Wiki Home

Setting Up IISand PWS

Namespace: WIN_COM_API
A Wednesday Night Lecture held 2000.11.08, presented by Carl Karsten
This is going to be a very basic, very hands-on night.

The goal is to understand what a webserver is, and to set one up such that the link: http://localhost will show you your server's default welcome screen.

I am expecting that at the end of the talk, everyone will have it up and running on their machine. If you are just lurking and not trying to set it up, it probably won't be very interesting. It may turn into a free for all of people having touble, and anyone who can help jumping in. I have done it a few times, so I should be able to get us through it.

If you are running W9x, you will install PWS; NT users will install IIS.

Have your windows (95,98,nt4,win2000) CD's for the talk -

[Irrelevant material has been trimmed.]

Session Start: Wed Nov 08 20:56:06 2000

[20:56] *** Now talking in #VisualFoxPro

[20:56] *** Topic is '"Setting Up Internet Information Server and Personal Web Server" with Carl Karsten'

[21:00] {Evan Delay} Carl Karsten has been developing Database applications for over 10 years, specializing in payroll system development. He is a frequent composer of and contributer to Wikis documents, an online resource maintained by the community. He has used many versions of Fox, including FoxBase+?, FoxPro 2.5 and multiple versions of Visual FoxPro.

[21:00] {Evan Delay} Carl is a Microsoft Certified Professional for Building both Desktop and Distributed Applications in Visual FoxPro 6.0.

[21:00] {Evan Delay} Tonight's Topic is "Setting Up Internet Information Server and Personal Web Server" with Carl Karsten.

[21:00] {Evan Delay} Take it away Carl.

[21:00] {CarlKarsten} Thanks, Evan

[21:01] {CarlKarsten} First let's open with a quick description of what a web server is: It's a program. It is not a piece of hardware. Let's get somewhat technical for a second. It (the program) listens to TCP/IP port 80, and when a packet comes in, the software does something. What it typically does is send back an HTML page. Ok, that was technical enough, back to laymen's terms.

[21:03] {CarlKarsten} Basically, a browser (IE, Netscape….) is what sends the request to the server, and the server sends something back to the browser, and the browser shows it to you the user.

[21:05] {CarlKarsten} The server can be installed on your machine, and then your browser dosn't have far to go to talk to it. What I hope to get done tonight is for everyone to have a webserver installed on their machine.

[21:07] {CarlKarsten} Don't worry, it won't slow down your poor little machine, assuming you don't immediately start trying to compete with

[21:08] {CarlKarsten} Once you have a web server installed, then you can start playing with things like West Wind Web Connect, or ASP pages like Mike Helland demoed a few weeks ago.

[21:09] {Evan Delay} Web Connect even works with PWS?

[21:09] {CarlKarsten} I think it does. Ill check on that later - I know where to look.

[21:51] {BarbaraPaltiel} Web Connect works fine with PWS on my NT machine

[21:51] {CarlKarsten} Barbara - glad to hear it

[21:51] {Evan Delay} Thanks BP.

[21:10] {CarlKarsten} And of course you can write up some simple html pages, and look at them, but not untill we get the server installed and started.

[21:10] {CarlKarsten} Hmm, one more term: "Start"

[21:10] {CarlKarsten} It means "run" - pretty simple, eh?

[21:11] {CarlKarsten} What OS is everyone running tonight?

[21:11] {DenisChasse} Win98

[21:11] {Evan Delay} Win98

[21:11] {MarkLetheren} W98

[21:11] {CharlieBlakey} win95

[21:11] {MarkusVoellmy} NT

[21:12] {AndrewCoates} Win2k

[21:11] {CarlKarsten} Ok, then we will start with the W98 - which is one of the easier ones. We will get to the w95 and NT in about 5-10 minutes. We are going to do the steps listed at

[21:14] {CarlKarsten} Just to reiterate: this is only for the w98'ers - everyone else just watch.

[21:14] {CarlKarsten} Put your win98 cd in, get rid of what ever autorun splash screen comes up, and click into my computer.

[21:15] {CarlKarsten} Hmmm - if you click on the cd, you get the splash.

[21:16] {CarlKarsten} Right click the CD, Explore

[21:16] {CarlKarsten} Explore on down to /add-ons/pws, find setup.exe, run setup, and sitck with the defaults that the install wizard gives you. Hit next, pick "Typical", hit next, and watch the progress bar....

