Quantcast
Channel: Microsoft IIS Administration
Viewing all 21 articles
Browse latest View live

Introducing the IIS Administration API

0
0

IIS is a mature technology with a large amount of configuration available. Historically the configuration of IIS has been done through WMI, Appcmd, PowerShell, and graphically through IIS Manager. All of these technologies have continued to serve their purpose, allowing users to configure the web server to meet their needs. Recently the IIS team has been working on a project to open up IIS configuration even more by creating a REST API that exposes the configuration system. This API is not meant to replace any of the existing configuration access mechanisms, but stand beside them and offer an open method for interacting with IIS. The REST API communicates with HTTPS making it accessible from any device that knows how to send a web request. This allows IIS to be configured more freely and opens the door for configuration clients that were not possible before, such as mobile applications.

Today we want to not only let everyone know that we are working on a REST API for IIS, we also want to let you see it. The API that we have created has a built in tool called the API Explorer that allows those with access to the API to browse the entire API surface. This means once you have a link to the root URL of the API you can navigate to this tool and browse all of the API that is available. Here is a picture of the API Explorer in action displaying an application pool resource.

image

Through this API Explorer you can browse the configuration resources of IIS such as authorization rules, modules, and applications. You can also delete these resources, modify them, and create new ones. We have deployed a read-only version of the API to a virtual machine in Azure to allow those who wish to explore the new API a chance to do so. The API available on this machine could be accessed via a simple HTTP client such as cURL, but for the first time experience we recommend giving the API Explorer a look to see what the tool has to offer.

Before connecting to this API let’s touch on the current authentication mechanisms that are in place to help keep it locked down. By default, the entire API is locked down with Windows authentication so that only administrators have access. This default behavior can be modified because, as is the case with many REST APIs available today, the Microsoft IIS Administration API mandates that an Access Token be sent with every request to the API. These access tokens can only be generated by Administrators on the machine that the API is installed on. In practice access tokens would be assigned to a specific user or group. For the purposes of the demo we have generated an access token for public use.

When initially connecting to the API Explorer you will see the following screen.

image

We have relaxed the requirement for windows authentication to connect to the demo API. This means the only authentication mechanism required is the access token. Once you input your access token into the input form and click connect you will have full access to the API in the API Explorer tool from your browser.

image

The API has been built with HAL (Hypertext Application Language). Utilizing HAL allows APIs to have built in discoverability. This is what the API Explorer leverages to create the clickable links that are seen. Through these links the whole API surface is available.

To access the API Explorer on the demo machine that we have deployed, visit https://jimmyca-srv2.cloudapp.net:55539.

To connect to the API, you will need this demo access token:

OgMks6N7CtZTptX2DTnLe8JvkmATOuqw1ZJnZzK1RojeYs251Wlfvg

Client examples

The API Explorer is perfect for discovering what is available from the service we are building. However, if we shift gears to other types of clients then we can demonstrate the power that we gain through the openness of a REST API. Here I give a couple of examples of how the new API allows unbiased interaction with IIS.

PowerShell

The following example uses built-in PowerShell commands to communicate with the IIS Administration API that is available on the public demo. Here we create a headers object that holds our access token for communicating with the API, then we make a request to the websites endpoint. Invoke-RestMethod returns a PowerShell object that is constructed from the JSON response returned from the API. To include HAL in the response object from the API, include the header 'Accept: application/hal+json'.

https://gist.github.com/jimmypc92/00ba9644b3966fc58a13dad80a5c7ef1

image

cURL

Using cURL, the same websites API endpoint can be accessed with the following command:

Note: The API that is hosted on the demo machine is using a self-signed certificate for encrypting HTTPS traffic. By default, cURL commands will reject communication with an untrusted certificate. This behavior is bypassed in the following command by passing the '–insecure' parameter.

curl --insecure https://jimmyca-srv2.cloudapp.net:55539/api/webserver/websites --header "X-Authorization: Bearer OgMks6N7CtZTptX2DTnLe8JvkmATOuqw1ZJnZzK1RojeYs251Wlfvg" --header "Accept: application/json"

C# HttpClient

The following gist has an example utilizing the .NET HttpClient to communicate with the API.

https://gist.github.com/jimmypc92/254d5315b861ab53a9ba12033169f9e5


IIS Administration System Architecture Overview

0
0

Image

The Administration API for IIS was developed as an ASP.Net Core application. This allowed us to take advantage of the Web API conventions that the MVC framework offered. This application has to be accessible at all times to allow users to be able to configure IIS whenever necessary, therefore we needed it to run as a service. Hostable Web Core (HWC) is a technology that allows a consumer to have an in-process version of IIS available to them. When HWC gets loaded in, the process has access to all the capabilities that the full IIS offers. We took advantage of HWC to enable behavior quintessential to the success of the API such as windows authentication, logging, and SSL bindings.

The architecture that we use allows the API to be self hosted as a windows service. The configuration changes to IIS do not affect the behavior of the service that is using HWC, because HWC uses its own applicationHost.config file.

This micro service is being developed to support IIS 7.5 and above including Nano Server for Windows Server 2016. It will run on the IIS machine that the user wishes to configure/monitor. The release schedule for the IIS Administration API is not bound to the Windows release schedule but we will set logical milestones based on future technologies. Currently the service is installed using a PowerShell script, but the methodology for installing the service has not yet been finalized.

Microsoft IIS Administration Preview

0
0

Previously we announced that we are developing a new REST API for administering IIS. Now, the Microsoft IIS Administration API is having its first preview release. The preview can be obtained by visiting https://manage.iis.net.

Getting started with https://manage.iis.net

The application located at https://manage.iis.net has been designed to allow you to control any of your IIS machines running the administration API. This manager can be accessed from anywhere, which means now you will be able to monitor IIS from your mobile device if you wish. The site is currently in preview and we will be adding more features in the near future. After reaching the site for the first time you will be greeted by a welcome screen. This screen allows you to download the administration API which the site needs to run. To get the API click the download button and follow along with the installer. Otherwise, if you already have the API installed you can skip the download and go directly to the connection screen.

The welcome screen

Installing the API

The first requirement to installing the Microsoft IIS Administration API is having IIS enabled. Secondly, the API requires .NET Core to be installed. Please make sure to enable IIS before installing .NET Core in order to receive the ASP.NET Core Module.

The install time varies depending on whether or not certain IIS features are already enabled. If IIS Windows Authentication and IIS Hostable Web Core are not enabled, the installer will enable them for you which can take a few minutes.

Connecting

After the API is installed a connection must be created to begin using it from https://manage.iis.net. By default, the connection screen is already filled out for connecting to the local machine. The only step left is specifying an access token. Click the “Get Access Token” link to open the API view and generate an access token for connecting. The access token will need to be entered in the “Access Token” field of the connection form, then you can click connect to begin using the web based manager.

By default only members of the Administrators group and IIS Administrators group have access to configure IIS using the Microsoft IIS Administration API. The browser may prompt you to enter your windows credentials whenever connecting.

image

Connecting to localhost

generating-token

Generating an Access Token

Once the connection is created the home page of the web manager is displayed. Currently the home page has a list of all the sites registered in IIS. In the future we plan to add monitoring and dashboard tabs as well. Clicking on a site will allow you to configure it and clicking the “Server Manager” button will bring you to settings for the entire webserver.

image

The web sites view at https://manage.iis.net

We are currently working on the documentation for the API and will update the blog when a link to the documentation is available. In the meantime the built-in API Explorer that comes with the Microsoft IIS Administration API is a perfect way to find out how the API exposes itself. This built in view can be accessed by browsing to https://localhost:55539 after installing the API. We discussed this tool in https://blogs.iis.net/adminapi/introducing-the-iis-administration-api.

Below is a video that we put together to introduce the next generation of Microsoft IIS Administration. Here we can see the built-in API Explorer and https://manage.iis.net in action. As mentioned in the video, the API is open source and is located at https://github.com/Microsoft/IIS.Administration.

Microsoft IIS Administration, A New Way to Manage IIS

Microsoft IIS Administration on Nano Server

0
0

One of the driving forces behind the development of the IIS Administration API was Nano Server, a new headless variant of Windows Server 2016. This API allows us to provide a web based management UI. This post will cover the experience of getting IIS Administration up and running on Nano Server. For this example we’ll be using a Nano Server TP5 machine hosted in Azure.

Enabling IIS

The first step to installing IIS Administration on a Nano machine is to make sure that the server has IIS enabled. We can enable IIS through the use of a package provider. First we must install the package provider, then install IIS, and finally restart the machine. We achieve this with the following PowerShell commands.

# Version of Nano Server used for this demo
[<NanoServerIPAddress>]: PS C:\> [System.Environment]::OSVersion
# Platform Version
# -------- -------
#   Win32NT 10.0.14300.0


Install-PackageProvider NanoServerPackage -RequiredVersion 0.1.1.0
Import-PackageProvider NanoServerPackage
Install-NanoServerPackage -Name Microsoft-NanoServer-Storage-Package
Install-NanoServerPackage -Name Microsoft-NanoServer-IIS-Package
# WARNING: Restart is needed to complete installation
Restart-Computer –Confirm

Verify

We can verify that IIS is installed and running on the machine by executing the following command.

Get-Service W3SVC | Select Status
# Status
# ------
# Running

Installing .NET Core

In order to run IIS Administration, the machine must be set up to host .NET Core applications. There is a tutorial for installing .NET Core tailored specifically for Nano Server available at https://docs.asp.net/en/latest/tutorials/nano-server.html#installing-the-asp-net-core-module-ancm. The relevant sections are “Installing the ASP.NET Core Module (ANCM)” and “Installing .NET Core Framework.”

