Windows 7 / Getting Started

Configuring handlers

A handler is a DLL or other executable that responds to a particular request from a client. IIS receives the request, locates the appropriate handler for the request, and then passes request information to that handler. You can view the handlers for IIS by choosing the connection you want to work with in the Connections pane and then double-clicking the Handler Mappings icon. You see the Handler Mappings window. The following sections describe handlers in detail.

Enabling and disabling handlers

A handler is functional only when you enable it. IIS provides the means for enabling and disabling handlers as needed. You can install a handler, but decide not to use it for requests until needed. A handler can provide special functionality, such as debugging, or it might represent a security risk in certain circumstances.

IIS disables two handlers by default: CGI-exe and ISAPI-dll. In both cases, modern Web sites don't commonly use the functionality they provide and they both have security issues. You must enable the CGI-exe handler if you want to use CGI scripts on your server. Likewise, you need the ISAPI-dll if you want to use ISAPI extensions (as contrasted to ISAPI Filters) on your Web site. IIS doesn't offer a choice of which handlers to enable. You enable both these handlers by enabling one of them.

IIS enables and disables handlers based on the permissions you provide to a specific level of the hierarchy. In fact, IIS provides the three levels of permissions shown in Table-1 for handlers.

Table-1 IIS 7 Request Handler Permission Levels

LevelUseDescription
ReadThe read permission simply gives the handler permission to read data.Only a few handlers require just read permission. In fact, in a default IIS configuration, you can rely on only three handlers to work with just the read permission: OPTIONSVerbHandler, TRACEVerb Handler, and StaticFile. The important handler at this level is the StaticFile handler because it lets the Web server provide a default document, allows the user to perform browsing, and provides the means to serve static content. Even though you can separately enable the scripts permission and make many handlers active, the loss of the StaticFile handler will almost certainly affect the user's ability to interact with your Web site.
ScriptsThe scripts permission lets script files, but not executables, run at the designated level.This permission enables the ASPClassic handler, along with a host of others, but not the StaticFile handler. The interesting issue here is that you could set up the Web site such that the user can access only the scriptable items, such as ASP files. The user would need to know the precise URL for accessing the entry point, but then you could provide links in the Web pages to move from page to page. The user wouldn't even know that you had all the features provided by the StaticFile handler unless they tried to access the Web site without using a precise URL.
ExecuteThe execute permission lets the handler perform the full range of executable tasks.Some handlers, such as CGI-exe and ISAPI-dll, require permission to execute code. To set this permission, you must also enable the Scripts permission. However, you don't need to enable the read permission. Consequently, you can still obtain a little added security when using the CGI-exe and ISAPI-dll handlers by disabling the read permission.
Warning: Besides opening security holes in your Web site, enabling the execute permission also places a performance penalty on your Web site. Use the execute permission only when absolutely required. The following steps describe how to change the permission for a particular level (and therefore enable or disable handlers):
  1. Select the level you want to change in the Connections pane.
  2. Double-click Handler Mappings.
    You see the Handler Mappings window.
  3. Click Edit Feature Permissions in the Actions pane.
    You see an Edit Feature Permission dialog box. By default, IIS enables the read and scripts permissions.
  4. Change the permissions as needed and click OK.
    IIS changes the permission for the selected level. Because the server, Web sites, and every folder can have different permissions, you should set the permissions as needed at the lowest possible level.

Adding a managed handler

A managed handler relies on managed code developed by using the .NET Framework. The Common Language Runtime (CLR) compiles and runs the code. A managed handler relies on a specific .NET Framework class as a base class - the class that defines the initial or starting characteristics of the managed handler.

IIS comes with all default-managed handlers configured. Normally, the only time you need to add a managed handler is when a developer creates one based on one of the other .NET Framework classes. You may also need to add a managed handler when you want to configure an existing handler to work with a new path. The following steps describe how to add a managed handler:

  1. Select the level you want to change in the Connections pane.
  2. Double-click Handler Mappings.
    You see the Handler Mappings window.
  3. Click Add Managed Handler in the Actions pane.
    You see the Add Managed Handler dialog box.
  4. Type the new path in the Request Path field.
  5. Choose one of the handler classes from the Type field.
  6. Provide a human-readable name for the handler in the Name field.
  7. (Optional) Click Request Restrictions to configure the handler restrictions.
    See the "Changing handler restrictions" section of this tutorial for details.
  8. Click OK.
    IIS adds the new handler to the list.

Adding a script map

A script map is a connection to an unmanaged handler of some type. In most cases, the hander is an EXE or DLL file. You use a script map to provide support for older native code handlers. For example, you use a script map to create a handler entry for your ISAPI extension.

IIS requires that any EXE files you enter using a script map conform to the CGI specification. You can find this specification at http://www.w3.org/CGI/. Any DLL files you enter using a script map must conform to the requirements for ISAPI extensions. See the ISAPI extension overview at http://msdn2.microsoft.com/en-us/library/ms525172.aspx. The following steps describe how to add a script map:

  1. Select the level you want to change in the Connections pane.
  2. Double-click Handler Mappings.
    You see the Handler Mappings window.
  3. Click Add Script Map in the Actions pane. You see the Add Script Map dialog box.
  4. Type the new path in the Request Path field.
  5. Type the name and location of the executable file in the Executable field. (You can also use the Browse button to locate the file.)
  6. Provide a human-readable name for the handler in the Name field.
  7. (Optional) Click Request Restrictions to configure the handler restrictions.
    See the "Changing handler restrictions" section of this tutorial for details.
  8. Click OK. IIS adds the new handler to the list.
[Previous] [Contents] [Next]