[21:20] {CarlKarsten} if there are not objections, I will shift to Win2000 now

[21:20] {CarlKarsten} any questions?

[21:20] {Evan Delay} Carl what is the EXE name for PWS? - oh I found it: PWS.EXE < blush >

[21:24] {CarlKarsten} I'll have to admit, I have not really done it on win 95

[21:24] {CarlKarsten} but... it is part of the NT option pack, which I hvae done

[21:25] {Evan Delay} Carl I have installed it on Win95. I just used NT option pack as you said.

[21:25] {CarlKarsten} Evan, were the steps similare to the NT4 setup?

[21:26] {CharlieBlakey} I did it the other day on another machine with no problems

[21:26] {CarlKarsten} Ah good - is there anyone else with w95?

[21:26] {Evan Delay} Haven't done it on NT4. But just run the service pack and choose the personal webserver. Wasn't too tricky.

[21:27] {MarkusVoellmy} It's no problem on NT ... besides you should have Admin rights of course...

[21:27] {CharlieBlakey} I think the Option Pack only offers PWS if you are W95

[21:27] {CarlKarsten} I was talking to someone at GLGDW that was having trouble figuring out how to do it on Win ME

[21:31] {CarlKarsten} Security is one of the 'problems' I found when doing it

[21:31] {CarlKarsten} For testing the fun things, I really wasn't worried about anyone hacking my machine, because it wasn't "on the net"

[21:32] {CarlKarsten} Some advice: when you are connected to the internet, including using a modem, anyone can browse your webserver

[21:33] {DenisChasse} Is there an easy way to make it more secure or should we just use it for local tests before we put live on the net?

[21:33] {CarlKarsten} That might sound scary, but I don't think it puts you at much risk

[21:34] {CarlKarsten} What I feel is good advice is this: if you are going to run a webserver that you want the public to use, assume it will be hacked and taken out. Therefore, make sure you have some sort of recovery plan. Unfourtunatly, backup/restore are not part of it.

[21:35] {Evan Delay} Why?

[21:36] {CarlKarsten} Because you can not be sure when it first got hacked, and your backup may already have the hackers backdoor that they have opened up!

[21:36] {Evan Delay} Yikes.

[21:36] {MarkusVoellmy} Carl on NT or W2K can't we limit access to let's say domain users if we didn't want to go "outside" with it?

[21:36] {CarlKarsten} Nope

[21:37] {MarkusVoellmy} Hmmm You mean the NTFS is useless here?

[21:37] {CarlKarsten} Going way back to what a websserver is: a program. The program sits on the NT box, and assumes the rights of a user on that box. The good news is, it is a user with limited rights, but, anyone who can send a packet to your machines IP address, can send it to your machines port 80, which is what the server will respond to.

[21:38] {CarlKarsten} It dosn't care where it came from - thats not its job.

[21:39] {MarkusVoellmy} That's what I meant ... my users have no rights at all so it can't go outside the "public" folder then :)

[21:42] {CarlKarsten} Your physical network consists of wires, hubs, and network interface cards (NICs). There is not security that limits which machines can send a signal out. The TCP/IP protocal allows any machine to send a packet to any other machine.

[21:45] {TerryThurber} What does a packet look like?

[21:45] {CarlKarsten} A packet is a 'chunk' of bytes -

[21:45] {Evan Delay} Little bubbles of data! : )

[21:45] {CarlKarsten} Much like an e-mail between two people

[21:46] {CarlKarsten} A packet has two parts: the envlope, and the contents

[21:46] {CarlKarsten} In VFP terms, it has 2 fields: the contents is the data that one machine wants to send to the other.

[21:46] {TerryThurber} Can a packet point to an API or an EXE on the server - and - can it pass data with the pointer?

[21:47] {TerryThurber} How does the receiving machine know what to do with it?

[21:47] {CarlKarsten} It is important to remember that the term 'packet' can be used for lots of things

[21:48] {Evan Delay} Just a thought - even a digital phone call sends packets, so be carefull not to use my descriptions as the end-all-be-all.

[21:49] {CarlKarsten} The envelope is the header/footer around the contents

[21:49] {CarlKarsten} It is like the 'from, to, and subject' of an e-mail

[21:52] {CarlKarsten} So, we have this packet that goes from machine A to machine B

[21:54] {CarlKarsten} It is the same regardless of what the machines are: servers or clients. At this level, the NIC's and tcp/ip drivers don't care, they just get a chunk of data from one machine to the other. So, in the case of the web browser (machine A) and web server (B)

[21:55] {CarlKarsten} hmm, I have to back up...