Copying the ASP.NET Core Module

To make copying the ASP.NET Core Module to the Nano Server machine easier, use the Copy-Item command combined with a PowerShell session.

$s = New-PSSession -ComputerName "<NanoServerIPAddress>" -UseSSL -Credential "<hostname>\Administrator"
Copy-Item C:\windows\system32\inetsrv\aspnetcore.dll -Destination c:\windows\system32\inetsrv\ -ToSession $s
Copy-Item C:\windows\system32\inetsrv\config\schema\aspnetcore_schema.xml -Destination C:\windows\system32\inetsrv\config\schema\ -ToSession $s

Nano Server TP5 Workaround

.NET Core has a known issue on Nano Server TP5 that is discussed at https://docs.asp.net/en/latest/tutorials/nano-server.html#known-issue-running-net-core-cli-on-nano-server-and-workaround. Any TP5 Nano Server machine will be affected by this issue. Assuming that dotnet was installed to C:\Program Files\dotnet, the following script will perform the workaround.

$DotnetCoreVersion = "1.0.0"
$DotnetInstallPath = "C:\Program Files\dotnet"
$suffix = Join-Path "shared\Microsoft.NETCore.App" $DotnetCoreVersion
Copy-Item C:\Windows\System32\forwarders\*.dll $(Join-Path $DotnetInstallPath $suffix)

Adding .NET Core to Path

At this point .NET Core should be installed on the machine. Next we want to put the dotnet executable on the path so that .NET Core applications can be loaded by IIS without any manual intervention.

Note: Take caution when altering the PATH environment variable. This script stores the old value of the PATH environment variable for safe keeping.

# Assuming dotnet was placed at C:\Program Files\dotnet
$env:Path | Out-File "C:\PathBeforeDotNet.txt"
setx PATH "$($env:Path);C:\Program Files\dotnet" /m
# Restart computer to update path in IIS. Services' environments are not updated until system restart.
Restart-Computer –Confirm

Verify

At this stage we should verify that .NET Core has been added to the path correctly. We can do this by executing the following command.

Get-Command 'dotnet'
# Application  dotnet.exe  1.0.1.4500  C:\Program Files\dotnet\dotnet.exe

Then we can ensure that .NET Core is installed correctly by running the dotnet executable. Below is a snippet of the output of dotnet when executed alone.

dotnet
# Microsoft .NET Core Shared Framework Host
#   Version  : 1.0.1
#   Build    : cee57bf6c981237d80aa1631cfe83cb9ba329f12
# Usage: dotnet [common-options] [[options] path-to-application]

Opening the Firewall for Remote Administration

We want the API to be accessible by remote machines, therefore we need to allow it through the firewall. The default port is 55539 and we can open it up using PowerShell.

New-NetFirewallRule -Name "IIS Administration" -DisplayName "Allow IIS Administration on TCP/55539" -Protocol TCP -LocalPort 55539 -Action Allow -Enabled True

Installing the Microsoft IIS Administration API

The API can be obtained as a ZIP archive from https://github.com/Microsoft/IIS.Administration/releases/download/v1.0.36/IIS.Administration.zip. In this format, the API can be installed via a PowerShell script. Run this script to automatically download the archive and extract it to C:\IIS.Adminstration.

Download the Archive

$SourcePath = "https://github.com/Microsoft/IIS.Administration/releases/download/v1.0.36/IIS.Administration.zip"
$DestinationPath = "C:\IIS.Administration"
$EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId
if (($EditionId -eq "ServerStandardNano") -or
     ($EditionId -eq "ServerDataCenterNano") -or
     ($EditionId -eq "NanoServer") -or
     ($EditionId -eq "ServerTuva")) {
     $TempPath = [System.IO.Path]::GetTempFileName()
     if (($SourcePath -as [System.URI]).AbsoluteURI -ne $null)
     {
         $handler = New-Object System.Net.Http.HttpClientHandler
         $client = New-Object System.Net.Http.HttpClient($handler)
         $client.Timeout = New-Object System.TimeSpan(0, 30, 0)
         $cancelTokenSource = [System.Threading.CancellationTokenSource]::new()
         $responseMsg = $client.GetAsync([System.Uri]::new($SourcePath), $cancelTokenSource.Token)
         $responseMsg.Wait()
         if (!$responseMsg.IsCanceled)
         {
             $response = $responseMsg.Result
             if ($response.IsSuccessStatusCode)
             {
                 $downloadedFileStream = [System.IO.FileStream]::new($TempPath, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write)
                 $copyStreamOp = $response.Content.CopyToAsync($downloadedFileStream)
                 $copyStreamOp.Wait()
                 $downloadedFileStream.Close()
                 if ($copyStreamOp.Exception -ne $null)
                 {
                     throw $copyStreamOp.Exception
                 }
             }
         }
     }
     else
     {
         throw "Cannot copy from $SourcePath"
     }
     [System.IO.Compression.ZipFile]::ExtractToDirectory($TempPath, $DestinationPath)
     Remove-Item $TempPath
}

Install

Once the archive has been downloaded, assuming the default location was used, you can install the IIS Administration API by running the included setup script.

C:\IIS.Administration\setup\setup.ps1 Install –Verbose –SkipVerification

Microsoft IIS Administration Preview 1.0.38: Introducing the Files API

0
0

The Microsoft IIS Administration API is making IIS administration simpler than ever before. If you are unfamiliar with the API, check out our earlier post for an introduction.

With our previous preview release of the IIS Administration API we gave a sneak-peek of a new way for administrators to remotely manage their IIS machines. The API paired up with the web UI at manage.iis.net provides a method to administer IIS from the browser regardless of the machine that one is utilizing. We have been grateful for all the feedback that has been given to us and are constantly working to make this tool what IIS users want. One consistent piece of feedback that we were getting was that although the API provided a method to remotely configure IIS, users still had to find alternate methods to connect to the machine to deploy/update files. Since the last preview release of the IIS Administration API, exciting changes have been made. We have added a file system API that enables consumers to manage the files that are essential to the proper function of their web servers. 

File System API capabilities:

  • Browse the file system on the machine, including metadata for files and folders
  • Create, edit or delete files and folders
  • Upload files in one request or upload in chunks via HTTP content-range requests
  • Download files in one request or download in chunks via HTTP range requests
  • Create temporary download links for files that allow the file to be downloaded via a browser
  • Browse the virtual file structure of a website including applications and virtual directories
  • Copy/move files and folders
  • Restrict the API's access to the file system via the application settings file.

File API Root

The entry endpoint for the files API is /api/files. This endpoint lists a set of directories which act as roots to the file system. Only files and folders under these directories are accessible. This set of root directories is configurable in the application settings file (appsettings.json). By default the only access allowed to the file system is read access to paths beginning with %systemdrive%\inetpub. Attempting to access a directory that is not under a location listed in the files settings will result in an HTTP 403 (Forbidden) response. The appsettings.json file can be found at C:\Program Files\IIS Administration\<Installed Version>\Microsoft.IIS.Administration\config\appsettings.json.

Adding file system privileges in appsettings.json

{
.
.
.
"files": {
"locations": [
{
"alias": "Inetpub",
"path": "%systemdrive%\\inetpub",
"claims": [
"read",
"write"
]
}
]
}
}

Using the previous appsettings.json snippet will yield the following result when requesting the /api/files endpoint. GET /api/files

{
"files": [
{
"name": "inetpub",
"id": "{id}",
"type": "directory",
"physical_path": "C:\\inetpub"
}
]
}

The File Resource

Consumers of the files API will have access to the new file resource. The file resource is used to represent both files and directories. The two can be distinguished by reading their type property. If the resource type is a file, then the content will be available from the api at /api/files/content/{id}. If the resource type is a directory, then the children of the directory can be listed at /api/files?parent.id={id}. These links are available through the _links property of the resource. 

File resource

{
    "name": "iisstart.png",
    "id": "{id}",
    "type": "file",
    "physical_path": "C:\\inetpub\\wwwroot\\iisstart.png",
    "exists": "true",
    "size": "98757",
    "created": "2017-01-09T18:08:33.5130112Z",
    "last_modified": "2017-01-09T17:48:13.6180477Z",
    "last_access": "2017-01-09T17:48:13.6180477Z",
    "e_tag": "1d26aa08c67ed45",
    "parent": {
        "name": "wwwroot",
        "id": "{id}",
        "type": "directory",
        "physical_path": "C:\\inetpub\\wwwroot"
    },
    "claims": [
        "read",
        "write"
    ],
"_links": {
    "content": {
        "href": "/api/files/content/{id}"
    },
    "copy": {
        "href": "/api/files/copy"
    },
    "downloads": {
        "href": "/api/files/downloads"
    },
    "move": {
        "href": "/api/files/move"
    }
} }

Editing a File

There are two things that come up when discussing editing a file. The first is editing the metadata of the file. This includes properties such as the last modified and creation dates. Editing file and folder metadata via the API is similar to all other resources. A PATCH request sent to the file resource at /api/files/{id} with the desired state will update the file. The second method of editing a file is altering the file content. The content of a file can be altered by sending a PUT request to the content link for the file at /api/files/content/{id}. The PUT request should send a raw byte stream as the request body which will become the new content of the file. This operation also supports the HTTP 'Content-Range' header to enable altering only a section of a given file.

