[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Enabling ISAPI in IIS 7 on Windows Server 2008

Published on
13,668 Points
1 Endorsement
Last Modified:
What is an ISAPI filter?  
•      It's an assembly (.dll file) that can add or change the way IIS works.  
•      They can be enabled globally for your web server or on a site-by-site basis.  

When the IIS server receives a request, enabling the ISAPI filter will cause IIS to watch the requests coming and going, listening for one that calls a function that is specific to the filter.  When that particular function is called, the ISAPI filter allows the request to be directed to the appropriate assembly for execution and response.
For example, let's say you have a .dll that allows you to send you an e-mail when the user triggers an "access denied" response from the server.  When you enable the filter, any user request that triggers an access denied response will first execute the custom .dll's code, that code will send you an e-mail, and then control passes back to IIS to continue processing the access denied response.
 You can find an excellent (and short!) low-level explanation of ISAPI Filters at the following article:
Some applications need support for ISAPI extensions and this is disabled by default in IIS.  Enabling ISAPI for an individual web is very easy, provided the web application is running in Integrated Mode.  However, since my shop has a combination of 2.0 and 40. apps, Classic and Integrated, and even Enable 32-bit Applications True/False, our "Classic" apps will not allow IIS 7 to set ISAPI without manually editing the web.config.  This can get tedious when we push new web.config files to the server.  Thus ISAPI needs to be enabled at the server level so it can trickle down to individual apps making ISAPI calls.  This is done in two phases:
1.      Adjusting ISAPI settings in a configuration file.
2.      Enabling ISAPI for each type of Application Pool using the IIS 7 Manager

The attached PDF covers the process of enabling ISAPI in IIS 7.  It was performed on Windows Server 2008 in order to support a third-party .dll that made use of ISAPI extensions.  If you are needing to enable ISAPI on your Windows-based web application server this document should help you because ISAPI is not enabled by default in Windows Server 2008.

This guide will walk you through the process, but is not intended to cover why you would want ISAPI - that is a decision you should consider when you have a need, and not just because you can. Enabling-ISAPI-in-IIS7.pdf
1 Comment

Author Comment

Thanks Mark - I did re-read the guidelines for Experts Exchange earlier.  To be honest, I think this is probably better as a "How-To" than anything else.  The bottom line is I want to graphically walk people through steps like these and figured a neatly-encapsulated PDF is the way to go.  I'll remove and re-do...perhaps I need a bit more schooling in our interface here first too.

Thanks again for your help!


Featured Post

OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Learn how to collaborate with office 365 Office Online
Please check the video also in regards to recovery of deleted emails from office 365 admin center and through the MFCMAPI tool. I have mentioned each and every step with the proper steps that need to be taken care of.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month