<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Setting up IIS7.5 in Windows 7 to run Classic ASP Web Sites

Published on
42,308 Points
27,908 Views
9 Endorsements
Last Modified:
Awarded
Wayne Barron
ASP Classic, VB.NET with SQL Server development. Video Lesson's on Web Development and Video Post Production work. Always fun to share!
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is to test my current websites using Internet Explorer (IE) 9. (Of which all my sites run perfectly under IE9)

Now, I run ASP Classic Applications mostly, about 99% of my site scripts are ASP Classic, with just a touch of VB.NET (ASP.NET). So, to test my sites within Windows 7 while I am there, I installed IIS7.5 and setup Classic ASP to run on the windows 7 system, and here you go, the instructions on just how it is done.

Note: Total time to setup is about 3-5 minutes, depending on the speed of your system, and you will need the windows 7 CD.

1. Installing IIS7.5


Open Control Panel
Click [Programs]
Choose [Turn Windows features on or off]
Turn Windows Features On and OffWhen the [Windows features] dialog appears
Click on the [+] and the [] box beside [Internet Information Services]
(When you click the box it will turn blue, and the [World Wide Web Services] & [IIS Management Console] will become active as well. Do not uncheck these!)

Now, put a check beside the following item(s)
[IIS Metabase and IIS 6 configuration compatibility]

Click the [+] beside [World Wide Web Services]
Then the [+] beside [Application Development Features]
Put a check beside the following area's
>> ASP
>> ASP.NET
(Once you put checks beside these, other features will become active as well, leave them checked and continue)
Now click [OK]
(This process will take a few minutes, so be patient)

(When you are finished checking everything, it should look like this)
Installing IIS7.5

2. IIS Setup


Now that we have this done, we will need to go into IIS and do a few things in there next.
So, let’s open IIS
Click on the [Start] button and type in [IIS]
Choose [Internet Information Services (IIS) Manager]
(You can also setup your menu to show Administrative Tools, then drag the IIS Manager from Administrative tools into your Menu Bar, this is the best way to get to it and other applications quickly, since the Taskbar is no longer split within Win7)

Within IIS, click on the ellipse arrow beside the Server Name in the Left Panel
Click until you get to [Default Web Site]
Click on [Default Web Site]
Over in the Center Section, Double click on [ASP]
IIS Choose ASP ButtonThen in the [Behavior] section
[Enable Parent Paths] change this to: [True]
(This makes it so that we can use ../file.asp within our INCLUDE FILES Without this set to true, you will receive an error)

Then under [Debugging Properties]
Set [Send Error To Browser] to: [True]
(This will allow for the errors to be viewable to your Browser)
Enabling ASP Parent Path and Error Reporting(Make sure to save these changes, a Dialog will appear once you click out of the ASP Properties area, click [Save])

Now,
Right Click on the [Default Web Site]
Then [Manage Web Site]
Then [Advanced Settings]
(or) from the [Actions] panel on the Right, under [Manage Web Site] click on [Advanced Settings...]

(Menu Options)
Manage Website - Menu Options(Right Navigation Option)
Manage Website - Right Side Navigation
When the Dialog appears
Under [General]
Click on the [Physical path] (you will then see an ellipse button, Click on it, and choose the folder location where you have your site located.)
Mine are all kept in: (G:\InetPub\wwwroot\) and within Sub Folders from there, for each of my sites.
(Make it a practice to back up your sites on a regular basis, sometimes I forget, and kick myself for it. So create a script with RoboCopy and click it every time that you make a workable/keep worthy change to your page(s))

(Looks like this)
Browse for Website folder
Now, I have my IP set to an In-house Static IP of: 192.168.2.9
So, you might want to check in on doing this as well, as it is a lot better than typing in localhost.
(Look at your Router configuration and set it accordingly)

Now, when you try to view your page it may give you a
[500 - The website cannot display the page] Error.
To get past this annoying error, do the following.

In Internet Explorer (This applies to all IE Releases)
From the Menu click on [Tools | Internet Options]
[Advanced] Tab
Under [Browsing]
Uncheck [Show friendly HTTP error messages].
Click [Apply] then [OK]

When opening your site for the first time after making these settings, it will take a moment for Internet Explorer to retrieve the page from IIS7.5, this only happens at the start, and will not happen again. I think that it has something to do with bounding to the IP Address?? Though I never seen this type of behavior in IIS4 or 5.1 so, maybe someone else can give a reason as to why it does this.

When your page loads, and you should either see an ASP Error message (or) your live page.

Good Luck and Happy ASP Classic Programming.