Editing the second 500 bytes of a 1000 byte file using a PUT request with the content-range header

    PUT /api/files/content/{id}
    Access-Token: Bearer {Access-Token}
    Content-Range: bytes 500-999/1000
    Content-Length: 500
Content-Type: application/octet-stream

Creating a File

Creating a file is done by submitting a POST request to the /api/files endpoint. When creating a file the user must specify the desired name, type, and parent of the file.

Creating a file. POST /api/files

{
"name": "MyFile.txt",
"type": "file",
"parent": {
"id": {id}
}
}

Moving/Copying a File

Move and copy operations are performed by sending a POST request to the /api/files/move and /api/files/copy endpoints respectively. When one creates a move or copy operation, a progress resource is returned that indicates the progress of the operation. This resource can be requested over and over in order to await completion of the operation.

Copying a file (file) to a another directory (parent). POST /api/files/copy

{
"name": "myOptionalName.txt",
"file": {
"id": {sourceId}
},
"parent": {
"id": {destinationId}
}
}

Creating a Download Link

The simplest way to download a file is through the files content resource at /api/files/content/{id}. The drawback of this endpoint is that it requires an access token so there is no way to perform standardized downloads from clients like a browser. To enable this behavior the API provides a way to create temporary download links that can be used to download a specific file. A download link can be created by sending a POST request to the /api/files/downloads endpoint that specifies which file should be made available and optionally how long it should live. The default lifetime of a download link is five seconds.

Creating a temporary download link for a file. POST /api/files/downloads

{
"file": {
"id": {id}
},
"ttl": {optional time-to-live in milliseconds}
}

Web Server File Resource

One of the powerful features of IIS is the ability to create virtual file hierarchies through the use of applications and virtual directories. For example, a web site may have access to directories that do not exist directly under the web site's directory on the file system. Understanding the virtual file structure of a web site is critical to ensuring that the web site behaves as expected. We have developed an API endpoint that exposes this virtual file structure at /api/webserver/files. This endpoint treats websites as the root of a virtual file system. All files under this route have paths that are relative to the web site and they indicate which web site they belong to. These web file resources are similar to the resources found under /api/files except they are read only and meant for navigating the virtual file hierarchy. To manipulate the resources found under the web server files route, one can use the file_info property which is a reference to the /api/file resource for that web file.

Web Server File Resource

{
    "name": "iisstart.png",
    "id": "{id}",
    "type": "file",
    "path": "/iisstart.png",
    "parent": {
        "name": "",
        "id": "{id}",
        "type": "application",
        "path": "/"
    },
    "website": {
        "name": "Default Web Site",
        "id": "{id}",
        "status": "started"
    },
    "file_info": {
        "name": "iisstart.png",
        "id": "{id}",
        "type": "file",
        "physical_path": "C:\\inetpub\\wwwroot\\iisstart.png"
    }
}

Files UI

This new API surface provides the foundation to enable many new types of tools including user interfaces, deployment scripts, and file transfer systems. We have already developed a file UI built in to manage.iis.net that provides an experience similar to other file explorers. Users who obtain the newest preview release of the API will notice a files tab in the web site viewer the next time they visit manage.iis.net. This file explorer has many features such as breadcrumb navigation, text navigation, forward and back button integration, drag and drop support, and others. We even have plans to add a built-in file editor that will allow you to make changes to files as needed.

File System UI capabilities:

  • Browse the virtual file hierarchy rooted at a web site.
  • Copy multiple files at once using the upload button.
  • Copy files via drag and drop.
  • Select multiple folders using ctrl+click, shift+click, and ctrl+a.
  • Navigate using breadcrumbs, typing virtual paths, or using forward and back buttons.
  • Create, rename, and delete files and folders.

Creating a folder, uploading, and moving files in the new file explorer at manage.iis.net

Access Required

The file API comes with restricted file system access. A clean installation will only be able to read files from the directory %systemdrive%\inetpub (C:\inetpub in most cases). Attempting to access directories outside of this location or attempting to perform write operations will display an 'Access Denied' message. To avoid the access errors make sure to allow access to all desired file system locations in the appsettings.json file.

Attempting to perform a read/write operation without the required privileges.

Breaking Changes

Creating web sites, applications and virtual directories now requires read access for the target directory. With the addition of settings to restrict access to the file system, all parts of the API that previously interacted with physical paths have been affected. This means that on a clean installation of the API sites, applications, and virtual directories can only be created in %systemdrive%\inetpub. This change also effects logging, compression, and any other IIS feature that has the capability to set a target directory.

Attempting to create a site in a directory that does not have read access.

Obtaining Microsoft IIS Administration Preview 1.0.38

The best way to obtain the IIS Administration API is from manage.iis.net/get. We wrote about how to install the API and connect to the web UI in a previous blog post.

Microsoft IIS Administration Docs Now Available

0
0

Microsoft IIS Administration Docs: https://docs.microsoft.com/en-us/iis-administration/

Last week we saw the unveiling of new file endpoints for Microsoft IIS Administration. Now we have documentation available for the API and the tools that come with it. The new unified documentation platform at https://docs.microsoft.com allows us to be more agile as the product develops. It also gives us the opportunity to open source our documentation which can be found at https://github.com/microsoft/iis.administration-docs. As the product grows, the documentation will grow along side it.

HTTP Request Tracing Viewer and File Explorer Enhancements

0
0

Via Microsoft IIS Administration Preview 1.0.39

The Microsoft IIS Administration API is making IIS administration simpler than ever before. If you are unfamiliar with the API, check out our earlier post for an introduction.

Our previous release of the Microsoft IIS Administration API introduced the file system API along with an update to the UI at manage.iis.net. This new API has allowed users to remotely manage the content on their servers necessary for their web sites to operate. With the newest release of the API we wanted to improve upon HTTP Request Tracing, a feature of IIS that is very valuable when diagnosing performance and behavioral issues. We also went further with the file UI by adding a central file explorer that is not tied down to a web site. In addition to the central file explorer, we have integrated a text editor into manage.iis.net that allows editing of files on the server. The editor is a perfect tool for quick edits to a web.config or static files.

HTTP Request Traces 

HTTP Request Tracing is a feature of IIS that allows trace files to be collected for requests that meet a configured criteria. We have enhanced the HTTP Request Tracing API and provided a traces endpoint that provides metadata for the traces collected from the feature. We also added documentation for the new API endpoint.

Note: The IIS request tracing feature is not enabled by default. Our next release of the API will enable the installation and uninstallation of optional IIS features. For this release, request tracing can be enabled in Control Panel > Programs > Turn Windows Features On Off, or with the following PowerShell command.

Enable-WindowsOptionalFeature -Online -FeatureName "IIS-HttpTracing"

Request Trace API /api/webserver/request-tracing/traces/{trace-id}

{
    "id": "{trace-id}",
    "url": "http://localhost:80/",
    "method": "GET",
    "status_code": "200",
    "date": "2017-03-07T16:18:21.6245559-08:00",
    "time_taken": "32",
    "process_id": "2604",
    "activity_id": "{8000000B-0001-FE00-B63F-84710C7967BB}",
    "file_info": {
        "name": "fr000001.xml",
        "id": "{file-id}",
        "type": "file",
        "physical_path": "C:\\inetpub\\logs\\FailedReqLogFiles\\W3SVC1\\fr000001.xml"
    },
    "request_tracing": {
        "id": "ASPUCsVBB45y6a748y7brQ",
        "scope": "Default Web Site/"
    }
}

Http Request Tracing UI

Alongside the HTTP Request Tracing API changes, we enhanced the UI at manage.iis.net. With the new API endpoint we can display information regarding all the trace logs that have been collected for a web site. Clicking on a trace will open the log in a new tab allowing for quick selecting and viewing.

File UI Enhancements

The web UI at has been updated to take more advantage of the features offered by the Microsoft IIS Administration API. The new additions to the UI include a File Editor and a central file explorer.

File Editor

In the previous version of the file UI, clicking on a folder would navigate into the folder and clicking on a file would do nothing. With the new update, clicking on a file will now update the file for editing. Only text files are supported for editing. When a file is opened, a built in editor will appear that can be used to modify the file and also view a diff of the editor's version of the file and the server version.

   

Central File UI

In the previous version of the UI users were restricted to viewing files that belonged to a web site. The new update brings a central file UI that can be used to browse any path on the file system as long as permission is granted bythe API that the user is connected to. The central file UI has a virtual root folder that is populated by the file system location's specified in the settings of the API. The name of the folders in the virtual root folder is the alias as specified in the API's configuration, and if no alias is provided then it is simply the folder name.

Given the following file settings (appsettings.json)

"files": {
"locations": [
{
"alias": "",
"path": "%systemdrive%\\inetpub",
"claims": [
"read",
"write"
]
},
{
"alias": "Debug",
"path": "%systemdrive%\\applications\\testing",
"claims": [
"read",
"write"
]
}
]
}

The following will display at the root of the central file UI.

Central Certificate Store Support and Certificate Improvements

0
0

Via Microsoft IIS Administration 1.1.0

The Microsoft IIS Administration API is now Generally Available! If you are unfamiliar with the API, check out our earlier post for an introduction.

The capabilities of the IIS Administration API have grown as we strive to incorporate the feedback we receive into the product. The newest release of the IIS Administration API addresses one major request from the community by providing support for managing the IIS Central Certificate Store, as well as support for certificate stores other than MY. To go along with the support for additional stores, enhancements have been made to the the certificate API. These improvements are important milestones for the IIS Administration API as it evolves into a key tool for managing not only a single IIS instance, but an entire farm of web servers.

