.

Mar 132013
 

Remote Management for IIS 8 on Windows Server 2012 is a great way to connect to your site and accessing IIS features without logging in to the server.  It is straight forward to configure but requires a few steps to get working properly. An alternative scenario would be if you are using a 3rd party for Windows shared hosting and you do not have administrative access to the server. You could then use IIS Manager for Remote Administration on your PC to connect to the site and maintain it.

Installing the Management Service on the Server

With Windows Server 2012 and IIS 8 there are 2 ways that you can have this service installed. The first way is using the Server Manager and launching the Add Roles and Features Wizard.

image

 

Once the Add Roles and Features Wizard opens scroll down to the Web Server (IIS) role and expand the management tools section. Click the checkbox next to Management Service and then click Next to complete the wizard.

image

 

Once installation completes you will see that it has been added to the IIS Roles and Features in Server Manager.

image

 

Alternatively you can install the Management Service using the Web Platform Installer. Open IIS Manager on the server and click Get New Web Platform Components.

image

 

The Web Platform Installer will open up. You can filter on products named IIS and then sort the name column. In the list you’ll see the IIS Management Service. Click Add then then complete the wizard. It will take just a few moments to complete. The wizard will display a confirmation page upon completion. You can also double check that it has been installed successfully in the IIS Roles and Features in Server Manager as shown above..

image

 

Configure IIS for Remote Administration

After the remote management service has been installed on the server you need to enable it and then assign user permissions before users can connect remotely. In IIS Manager at the server level scroll down to the Management groupHere you can add IIS Manager Users, check permissions for existing users, control Feature Delegation, and maintain the Management Service settings. Click on Management Service to configure remote administration and enable the service.

image

 

Click Enable remote connections and then select whether or not you want to allow users to access the server using Windows credentials only or allow users with Windows credentials and IIS Manager credentials. Assign the IP address you want the service to be on and the default port 8172. If you have your own certificate you can assign that otherwise there is a default certificate available to be used. For additional security you can implement IP address restrictions. After saving your changes be sure to click Start. If you decide to change any settings later you’ll need to stop the service first before you can make any changes.

image

 

Allow Users to Access the Site Remotely

User permissions are assigned at the site level. Go to the site you want to allow remote access to and click IIS Manager Permissions.

image

 

Click Allow User.

image

 

To add a Windows user click Select and then enter their name and then click Ok.

image

Remote administration has now been enabled and configured on the server. You have enabled a user to remotely connect to IIS. At this point the server configuration is complete. The only thing remaining is to install IIS Manager for Remote Administration on your PC.

 

Configure Client Settings

On your PC use the Web Platform Installer to install IIS Manager for Remote Administration.

http://www.iis.net/downloads/microsoft/iis-manager

image

 

Once IIS Manager is installed on your PC then you can try connecting to the site. Simply right-click on the globe icon under Connections and then select Connect to a Site.

image

 

Enter the server address where your site is hosted and the site name.

image

 

Enter the username and password for authentication.

image

 

Click Finish and then you’ll see your site in IIS Manager.

image

 

If you look at the bottom right of the window you’ll see that you’ve connected securely to the remote site.

image

 

Summary

This walkthrough has covered how to install and configure Remote Administration on IIS 8 as well as using the Web Platform Installer to install the IIS Manager for Remote Administration on your PC.  Check with your Windows shared hosting provider if you have any difficulty connecting to your site. Depending your hosting providers delegation settings certain IIS features may not be enabled for remote administration. Thanks for reading.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Feb 092013
 

In 2011 the FTP protocol had it’s 40 birthday. Despite it’s age it is still a widely used file transfer technology however it wasn’t originally designed for encryption. It has been shown to be vulnerable to brute force attacks, packet capture, and spoof attacks as well as a few other attack vectors. Now with IIS 8 on Windows Server 2012 encrypting an FTP session has never been easier. Using the IIS Manager with just a few clicks you can enable FTPS also known as FTP Over SSL on your site and take advantage of encrypted communication. In this walkthrough I am going to configure FTPS on IIS 8 using my personal SSL certificate which I obtained from a 3rd party SSL vendor. I am not going to cover how to install an SSL certificate. To get started launch IIS Manager from the Start Screen.

image

 

Once IIS Manger is open we first need to add FTP Publishing to our site. This is straight forward and can be completed in mere moments. To do this right click on your site and select Add FTP Publishing. The Add FTP Site Publishing wizard will launch taking us through the few remaining steps.

image

 

There are a few options which need to be configured. Select the IP address you want to use for the site. Under the SSL setting, select if you want to allow connections without SSL or force every connection to use it. For the highest level of security you’ll want to select Require SSL. Next pick the SSL certificate that you want to use for the encryption. Click Next to continue.

image

 

Now we’re going to configure the Authentication and Authorization settings. Check Basic Authentication and leave Anonymous Authentication unchecked. Under Authorization you can specify local users and groups that are allowed to access the site. On my test server I have a user called “ftpuser2” and we want Read and Write permissions enabled. Click Finish and then the window will close. FTP Publishing has been added to the site. Next we’ll need to configure the FTP client before we can connect.

image

 

Configuring your FTP client for FTP over SSL is just a matter of changing the protocol type in your client settings.  First I’ll do a test without making any client changes. In the previous step I choose to force all connections to use FTPS so we should get an error of some kind. Sure enough as seen in the FTP log below, the server forcibly closes the connection when it detects that we’re not using FTPS.

image

 

