Internet-Based Security

Today most clients accessing our COM+ application do not use custom VB client applications. Instead, they use the browser as their client program. This last section discusses how IIS security integrates into COM+ security. I am not going to spend a lot of time defining how to create web applications and ASPs or how to configure your server. However, for the sake of discussion, I would like to give you a brief overview of what a web application is and how it integrates with COM+.

Web Application Overview

In Windows 2000, the Microsoft web server is Internet Information Services 5.0 (IIS 5.0). IIS runs as a service in a process called InetInfo.EXE. InetInfo.EXE gives the developer the ability to create extensions and filters known as ISAPI extensions and ISAPI filters. Whenever a client sends an HTTP request to the server, it normally sends the request through TCP/IP port 80. IIS listens for HTTP requests through port 80 and has the job of sending an HTTP response. By writing filters and extensions, you can read the information in the HTTP request and customize the response to the client. The most famous ISAPI extension is ASP.DLL, which wraps the low-level functionality of ISAPI into scripting friendly interfaces.

IIS enables you to define a number of web applications for a particular server. To define an application, you create what is called a virtual directory (consult the IIS documentation for details on how to create a virtual directory). Each virtual ...

Get COM+ Programming with Visual Basic now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.