Central Certificate Store

The Central Certificate Store (CCS) is a feature of IIS that vastly improves managability of certificates. Clasically IIS relied on certificates being on the local machine. With the CCS an administrator can set up a file share containing all the necessary certificates for a web hosting environment and configure multiple machines to use them. Now this essential feature can be configured from the new CCS endpoint.

Central Certificate Store API /api/webserver/centralized-certificates/{id}

{
    "id": "{id}",
    "path": "{Physical path of certificate share}",
    "identity": {
"username": "{CCS-User}"
// "password", a write-only field in which the password is specified for the CCS User
}
// "private_key_password", a write-only field in which specifies the password needed to read the private keys in CCS
}

CCS Web UI

The web management interface at manage.iis.net has been updated to take advantage of the new CCS API. When visiting the Web Server level with IIS Administration 1.1.0 installed, a new Central Certificate Store tab will be available. From this tab the CCS feature can be installed and enabled on the machine.

Web Hosting Store Support

Along with our addition to support for the central certificate store, we have provided support for Windows certificate stores other than my. Now the certificates API will include the certificates that are present in the Web Hosting certificate store which is designed to help improve the performance of IIS and keep web server related certificates separate from other types. A new certificate stores API endpoint was added to retrieve the certificate stores that are available. By default these stores are limited to the My and Web Hosting stores, however additional stores can be provided through configuration. Also, if CCS is enabled it will also display in the new certificate stores endpoint.

Certificate Stores API /api/certificates/stores

{
"stores": [
{
"name": "My",
"id": "{store-id}",
"_links": {
"self": {
"href": "/api/certificates/stores/{store-id}"
}
}
},
{
"name": "WebHosting",
"id": "{store-id}"
// _links removed
},
{
"name": "IIS Central Certificate Store",
"id": "{store-id}",
// _links removed
}
]
}

Certificate API Updates

The improvements reguarding certificates marked a good time to update the certificate resource. These updates provide necessary information that were originally missing, such as subject alternative names. Fields that provided little to no value were removed, such as the name field. Additionally, certificate API now supports the HTTP Range header, allowing a subset of the total certificates to be requested.

The Updated Certificate Resource


{
"alias": "My Self Signed Certificate",
"id": "{id}",
"issued_by": "CN=localhost",
"subject": "CN=localhost",
"thumbprint": "1E927A29E966FA11A7C469BC565A9E00B11F5F95",
"signature_algorithm": "sha256RSA",
"valid_from": "2017-04-12T11:26:26Z",
"valid_to": "2019-04-12T11:26:26Z",
"version": "3",
"intended_purposes": [
"Client Authentication",
"Server Authentication"
],
"private_key": {
"exportable": "false"
},
"subject_alternative_names": [
"DNS Name=localhost",
"DNS Name=my-work-pc"
],
"store": {
"name": "My",
"id": "{store-id}",
"_links": {
"self": {
"href": "/api/certificates/stores/{store-id}"
}
}
}
}

New Certificate List View

The UI at manage.iis.net now has a certificates list view at the web server level. This provides a method to view all the certificates that the API has access to. These are the same certificates that are avaiable to use when creating web sites with HTTPS bindings.


Introducing the IIS Administration API

0
0

IIS is a mature technology with a large amount of configuration available. Historically the configuration of IIS has been done through WMI, Appcmd, PowerShell, and graphically through IIS Manager. All of these technologies have continued to serve their purpose, allowing users to configure the web server to meet their needs. Recently the IIS team has been working on a project to open up IIS configuration even more by creating a REST API that exposes the configuration system. This API is not meant to replace any of the existing configuration access mechanisms, but stand beside them and offer an open method for interacting with IIS. The REST API communicates with HTTPS making it accessible from any device that knows how to send a web request. This allows IIS to be configured more freely and opens the door for configuration clients that were not possible before, such as mobile applications.

Today we want to not only let everyone know that we are working on a REST API for IIS, we also want to let you see it. The API that we have created has a built in tool called the API Explorer that allows those with access to the API to browse the entire API surface. This means once you have a link to the root URL of the API you can navigate to this tool and browse all of the API that is available. Here is a picture of the API Explorer in action displaying an application pool resource.

image

Through this API Explorer you can browse the configuration resources of IIS such as authorization rules, modules, and applications. You can also delete these resources, modify them, and create new ones. We have deployed a read-only version of the API to a virtual machine in Azure to allow those who wish to explore the new API a chance to do so. The API available on this machine could be accessed via a simple HTTP client such as cURL, but for the first time experience we recommend giving the API Explorer a look to see what the tool has to offer.

Before connecting to this API let’s touch on the current authentication mechanisms that are in place to help keep it locked down. By default, the entire API is locked down with Windows authentication so that only administrators have access. This default behavior can be modified because, as is the case with many REST APIs available today, the Microsoft IIS Administration API mandates that an Access Token be sent with every request to the API. These access tokens can only be generated by Administrators on the machine that the API is installed on. In practice access tokens would be assigned to a specific user or group. For the purposes of the demo we have generated an access token for public use.

When initially connecting to the API Explorer you will see the following screen.

image

We have relaxed the requirement for windows authentication to connect to the demo API. This means the only authentication mechanism required is the access token. Once you input your access token into the input form and click connect you will have full access to the API in the API Explorer tool from your browser.

image

The API has been built with HAL (Hypertext Application Language). Utilizing HAL allows APIs to have built in discoverability. This is what the API Explorer leverages to create the clickable links that are seen. Through these links the whole API surface is available.

To access the API Explorer on the demo machine that we have deployed, visit https://jimmyca-srv2.cloudapp.net:55539.

To connect to the API, you will need this demo access token:

OgMks6N7CtZTptX2DTnLe8JvkmATOuqw1ZJnZzK1RojeYs251Wlfvg

Client examples

The API Explorer is perfect for discovering what is available from the service we are building. However, if we shift gears to other types of clients then we can demonstrate the power that we gain through the openness of a REST API. Here I give a couple of examples of how the new API allows unbiased interaction with IIS.

PowerShell

The following example uses built-in PowerShell commands to communicate with the IIS Administration API that is available on the public demo. Here we create a headers object that holds our access token for communicating with the API, then we make a request to the websites endpoint. Invoke-RestMethod returns a PowerShell object that is constructed from the JSON response returned from the API. To include HAL in the response object from the API, include the header 'Accept: application/hal+json'.

https://gist.github.com/jimmypc92/00ba9644b3966fc58a13dad80a5c7ef1

image

cURL

Using cURL, the same websites API endpoint can be accessed with the following command:

Note: The API that is hosted on the demo machine is using a self-signed certificate for encrypting HTTPS traffic. By default, cURL commands will reject communication with an untrusted certificate. This behavior is bypassed in the following command by passing the '–insecure' parameter.

curl --insecure https://jimmyca-srv2.cloudapp.net:55539/api/webserver/websites --header "X-Authorization: Bearer OgMks6N7CtZTptX2DTnLe8JvkmATOuqw1ZJnZzK1RojeYs251Wlfvg" --header "Accept: application/json"

C# HttpClient

The following gist has an example utilizing the .NET HttpClient to communicate with the API.

https://gist.github.com/jimmypc92/254d5315b861ab53a9ba12033169f9e5

IIS Administration System Architecture Overview

0
0

Image

The Administration API for IIS was developed as an ASP.Net Core application. This allowed us to take advantage of the Web API conventions that the MVC framework offered. This application has to be accessible at all times to allow users to be able to configure IIS whenever necessary, therefore we needed it to run as a service. Hostable Web Core (HWC) is a technology that allows a consumer to have an in-process version of IIS available to them. When HWC gets loaded in, the process has access to all the capabilities that the full IIS offers. We took advantage of HWC to enable behavior quintessential to the success of the API such as windows authentication, logging, and SSL bindings.

The architecture that we use allows the API to be self hosted as a windows service. The configuration changes to IIS do not affect the behavior of the service that is using HWC, because HWC uses its own applicationHost.config file.

This micro service is being developed to support IIS 7.5 and above including Nano Server for Windows Server 2016. It will run on the IIS machine that the user wishes to configure/monitor. The release schedule for the IIS Administration API is not bound to the Windows release schedule but we will set logical milestones based on future technologies. Currently the service is installed using a PowerShell script, but the methodology for installing the service has not yet been finalized.

Microsoft IIS Administration Preview

0
0

Previously we announced that we are developing a new REST API for administering IIS. Now, the Microsoft IIS Administration API is having its first preview release. The preview can be obtained by visiting https://manage.iis.net.

Getting started with https://manage.iis.net

The application located at https://manage.iis.net has been designed to allow you to control any of your IIS machines running the administration API. This manager can be accessed from anywhere, which means now you will be able to monitor IIS from your mobile device if you wish. The site is currently in preview and we will be adding more features in the near future. After reaching the site for the first time you will be greeted by a welcome screen. This screen allows you to download the administration API which the site needs to run. To get the API click the download button and follow along with the installer. Otherwise, if you already have the API installed you can skip the download and go directly to the connection screen.

The welcome screen

Installing the API

The first requirement to installing the Microsoft IIS Administration API is having IIS enabled. Secondly, the API requires .NET Core to be installed. Please make sure to enable IIS before installing .NET Core in order to receive the ASP.NET Core Module.

The install time varies depending on whether or not certain IIS features are already enabled. If IIS Windows Authentication and IIS Hostable Web Core are not enabled, the installer will enable them for you which can take a few minutes.