For my FTP client I’m using an old version Cute FTP Pro so depending on which FTP client you are using your menus may look different. Below I am selecting FTP with SSL Explicit.

image

 

Now when I try to reconnect to the server I’m prompted to accept the SSL certificate before I can continue. If I do not accept the certificate then the connection will be closed.

image

 

After clicking Accept we are logged into the FTP site and are files are displayed as expected. Looking at the FTP log we see the SSL session is being established and the session is encrypted.

image

In summary, FTP is a great file transfer technology but is unencrypted in native form. Configuring FTP over SSL with IIS 8 on Windows Server 2012 is an easy and straight forward way encrypt your FTP sessions and increase your security. Thanks for reading.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Jan 302013
 

Configuring and using FTP with IIS 8 on Windows Server 2012 is very easy and straight forward. If you ever used FTP 7 that was released with Windows 2008 then the GUI will be familiar to you. An FTP virtual directory is quite handy when you need to provide an FTP user access to files which are not in their FTP root folder. If you’ve ever created one, then you know the FTP user is usually not able to physically “see” the virtual directory when they login. To get to the new folder they have to manually change the path using their FTP client. I will show you a simple trick so the virtual directory will be visible to the FTP user.

image

 

Open the IIS 8 Manger. Depending on your needs one can have FTP configured in a few different ways. Your server may have FTP publishing configured on each site for example. My test server only has 1 IP address available so I’ve configured a “master” FTP site and have FTP user access configured accordingly for each site that is being hosted. In this example I have “ftpuser2” logging into a folder called c:\domains\domain2.com. As one would expect this is the folder where the user can maintain all their web site files.

image

 

Probably one of the most common requests with web hosting is having access to the web site traffic logs. These logs are typically stored outside of the FTP path somewhere else on the web server.  On my test server they’re stored in the folder C:\wwwlogs and the logs for domain2.com are located in the folder W3SVC3. Ordinarily on a locked down web server no FTP user would ever be able to access this location.

image

 

So let’s walk through how to provide “ftpuser2” FTP access to his site’s traffic logs. In the IIS Manger right-click on the FTP user in question and then right-click again on Add Virtual Directory.

image

 

This will open the Add Virtual Directory window. Enter the Alias you want to use and browse the physical path to which you want to provide FTP access.

image

 

One additional step is to add the FTP user to the folder permissions. That is straight forward so I’m not going to walk through that. So now ftpuser2 has the necessary permissions to read the log files in the W3SVC3 folder and access them using their FTP client. So what happens when we log in via FTP? Well nothing.

image

 

Why don’t we see our new virtual directory with the traffic logs? We can see them if we manually change the path in the FTP client to /wwwlogs. But having to manually change paths is a bit of a pain. And trying to explain that to someone who may not be technical is even more complicated. So what’s the solution?

image

The solution is to create an empty folder in the root of the FTP user’s FTP path that matches the alias of our FTP virtual directory. With this dummy folder in place, when the FTP user logs in and clicks it they will automatically be redirected into the path of the virtual directory and see all the files. What’s really cool about this technique is that works with legacy versions of IIS as well as IIS 7 and IIS 8.

image

So now we’ve created a far more intuitive experience for the FTP user to access files and folders outside of their FTP root anywhere on the server –provided they have permissions to access the folder of course. I hope you’ve enjoyed this walkthrough. Thanks for reading.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Dec 142012
 

Using system.net.mail to send email messages from your web site makes life so easy.  In the old days of Classic ASP you often had to rely on 3rd party components such as AspMail from serverobjects.com or AspEmail from persists.com. While they were very capable products and are still widely used today it added an additional layer of complexity to your programming. If you ever had to move a site from one server to another there was always a risk the components were not in place which would cause problems for your users. 

With system.net.mail you know as long as .Net is installed on the server hosting your site, your code will always work no matter how many times you move your web site or change hosting providers. In it’s simplest form the snippet below is the bare minimum of code you need to send a plain text message from your asp.net application.

//create the mail message
MailMessage mail = new MailMessage();

//set the addresses
mail.From = new MailAddress("me@mycompany.com");
mail.To.Add("you@yourcompany.com");

//set the content
mail.Subject = "This is an email";
mail.Body = "this is a sample body";

//send the message
SmtpClient smtp = new SmtpClient("localhost");
smtp.Send(mail);

This works great when you are sending mail using the local SMTP server. However in certain situations you may need to send mail through a remote SMTP server. In most cases that remote server will have quite a bit of security enabled to prevent relaying and blocking spammers so the above code will not be enough for your application to send mail.

In this case you will need to send your message by authenticating on the remote server with a username and password. So how does one go about doing that with system.net.mail? Well here’s a bit a code that shows you how to do just that.

string strTo = "test@gdomain-y.com";
string strFrom="test@domain-x.com";
string strSubject="Mail Test Using SMTP Auth";
string strBody="This is the body of the message";

string userName = "xxx"; //remote mail server username
string password = "xxx"; //remote mail server pasword

MailMessage mailObj = new MailMessage(strFrom, strTo, strSubject, strBody);
SmtpClient SMTPServer = new SmtpClient("mail.mydomain.com"); //remote smtp server
SMTPServer.Credentials = new System.Net.NetworkCredential(userName, password);
try 
{ 
SMTPServer.Send(mailObj); 
Response.Write("Sent!"); 
}
 
catch (Exception ex) 
{
Response.Write(ex.ToString()); 
}

For additional examples check out the wonderful resource at http://www.systemnetmail.com. I hope this helps. Thanks for reading.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS