Speaker: Mike Benkovich
Description: I attended this local (to me) MSDN event in Bloomington, IL, last week. The speaker was very good and I found the IIS 7.0 portion of the talk very interesting. As a bonus, Mike was kind enough to allow me to advertise our local .NET user group. I did not stay for the whole talk, but here are some notes I jotted down.
IIS 7.0
- ISAPI = Programming interface for IIS
- IIS 7.0 is modular.
- No Metabase -> Replaced w/config files
- ApplicationHost.config -> Global settings
- Web.config -> local site settings
- Nice looking new GUI.
- You can easily setup individual app pools for each site.
- This way if one website acts up, it shouldn’t affect the other sites, in separate pools.
- Can manage a sites Web.config via the IIS 7.0 UI.
- You can enable PHP website using “Handler Module” tool.
- Module is broader
- Handler is narrower
- You can “Add Managed Handler” to “Handler Mappings”.
- Allows you to create your own DLL and add it as a handler.
- IIS 7.0 doesn’t run under Windows Server 2003.
- Learn more at the speaker’s website BenkoTips.com
How to Build Secure Apps- Know your threats
- Engage “Threat Modeling”
- Design with security in mind
- Apply proven security principles
- Follow secure coding techniques