To view the Video Tutorial of this online at Youtube.com
Please click here =>  http://www.youtube.com/watch?v=MiA-ox2OkI4

Carrzkiss
Written On: September 17, 2010
Revised On: September 21, 2010
9
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 60

Expert Comment

by:Kevin Cross
Nice work, Carrzkiss! You have my Yes vote above.

[Enable Parent Paths] change this to: [True]
(This makes it so that we can use ../file.asp within our INCLUDE FILES Without this set to true, you will receive an error)

Then under [Debugging Properties]
Set [Send Error To Browser] to: [True]

For local development, which you were pretty much covering here as Windows 7 installation of IIS, I often do this also.  

I am going to take this opportunity to note for beginning web developers reading, though, as always with IIS, you want to limit your surface area for attacks.  If you don't need to use directory traversal as shown (e.g., "../file.asp"), then DO NOT enable parent paths as that leaves that feature available to attackers who once they have access to your web folder can traverse upward to other files.  Now this is only really a concern if your NTFS rights aren't set correctly on your production web servers and/or you have your web folder in the default C:\Inetpub.  With the more secure by design Windows OS of late, the concerns here are less and less, but nonetheless security is best done in layers and this is just another depth to which you can protect yourself.

Similarly, the debugging is great when troubleshooting issues, but consider if you page throws an error and now I know you are (1) using IIS, (2) you have a SQL database backend, and (3) you have a table name USERS -- you debug message has now given me an attack vector simply by my generating some error on your page to get details.  

Again, this is not something wrong with the article as the scope is Windows 7 IIS 7.5, which typically isn't where you production web servers are run from, so this is just more information to ensure when you move from development to production, you keep in mind that you may want to set this option differently.

But at any rate, keeping with the scope of this Article, I like it.  The "friendly" HTTP errors aren't so friendly to us developers and yes I noticed the slow down too with IIS 6, even.  Always thought it was with ASP.NET pages as it was compiling for the first time, so interesting to hear you are seeing an even more exaggerated slow down in IIS 7.5.  I will have to play with that some more myself.

Nice job, again.

Kevin
0
 
LVL 31

Author Comment

by:Wayne Barron
Some very good points.

The attackers, yes, they are mean and they can be nasty.
BUT, that is what my other article helps to prevent.
http://www.experts-exchange.com/A_3626.html
Using Parameterized Queries and a function that I designed called: ProtectSQL
Will help to prevent someone from ripping apart your site.
NOW, this is only as good as your web design work is, if you design pour
Code and try to use the Parameterized Queries, then it may not work and may be just a waste of time.
Please read the article and understand how to use it, so that you can protect yourself from potentially bad things from happening to your site and database.

Good Luck and thank you Kevin.
Wayne
0
 
LVL 31

Author Comment

by:Wayne Barron
@mwvisa1:
I just read over what you wrote above, and you are correct.
Make sure that NTFS securities are in place and make sure that all
Other securities are tight on the server, and then anable Physical paths.

The response that I wrote, really did not go with what you are written above.
So to everyone that reads it, I made a goof.
(I hate them days)

Take Care mwvisa1.
Carrzkiss
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 60

Expert Comment

by:Kevin Cross
No worries at all.  As I was trying to do with my comment, I think your comment and included link is helpful for web developers reading this to get some other useful information -- so I wouldn't call it a goof, but do appreciate you taking the time to respond.  

As usual, it is a pleasure -- take care also,

Kevin
0
 
LVL 11

Expert Comment

by:tobzzz
Hi Carrzkiss,

Great article, I recently did the same (unfort. I didn't read this first!).

In my previous IIS7 on Vista, everytime I add a new site for dev, I added it in IIS7 with a unique port number, browsing to the folder of the website etc. So with localhost being my landing page, a new stie would be anything like http://localhost:569. Sometimes port numbers weren't like in Chrome and FF (IE never had the problem) saying it was reserved for elsewhere. Is this the best way of setting up multiple sites on IIS for development or is there a more straighforward way? I have over 100 to set up shortly and manually adding them one-by-one will be a pain. Do you know if it's impossible to export the list from my IIS7 and import it to IIS7.5? Maybe you have a better idea for all of this?

Thanks and best wishes

/ Tobzzz
0
 
LVL 1

Expert Comment

by:r1tman2003
i went to a lot of hassle to lookup my account from 8 years ago to say THANKS. Now im going to go to a little more to hit the yes this was helpful button on another computer because the browser on my windows 2008 isnt configured for security and i cant remember how. i hate how MS changes isht with every release because they want to make us feel dumb so we keep de-upgrading. i want to upgrade to windows 98, I imagine how fast the required specs for their power hungry products would tear through that.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Join & Write a Comment

Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month