Connecting

After the API is installed a connection must be created to begin using it from https://manage.iis.net. By default, the connection screen is already filled out for connecting to the local machine. The only step left is specifying an access token. Click the “Get Access Token” link to open the API view and generate an access token for connecting. The access token will need to be entered in the “Access Token” field of the connection form, then you can click connect to begin using the web based manager.

By default only members of the Administrators group and IIS Administrators group have access to configure IIS using the Microsoft IIS Administration API. The browser may prompt you to enter your windows credentials whenever connecting.

image

Connecting to localhost

generating-token

Generating an Access Token

Once the connection is created the home page of the web manager is displayed. Currently the home page has a list of all the sites registered in IIS. In the future we plan to add monitoring and dashboard tabs as well. Clicking on a site will allow you to configure it and clicking the “Server Manager” button will bring you to settings for the entire webserver.

image

The web sites view at https://manage.iis.net

We are currently working on the documentation for the API and will update the blog when a link to the documentation is available. In the meantime the built-in API Explorer that comes with the Microsoft IIS Administration API is a perfect way to find out how the API exposes itself. This built in view can be accessed by browsing to https://localhost:55539 after installing the API. We discussed this tool in https://blogs.iis.net/adminapi/introducing-the-iis-administration-api.

Below is a video that we put together to introduce the next generation of Microsoft IIS Administration. Here we can see the built-in API Explorer and https://manage.iis.net in action. As mentioned in the video, the API is open source and is located at https://github.com/Microsoft/IIS.Administration.

Microsoft IIS Administration, A New Way to Manage IIS

Microsoft IIS Administration on Nano Server

0
0

One of the driving forces behind the development of the IIS Administration API was Nano Server, a new headless variant of Windows Server 2016. This API allows us to provide a web based management UI. This post will cover the experience of getting IIS Administration up and running on Nano Server.

Enabling IIS

The first step to installing IIS Administration on a Nano machine is to make sure that the server has IIS enabled. We can enable IIS through the use of a package provider. First we must install the package provider, then install IIS, and finally restart the machine. We achieve this with the following PowerShell commands.

# Version of Nano Server used for this demo
[<NanoServerIPAddress>]: PS C:\> [System.Environment]::OSVersion
# Platform Version
# -------- -------
#   Win32NT 10.0.14300.0

# https://github.com/OneGet/NanoServerPackage
Save-Module -Path 'C:\Program Files\WindowsPowerShell\Modules\' -Name NanoServerPackage -minimumVersion 1.0.1.0
Import-PackageProvider NanoServerPackage
Install-NanoServerPackage -Name Microsoft-NanoServer-IIS-Package
Start-Service W3SVC

Verify

We can verify that IIS is installed and running on the machine by executing the following command.

Get-Service W3SVC | Select Status
# Status
# ------
# Running

Enable Dependencies

After we have installed IIS, we can enable the IIS components that IIS Administration depends on.

Pitfall: To avoid an issue with enabling IIS components, ensure that all desired components are enabled before making any modifications to the applicationHost.config file.

# Backup applicationHost.config
Copy-Item C:\Windows\System32\inetsrv\config\applicationHost.config C:\Windows\System32\inetsrv\config\applicationHost_BeforeIisAdministration.config
# Enable required features
Enable-WindowsOptionalFeature -Online -FeatureName "IIS-WindowsAuthentication"
Enable-WindowsOptionalFeature -Online -FeatureName "IIS-URLAuthorization"
# Optionally, take the chance to enable all IIS features
# Get-WindowsOptionalFeature -Online | where {$_.FeatureName -match "IIS-" -and $_.State -eq [Microsoft.Dism.Commands.FeatureState]::Disabled} | % {Enable-WindowsOptionalFeature -Online -FeatureName $_.FeatureName}

Installing .NET Core

In order to run IIS Administration, the machine must be set up to host .NET Core applications. There is a tutorial for installing .NET Core tailored specifically for Nano Server available at https://docs.asp.net/en/latest/tutorials/nano-server.html#installing-the-asp-net-core-module-ancm. The relevant sections are “Installing the ASP.NET Core Module (ANCM)” and “Installing .NET Core Framework.”

Copying the ASP.NET Core Module

To make copying the ASP.NET Core Module to the Nano Server machine easier, use the Copy-Item command combined with a PowerShell session.

$s = New-PSSession -ComputerName "<NanoServerIPAddress>" -UseSSL -Credential "<hostname>\Administrator"
Copy-Item C:\windows\system32\inetsrv\aspnetcore.dll -Destination c:\windows\system32\inetsrv\ -ToSession $s
Copy-Item C:\windows\system32\inetsrv\config\schema\aspnetcore_schema.xml -Destination C:\windows\system32\inetsrv\config\schema\ -ToSession $s

Adding .NET Core to Path

At this point .NET Core should be installed on the machine. Next we want to put the dotnet executable on the path so that .NET Core applications can be loaded by IIS without any manual intervention.

Note: Take caution when altering the PATH environment variable. This script stores the old value of the PATH environment variable for safe keeping.

# Assuming dotnet was placed at C:\Program Files\dotnet
$env:Path | Out-File "C:\PathBeforeDotNet.txt"
setx PATH "$($env:Path);C:\Program Files\dotnet" /m
# Restart computer to update path in IIS. Services' environments are not updated until system restart.
Restart-Computer –Confirm

Verify

At this stage we should verify that .NET Core has been added to the path correctly. We can do this by executing the following command.

Get-Command 'dotnet'
# Application  dotnet.exe  1.0.1.4500  C:\Program Files\dotnet\dotnet.exe

Then we can ensure that .NET Core is installed correctly by running the dotnet executable. Below is a snippet of the output of dotnet when executed alone.

dotnet
# Microsoft .NET Core Shared Framework Host
#   Version  : 1.0.1
#   Build    : cee57bf6c981237d80aa1631cfe83cb9ba329f12
# Usage: dotnet [common-options] [[options] path-to-application]

Opening the Firewall for Remote Administration

We want the API to be accessible by remote machines, therefore we need to allow it through the firewall. The default port is 55539 and we can open it up using PowerShell.

New-NetFirewallRule -Name "IIS Administration" -DisplayName "Allow IIS Administration on TCP/55539" -Protocol TCP -LocalPort 55539 -Action Allow -Enabled True

Visual Studio 2015 C++ Redistributable

To install the VS 2015 runtime libraries on Nano Server, install it on a local machine (x64 required) and then copy it over. This process is similar to the ASP.NET Core Module. The VS 2015 x64 C++ redistributable package can be obtained from https://go.microsoft.com/fwlink/?LinkID=827997. If the VS 2015 runtime is not installed, installation of the API will fail when trying to start the service.

First, on the Nano Server machine, check if the VS 2015 runtime is already installed

Write-Host "Visual Studio 2015 C++ Redistributable already installed?"
Write-Host "$(Test-Path C:\Windows\System32\vcruntime140.dll)"

If it is not installed, install it on the local machine and copy it over

# $s = New-PSSession -ComputerName "<NanoServerIPAddress>" -UseSSL -Credential "<hostname>\Administrator"
Copy-Item C:\Windows\System32\vcruntime140.dll -Destination C:\Windows\System32\ -ToSession $s

Installing the Microsoft IIS Administration API

The API can be obtained as a ZIP archive from https://github.com/Microsoft/IIS.Administration/releases/download/v1.0.36/IIS.Administration.zip. In this format, the API can be installed via a PowerShell script. Run this script to automatically download the archive and extract it to C:\IIS.Adminstration.

Download the Archive

$SourcePath = "https://github.com/Microsoft/IIS.Administration/releases/download/v1.1.1/IIS.Administration.zip"
$DestinationPath = "C:\IIS.Administration"
$EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId
if ($EditionId -eq "ServerDataCenterNano") {
      $TempPath = [System.IO.Path]::GetTempFileName()
      if (($SourcePath -as [System.URI]).AbsoluteURI -ne $null) {
          Invoke-WebRequest -Uri $SourcePath -OutFile $TempPath
      }
      else {
          throw "Cannot copy from $SourcePath"
      }
      [System.IO.Compression.ZipFile]::ExtractToDirectory($TempPath, $DestinationPath)
      Remove-Item $TempPath
}

Install

Once the archive has been downloaded, assuming the default location was used, you can install the IIS Administration API by running the included setup script.

C:\IIS.Administration\setup\setup.ps1 Install –Verbose

Microsoft IIS Administration Preview 1.0.38: Introducing the Files API

0
0

The Microsoft IIS Administration API is making IIS administration simpler than ever before. If you are unfamiliar with the API, check out our earlier post for an introduction.

With our previous preview release of the IIS Administration API we gave a sneak-peek of a new way for administrators to remotely manage their IIS machines. The API paired up with the web UI at manage.iis.net provides a method to administer IIS from the browser regardless of the machine that one is utilizing. We have been grateful for all the feedback that has been given to us and are constantly working to make this tool what IIS users want. One consistent piece of feedback that we were getting was that although the API provided a method to remotely configure IIS, users still had to find alternate methods to connect to the machine to deploy/update files. Since the last preview release of the IIS Administration API, exciting changes have been made. We have added a file system API that enables consumers to manage the files that are essential to the proper function of their web servers. 

File System API capabilities:

  • Browse the file system on the machine, including metadata for files and folders
  • Create, edit or delete files and folders
  • Upload files in one request or upload in chunks via HTTP content-range requests
  • Download files in one request or download in chunks via HTTP range requests
  • Create temporary download links for files that allow the file to be downloaded via a browser
  • Browse the virtual file structure of a website including applications and virtual directories
  • Copy/move files and folders
  • Restrict the API's access to the file system via the application settings file.

File API Root

The entry endpoint for the files API is /api/files. This endpoint lists a set of directories which act as roots to the file system. Only files and folders under these directories are accessible. This set of root directories is configurable in the application settings file (appsettings.json). By default the only access allowed to the file system is read access to paths beginning with %systemdrive%\inetpub. Attempting to access a directory that is not under a location listed in the files settings will result in an HTTP 403 (Forbidden) response. The appsettings.json file can be found at C:\Program Files\IIS Administration\<Installed Version>\Microsoft.IIS.Administration\config\appsettings.json.

Adding file system privileges in appsettings.json

{
.
.
.
"files": {
"locations": [
{
"alias": "Inetpub",
"path": "%systemdrive%\\inetpub",
"claims": [
"read",
"write"
]
}
]
}
}

Using the previous appsettings.json snippet will yield the following result when requesting the /api/files endpoint. GET /api/files

{
"files": [
{
"name": "inetpub",
"id": "{id}",
"type": "directory",
"physical_path": "C:\\inetpub"
}
]
}

The File Resource

Consumers of the files API will have access to the new file resource. The file resource is used to represent both files and directories. The two can be distinguished by reading their type property. If the resource type is a file, then the content will be available from the api at /api/files/content/{id}. If the resource type is a directory, then the children of the directory can be listed at /api/files?parent.id={id}. These links are available through the _links property of the resource. 

File resource

{
    "name": "iisstart.png",
    "id": "{id}",
    "type": "file",
    "physical_path": "C:\\inetpub\\wwwroot\\iisstart.png",
    "exists": "true",
    "size": "98757",
    "created": "2017-01-09T18:08:33.5130112Z",
    "last_modified": "2017-01-09T17:48:13.6180477Z",
    "last_access": "2017-01-09T17:48:13.6180477Z",
    "e_tag": "1d26aa08c67ed45",
    "parent": {
        "name": "wwwroot",
        "id": "{id}",
        "type": "directory",
        "physical_path": "C:\\inetpub\\wwwroot"
    },
    "claims": [
        "read",
        "write"
    ],
"_links": {
    "content": {
        "href": "/api/files/content/{id}"
    },
    "copy": {
        "href": "/api/files/copy"
    },
    "downloads": {
        "href": "/api/files/downloads"
    },
    "move": {
        "href": "/api/files/move"
    }
} }

Editing a File

There are two things that come up when discussing editing a file. The first is editing the metadata of the file. This includes properties such as the last modified and creation dates. Editing file and folder metadata via the API is similar to all other resources. A PATCH request sent to the file resource at /api/files/{id} with the desired state will update the file. The second method of editing a file is altering the file content. The content of a file can be altered by sending a PUT request to the content link for the file at /api/files/content/{id}. The PUT request should send a raw byte stream as the request body which will become the new content of the file. This operation also supports the HTTP 'Content-Range' header to enable altering only a section of a given file.

Editing the second 500 bytes of a 1000 byte file using a PUT request with the content-range header

    PUT /api/files/content/{id}
    Access-Token: Bearer {Access-Token}
    Content-Range: bytes 500-999/1000
    Content-Length: 500
Content-Type: application/octet-stream

Creating a File

Creating a file is done by submitting a POST request to the /api/files endpoint. When creating a file the user must specify the desired name, type, and parent of the file.

Creating a file. POST /api/files

{
"name": "MyFile.txt",
"type": "file",
"parent": {
"id": {id}
}
}

Moving/Copying a File

Move and copy operations are performed by sending a POST request to the /api/files/move and /api/files/copy endpoints respectively. When one creates a move or copy operation, a progress resource is returned that indicates the progress of the operation. This resource can be requested over and over in order to await completion of the operation.

Copying a file (file) to a another directory (parent). POST /api/files/copy

{
"name": "myOptionalName.txt",
"file": {
"id": {sourceId}
},
"parent": {
"id": {destinationId}
}
}

Creating a Download Link

The simplest way to download a file is through the files content resource at /api/files/content/{id}. The drawback of this endpoint is that it requires an access token so there is no way to perform standardized downloads from clients like a browser. To enable this behavior the API provides a way to create temporary download links that can be used to download a specific file. A download link can be created by sending a POST request to the /api/files/downloads endpoint that specifies which file should be made available and optionally how long it should live. The default lifetime of a download link is five seconds.

Creating a temporary download link for a file. POST /api/files/downloads

{
"file": {
"id": {id}
},
"ttl": {optional time-to-live in milliseconds}
}

Web Server File Resource

One of the powerful features of IIS is the ability to create virtual file hierarchies through the use of applications and virtual directories. For example, a web site may have access to directories that do not exist directly under the web site's directory on the file system. Understanding the virtual file structure of a web site is critical to ensuring that the web site behaves as expected. We have developed an API endpoint that exposes this virtual file structure at /api/webserver/files. This endpoint treats websites as the root of a virtual file system. All files under this route have paths that are relative to the web site and they indicate which web site they belong to. These web file resources are similar to the resources found under /api/files except they are read only and meant for navigating the virtual file hierarchy. To manipulate the resources found under the web server files route, one can use the file_info property which is a reference to the /api/file resource for that web file.

Web Server File Resource

{
    "name": "iisstart.png",
    "id": "{id}",
    "type": "file",
    "path": "/iisstart.png",
    "parent": {
        "name": "",
        "id": "{id}",
        "type": "application",
        "path": "/"
    },
    "website": {
        "name": "Default Web Site",
        "id": "{id}",
        "status": "started"
    },
    "file_info": {
        "name": "iisstart.png",
        "id": "{id}",
        "type": "file",
        "physical_path": "C:\\inetpub\\wwwroot\\iisstart.png"
    }
}

Files UI

This new API surface provides the foundation to enable many new types of tools including user interfaces, deployment scripts, and file transfer systems. We have already developed a file UI built in to manage.iis.net that provides an experience similar to other file explorers. Users who obtain the newest preview release of the API will notice a files tab in the web site viewer the next time they visit manage.iis.net. This file explorer has many features such as breadcrumb navigation, text navigation, forward and back button integration, drag and drop support, and others. We even have plans to add a built-in file editor that will allow you to make changes to files as needed.

File System UI capabilities:

  • Browse the virtual file hierarchy rooted at a web site.
  • Copy multiple files at once using the upload button.
  • Copy files via drag and drop.
  • Select multiple folders using ctrl+click, shift+click, and ctrl+a.
  • Navigate using breadcrumbs, typing virtual paths, or using forward and back buttons.
  • Create, rename, and delete files and folders.

Creating a folder, uploading, and moving files in the new file explorer at manage.iis.net

Access Required

The file API comes with restricted file system access. A clean installation will only be able to read files from the directory %systemdrive%\inetpub (C:\inetpub in most cases). Attempting to access directories outside of this location or attempting to perform write operations will display an 'Access Denied' message. To avoid the access errors make sure to allow access to all desired file system locations in the appsettings.json file.

Attempting to perform a read/write operation without the required privileges.

Breaking Changes

Creating web sites, applications and virtual directories now requires read access for the target directory. With the addition of settings to restrict access to the file system, all parts of the API that previously interacted with physical paths have been affected. This means that on a clean installation of the API sites, applications, and virtual directories can only be created in %systemdrive%\inetpub. This change also effects logging, compression, and any other IIS feature that has the capability to set a target directory.

Attempting to create a site in a directory that does not have read access.

Obtaining Microsoft IIS Administration Preview 1.0.38

The best way to obtain the IIS Administration API is from manage.iis.net/get. We wrote about how to install the API and connect to the web UI in a previous blog post.

Microsoft IIS Administration Docs Now Available

0
0

Microsoft IIS Administration Docs: https://docs.microsoft.com/en-us/iis-administration/

Last week we saw the unveiling of new file endpoints for Microsoft IIS Administration. Now we have documentation available for the API and the tools that come with it. The new unified documentation platform at https://docs.microsoft.com allows us to be more agile as the product develops. It also gives us the opportunity to open source our documentation which can be found at https://github.com/microsoft/iis.administration-docs. As the product grows, the documentation will grow along side it.

HTTP Request Tracing Viewer and File Explorer Enhancements

0
0

Via Microsoft IIS Administration Preview 1.0.39

The Microsoft IIS Administration API is making IIS administration simpler than ever before. If you are unfamiliar with the API, check out our earlier post for an introduction.

Our previous release of the Microsoft IIS Administration API introduced the file system API along with an update to the UI at manage.iis.net. This new API has allowed users to remotely manage the content on their servers necessary for their web sites to operate. With the newest release of the API we wanted to improve upon HTTP Request Tracing, a feature of IIS that is very valuable when diagnosing performance and behavioral issues. We also went further with the file UI by adding a central file explorer that is not tied down to a web site. In addition to the central file explorer, we have integrated a text editor into manage.iis.net that allows editing of files on the server. The editor is a perfect tool for quick edits to a web.config or static files.

HTTP Request Traces 

HTTP Request Tracing is a feature of IIS that allows trace files to be collected for requests that meet a configured criteria. We have enhanced the HTTP Request Tracing API and provided a traces endpoint that provides metadata for the traces collected from the feature. We also added documentation for the new API endpoint.

Note: The IIS request tracing feature is not enabled by default. Our next release of the API will enable the installation and uninstallation of optional IIS features. For this release, request tracing can be enabled in Control Panel > Programs > Turn Windows Features On Off, or with the following PowerShell command.

Enable-WindowsOptionalFeature -Online -FeatureName "IIS-HttpTracing"

Request Trace API /api/webserver/request-tracing/traces/{trace-id}

{
    "id": "{trace-id}",
    "url": "http://localhost:80/",
    "method": "GET",
    "status_code": "200",
    "date": "2017-03-07T16:18:21.6245559-08:00",
    "time_taken": "32",
    "process_id": "2604",
    "activity_id": "{8000000B-0001-FE00-B63F-84710C7967BB}",
    "file_info": {
        "name": "fr000001.xml",
        "id": "{file-id}",
        "type": "file",
        "physical_path": "C:\\inetpub\\logs\\FailedReqLogFiles\\W3SVC1\\fr000001.xml"
    },
    "request_tracing": {
        "id": "ASPUCsVBB45y6a748y7brQ",
        "scope": "Default Web Site/"
    }
}

Http Request Tracing UI

Alongside the HTTP Request Tracing API changes, we enhanced the UI at manage.iis.net. With the new API endpoint we can display information regarding all the trace logs that have been collected for a web site. Clicking on a trace will open the log in a new tab allowing for quick selecting and viewing.

File UI Enhancements

The web UI at has been updated to take more advantage of the features offered by the Microsoft IIS Administration API. The new additions to the UI include a File Editor and a central file explorer.

File Editor

In the previous version of the file UI, clicking on a folder would navigate into the folder and clicking on a file would do nothing. With the new update, clicking on a file will now update the file for editing. Only text files are supported for editing. When a file is opened, a built in editor will appear that can be used to modify the file and also view a diff of the editor's version of the file and the server version.

   

Central File UI

In the previous version of the UI users were restricted to viewing files that belonged to a web site. The new update brings a central file UI that can be used to browse any path on the file system as long as permission is granted bythe API that the user is connected to. The central file UI has a virtual root folder that is populated by the file system location's specified in the settings of the API. The name of the folders in the virtual root folder is the alias as specified in the API's configuration, and if no alias is provided then it is simply the folder name.

Given the following file settings (appsettings.json)

"files": {
"locations": [
{
"alias": "",
"path": "%systemdrive%\\inetpub",
"claims": [
"read",
"write"
]
},
{
"alias": "Debug",
"path": "%systemdrive%\\applications\\testing",
"claims": [
"read",
"write"
]
}
]
}

The following will display at the root of the central file UI.


Central Certificate Store Support and Certificate Improvements

0
0

Via Microsoft IIS Administration 1.1.0

The Microsoft IIS Administration API is now Generally Available! If you are unfamiliar with the API, check out our earlier post for an introduction.

The capabilities of the IIS Administration API have grown as we strive to incorporate the feedback we receive into the product. The newest release of the IIS Administration API addresses one major request from the community by providing support for managing the IIS Central Certificate Store, as well as support for certificate stores other than MY. To go along with the support for additional stores, enhancements have been made to the the certificate API. These improvements are important milestones for the IIS Administration API as it evolves into a key tool for managing not only a single IIS instance, but an entire farm of web servers.

Central Certificate Store

The Central Certificate Store (CCS) is a feature of IIS that vastly improves managability of certificates. Clasically IIS relied on certificates being on the local machine. With the CCS an administrator can set up a file share containing all the necessary certificates for a web hosting environment and configure multiple machines to use them. Now this essential feature can be configured from the new CCS endpoint.

Central Certificate Store API /api/webserver/centralized-certificates/{id}

{
    "id": "{id}",
    "path": "{Physical path of certificate share}",
    "identity": {
"username": "{CCS-User}"
// "password", a write-only field in which the password is specified for the CCS User
}
// "private_key_password", a write-only field in which specifies the password needed to read the private keys in CCS
}

CCS Web UI

The web management interface at manage.iis.net has been updated to take advantage of the new CCS API. When visiting the Web Server level with IIS Administration 1.1.0 installed, a new Central Certificate Store tab will be available. From this tab the CCS feature can be installed and enabled on the machine.

Web Hosting Store Support

Along with our addition to support for the central certificate store, we have provided support for Windows certificate stores other than my. Now the certificates API will include the certificates that are present in the Web Hosting certificate store which is designed to help improve the performance of IIS and keep web server related certificates separate from other types. A new certificate stores API endpoint was added to retrieve the certificate stores that are available. By default these stores are limited to the My and Web Hosting stores, however additional stores can be provided through configuration. Also, if CCS is enabled it will also display in the new certificate stores endpoint.

Certificate Stores API /api/certificates/stores

{
"stores": [
{
"name": "My",
"id": "{store-id}",
"_links": {
"self": {
"href": "/api/certificates/stores/{store-id}"
}
}
},
{
"name": "WebHosting",
"id": "{store-id}"
// _links removed
},
{
"name": "IIS Central Certificate Store",
"id": "{store-id}",
// _links removed
}
]
}

Certificate API Updates

The improvements reguarding certificates marked a good time to update the certificate resource. These updates provide necessary information that were originally missing, such as subject alternative names. Fields that provided little to no value were removed, such as the name field. Additionally, certificate API now supports the HTTP Range header, allowing a subset of the total certificates to be requested.

The Updated Certificate Resource


{
"alias": "My Self Signed Certificate",
"id": "{id}",
"issued_by": "CN=localhost",
"subject": "CN=localhost",
"thumbprint": "1E927A29E966FA11A7C469BC565A9E00B11F5F95",
"signature_algorithm": "sha256RSA",
"valid_from": "2017-04-12T11:26:26Z",
"valid_to": "2019-04-12T11:26:26Z",
"version": "3",
"intended_purposes": [
"Client Authentication",
"Server Authentication"
],
"private_key": {
"exportable": "false"
},
"subject_alternative_names": [
"DNS Name=localhost",
"DNS Name=my-work-pc"
],
"store": {
"name": "My",
"id": "{store-id}",
"_links": {
"self": {
"href": "/api/certificates/stores/{store-id}"
}
}
}
}

New Certificate List View

The UI at manage.iis.net now has a certificates list view at the web server level. This provides a method to view all the certificates that the API has access to. These are the same certificates that are avaiable to use when creating web sites with HTTPS bindings.

Improvements in https://manage.iis.net

0
0

https://manage.iis.net is a responsive, browser based management portal for IIS that provides the capability to manage both local and remote IIS servers. To get started using it head over to https://manage.iis.net.

The IIS team has been hard at work incorporating user feedback into manage.iis.net. As a result, changes have been made to help simplify common tasks and improve overall usability. The next time users visit manage.iis.net they can expect to find enhancements navigating, managing multiple servers, and managing their web sites.

Simplified Connect Screen

Often a user's first experience with manage.iis.net is for local administration. Thus, we have simplified the connect screen by no longer requiring the server url and a custom display name. This information will be automatically populated for the local server. A connection can still be made to a remote server by clicking the advanced setup button, which brings back the server url and display name fields for the connection.

Updated Navigation Sidebar

Some of the feedback we received was that it was not easy enough to tell whether the current page was for the webserver, web site, or web application. To help improve this experience we revamped the navigation sidebar. The sidebar no longer blends into the page making it much easier to find. The top of the sidebar shows a navigation hierarchy for the current page, providing users with a single location to infer their location.

Server Connections Page

Previously, adding and editing connections was done through the same screen users saw when they first visited the site. This led to a disjointed experience especially when making a simple change such as editing the display name of a server. Now servers have their own management page where new connections can be created, edited, deleted, and the current connection can be changed.

Settings Menu

A new settings menu can be found by clicking on the cog button at the top right of manage.iis.net. This menu provides a way to return to the download page for the IIS Administration API which was previously hard to find after leaving for the first time. Further additions will be made to the settings menu in a future release, including a method to provide feedback and a link to new documentation for manage.iis.net.

Application Pool Tab

A general best practice in IIS is to use one web site per application pool. Often times it can seem that the settings of an application pool are just an extension of the web site. To promote this through the UI, web sites now have an application pool tab that provides access to the most common setting.

To try out all the new changes visit https://manage.iis.net.

Microsoft IIS Administration API 2.0.0

0
0

The Microsoft IIS Administration API is making IIS administration simpler than ever before. If you are unfamiliar with the API, check out our earlier post for an introduction.

Microsoft IIS Administration API 2.0.0 has just been released which features a range of 'under the hood' improvements to the API. These changes aim to make installing, running, and configuring the API simpler while at the same time opening the door for new types of features in the future.

Configuration Changes

When the IIS Administration API is installed, it is configured to require Windows authentication for all requests. Previously, the Windows authentication and other security related configuration resided in a file named web.config. This name may seem familiar because it is the same file that IIS uses to configure settings for web sites and applications. Since the IIS Administration API was previously using a self-hosted version of IIS to run as a service it was able to utilize the IIS configuration system for capabilities such as authentication and authorization. Now, the IIS Administration API no longer self hosts IIS, and instead uses the ASP.NET Core HttpSysServer. This means that there is no more web.config file. The settings that were previously in the web.config file have been transformed and moved into the application's settings file (appsettings.json). None of the paradigms that the IIS Administration API has been using for security have changed. Only the location of the configuration and the way the settings look have been modified. Many use cases have arisen in which users wished to make modifications to the security settings, and this new configuration system was designed to make these modifications more intuitive.

New Security Section

In previous releases, all of the authentication and authorization settings for the API were contained in the aforementioned web.config file despite the fact that there was another configuration file in use named appsettings.json. Now that the web.config file has been removed, the security settings have been added to the appsettings.json file in a new security section.

The default location for the appsettings.json file is %ProgramFiles%\IIS Administration\2.0.0\Microsoft.IIS.Administration\config\appsettings.json

  "security": {
    "require_windows_authentication": true,
    "users": {
      "administrators": [
        "DOMAIN\\UserName"
      ],
      "owners": [
        "DOMAIN\\UserName"
      ]
    },
    "access_policy": {
      "api": {
        "users": "administrators",
        "access_key": true
      },
      "api_keys": {
        "users": "administrators",
        "access_key": false
      },
      "system": {
        "users": "owners",
        "access_key": true
      }
    }
  }

What It Means

require_windows_authentication: A flag that, when true, requires every request to the IIS Administration API to have Windows authentication.

users: The users part of the security section is a map of Windows users/groups to certain roles within the API. In a default installation administrators can access the IIS Administration API as well as generate access tokens. Owners have the highest level of privelege and can perform operations such as setting an application pool identity to LocalSystem.

access_policy: Access policies specify a set of requirements to access certain areas within the API. IIS Administration 2.0.0 comes with three different access policies, api, api_keys, and system. The api access policy governs general access to the API. The api_keys access policy specifies the requirements to generate API keys (access tokens). The system access policy protects the most privileged operations within the API.

As shown, each access policy has a set of requirements. The users requirement specifies which roles from the users section have access to the resources that the access policy governs. The access_key requirement specifies whether the resources protected by that access policy require an access token.

There are two additional requirements that can be specified in access policies named forbidden and read_only. The forbidden requirement blocks all access to the resources guarded by the effected access policy. As an example, if the forbidden requirement was placed in the api_keys access policy then api keys could no longer be generated by any user. The read_only requirement ensures that all requests to the resources guarded by the effected access policy are GET requests. An example use case would be to place the read_only requirement in the api and system access policy to deploy a read only version of the IIS Administration API.

Simpler Installation

With the 2.0.0 release, the IIS Administration API has removed multiple dependencies leading to a quicker installation and a thinner footprint on the machine. The ASP.Net Core Module, IIS, and IIS sub-features are no longer required for installation, meaning the only requirement left is .NET Core 1.0 (LTS). It is worth mentioning that the IIS Administration API installer automatically installs this dependency if it is not on the machine, so there is no need to install it as a prerequisite. These changes have improved the experience of installing the API on new machines, and now IIS and the IIS Administration API can even be installed at the same time.

What's New In 2.1.0 - URL Rewrite Administration

0
0

Via Microsoft IIS Administration API 2.1.0

If you are unfamiliar with the API, check out our earlier post for an introduction.

The IIS team has been working on making the IIS Administration API a complete solution for managing all aspects of the web server. The newest addition to the API is an endpoint for the URL Rewrite module. This module is one of the most popular due to its ability to provide complete control over HTTP requests and responses at the webserver level. With the new API endpoint , obtaining, configuring, and using the URL Rewrite module is easier than ever. 

Install And Uninstall Via the API

Unlike most IIS modules, URL Rewrite does not come by default with Windows. This meant that to start using the module one needed to download it and then install it on the web server. With the new URL Rewrite endpoint, the module can be installed with a single request just like any other IIS feature. The API will obtain the latest version of URL Rewrite, install it on the web server, and then report the success of the installation. Uninstalling URL Rewrite is also supported, so performing an upgrade from an older version is possible by uninstalling and then reinstalling via this new endpoint.

Complete Coverage

URL Rewrite is capable of satisfying many scenarios in a simple manner, but it is also possible to use URL Rewrite for advanced scenarios such as implementing CORS. To handle all this functionality URL Rewrite comes with a lot of switches and knobs. This new endpoint exposes all of the configuration for URL Rewrite through JSON resources. 

One common scenario encountered in web development is the desire to redirect all HTTP traffic to HTTPS for a given website. Below is a URL Rewrite rule that can be used for this purpose as seen through the IIS Administration API.

{
    "name": "Redirect to HTTPS",
    "id": "{id}",
    "priority": "0",
    "pattern": "(.*)",
    "pattern_syntax": "regular_expression",
    "ignore_case": "true",
    "negate": "false",
    "stop_processing": "true",
    "response_cache_directive": "auto",
    "condition_match_constraints": "match_any",
    "track_all_captures": "false",
    "action": {
        "type": "redirect",
        "url": "https://{HTTP_HOST}/{R:1}",
        "append_query_string": "true",
        "log_rewritten_url": "false",
        "redirect_type": "found"
    },
    "server_variables": [],
    "conditions": [
        {
            "input": "{HTTPS}",
            "pattern": "off",
            "negate": "false",
            "ignore_case": "true",
            "match_type": "pattern"
        }
    ],
    "url_rewrite": {
        "id": "{rewrite-id}",
        "scope": "Default Web Site/",
        "_links": {
            "self": {
                "href": "/api/webserver/url-rewrite/{rewrite-id}"
            }
        }
    }
}

URL Rewrite Web UI

To compliment the new endpoint, a URL Rewrite section has been added to https://manage.iis.net. This UI enables users to install and customize URL Rewrite for the web server. There are multiple features to aid in customizing URL Rewrite rules including regex testing, auto fill suggestions for IIS server variables, and rule cloning.

For the initial release of the URL Rewrite UI on https://manage.iis.net there will not be support for preconditions and custom tag sets on outbound rewrite rules. These features will be added into the UI at a later date, however they are already present in Microsoft IIS Administration API 2.1.0.

Feedback

The IIS team would love to hear what users think of the experience we're building at https://manage.iis.net, so we've added a feedback button. The new button can be found at the top right of the web manager and in the settings menu on mobile devices. 

Whats New In 2.2.0 - Web Server Monitoring

0
0

Via Microsoft IIS Administration API 2.2.0

If you are unfamiliar with the API, check out our earlier post for an introduction.

The IIS team has been working on making the IIS Administration API more than just a tool for configuring IIS. The latest release enables users to collect web server health and performance data that is integral to keeping web servers running. This new data source opens up possibilities for IIS data reporting, management suite integration, and live monitoring systems. 

Health and Performance Monitoring

An important aspect of running a web server is being able to measure whether the server is healthy, and this requires collecting a wide array of data. In the 2.2.0 release of the IIS Administration API, monitoring endpoints have been added that provide the data necessary to ensure that the web server is performing as expected. These new endpoints provide metrics that are considered the most relevant for web servers including network, cpu, memory, disk, and HTTP requests. Data can be retrieved for the web server as a whole or individually for web sites and application pools. With these new endpoints the IIS Administration API can serve the dual purpose of configuration and monitoring.

The data from the monitoring endpoints is focused on the web server rather than the entire machine. For instance, the web server endpoint returns the number of web server processes running on the machine, but it does not include any unrelated processes. This means web server administrators can measure resource usage that comes solely from the web server.

Documentation for these new endpoints is available at https://docs.microsoft.com/en-us/IIS-Administration/api/monitoring.

Web Server Monitoring (/api/webserver/monitoring)

The web server monitoring resource has fields that represent different categories of performance data including network, HTTP requests, memory, CPU, disk, and web server cache. This endpoint can be polled on a one second interval to obtain live aggregated usage data of the web server. 

The snippet below is an example of the webserver monitoring resource.

{
    "id": "{id}",
    "network": {
        "bytes_sent_sec": "1201162",
        "bytes_recv_sec": "278429",
        "connection_attempts_sec": "0",
        "total_bytes_sent": "7722036030",
        "total_bytes_recv": "1789971361",
        "total_connection_attempts": "99",
        "current_connections": "99"
    },
    "requests": {
        "active": "0",
        "per_sec": "2870",
        "total": "18453312"
    },
    "memory": {
        "handles": "35343",
        "private_bytes": "721608704",
        "private_working_set": "614633472",
        "system_in_use": "3359817728",
        "installed": "10642575360"
    },
    "cpu": {
        "threads": "2382",
        "processes": "99",
        "percent_usage": "3",
        "system_percent_usage": "31"
    },
    "disk": {
        "io_write_operations_sec": "0",
        "io_read_operations_sec": "0",
        "page_faults_sec": "0"
    },
    "cache": {
        "file_cache_count": "198",
        "file_cache_memory_usage": "1962",
        "file_cache_hits": "36906658",
        "file_cache_misses": "55360241",
        "total_files_cached": "199",
        "output_cache_count": "0",
        "output_cache_memory_usage": "0",
        "output_cache_hits": "0",
        "output_cache_misses": "36906759",
        "uri_cache_count": "198",
        "uri_cache_hits": "36906359",
        "uri_cache_misses": "400",
        "total_uris_cached": "200"
    }
}

Web Site Monitoring (/api/webserver/websites/monitoring/{id})


The web site monitoring endpoint provides data for individual web sites. This is useful for drilling in and seeing how each web site is contributing to the total usage of the web server. Specifying the id of a web site in the URL limits the API's response to the web site with that id, however if no id is specified the endpoint can be used to query all web sites at once.

Note: Some performance data obtained from the web site endpoint may not be accurate if more than one web site is configured to run in the same application pool.

The API also exposes application pool monitoring data that is available from the /api/webserver/application-pools/monitoring/{id} endpoint. This resources behaves in the same manner as the web site monitoring resource.

Monitoring UI

Along with the introduction of monitoring endpoints, the web management tool at https://manage.iis.net has been updated to provide a live monitoring experience.

Viewing all 21 articles
Browse latest View live




Latest Images