[21:55] {CarlKarsten} Part of the packet's header is the port#. It basically helps the reciving machine know what to do with the packet. The IP address gets the packet to a particular machine.

[21:57] {Evan Delay} Is that like the next level to send the data to once the header information is taken off, i.e., port #?

[21:57] {TerryThurber} I know that certain port# are used for specific things. Are they "wired" that way or is it convention?

[21:57] {CarlKarsten} Convention. For instance, one of the options in the setup is: what port should the webserver repond to ( aka, listen to)

[21:58] {TerryThurber} So port 80 and port 220 will do what the packet requests?

[21:58] {Evan Delay} I see.

[21:59] {CarlKarsten} Your browser defaults to port 80 when it sends packets but you can change that.

[21:59] {CarlKarsten} hmm, i don't have a working example, so don't bother doing this - for show only:

[22:00] {CarlKarsten}

[22:00] {TerryThurber} Maybe I'm looking for something too discrete - FTP is TCP/IP, right?

[22:00] {CarlKarsten} that will send packts to port 901

[22:00] {CarlKarsten} the FTP server listens to a different port

[22:01] {DanRowe} why would i want to change port?

[22:01] {TerryThurber} I've seen some amazing things done with almost "thin" clients using TCP/IP ..

[22:02] {CarlKarsten} I have a 'server' that administrates shares on my file server

[22:02] {CarlKarsten} it listens to port 901

[22:02] {CarlKarsten} the FTP server listens to port 20

[22:03] {DanRowe} so in order to acces shares I would send my request to port 901?

[22:04] {CarlKarsten} Dan - no, that is what the SWAT server listens to

[22:04] {CarlKarsten} Samba Web Administartion Tool

[22:04] {DanRowe} thankyou

[22:05] {CarlKarsten} mail servers listen to port 25

[22:06] {CarlKarsten} listen isn't really the right word

[22:06] {CarlKarsten} part of the tcp/ip stack (drivers)

[22:06] {CarlKarsten} is the 'routing' of the packet once it gets in the destination machine

[22:07] {CarlKarsten} it passes it to the program that is running based on a table of port-program

[22:07] {TerryThurber} Does the port or the packet point to the stack drivers?

[22:07] {CarlKarsten} or, if there is no program, then it sends back a "no such thing" responce to the sender

[22:08] {DanRowe} sort of a packet manager?

[22:09] {CarlKarsten} we are now intering the realm that I barly understand, but my not describe well, and I don't want to misinform anyone

[22:09] {CarlKarsten} let me try and get back to how this relates to security

[22:09] {Evan Delay} : )

[22:10] {CarlKarsten} at the level we were talking about, there was NO security

[22:10] {Evan Delay} Was or is?

[22:10] {CarlKarsten} is

[22:10] {CarlKarsten} if the machines are wired together (machine/nic--wire--hub--wire--nick/machine)

[22:11] {CarlKarsten} the machines can send packes back and forth

[22:12] {CarlKarsten} ports 137,138,139 are used for Microsoft Networking

[22:12] {CarlKarsten} so, when your machine 'logs in' to an NT server

[22:12] {CarlKarsten} it is sending packets with your username/password to port 137 of the server

[22:13] {Evan Delay} Cool.

[22:14] {CarlKarsten} the low level network drivers hand that info to the higher level programs that deal with making sure it is a good username/password

[22:14] {TerryThurber} Would Iwe look at the MS Win SOck control to do this stuff?

[22:14] {DenisChasse} Is there a place where we can aget a description of what port is used by what software?

[22:15] {CarlKarsten} if it is, it then remembers where that came from and will deal with other requests like "i want the data from a file on your harddrive"

[22:15] {Evan Delay} 137, 138, and 139 deal with file information too?

[22:16] {CarlKarsten} Denis, just a sec - i like that Q

[22:16] {CarlKarsten} Sean - yep - MS uses thoses few ports for everything

[22:16] {Evan Delay} WOW!

[22:17] {CarlKarsten} login, getting files, printing

[22:17] {Evan Delay} Can we access them behind the scenes, in stealth mode?

[22:19] {CarlKarsten} it all comes in on the network wire, into the nic

[22:19] {CarlKarsten} which is in the back of my computer.... :)

[22:19] {Evan Delay} lol

[22:20] {CarlKarsten} so, if you send a packet to port 80

[22:20] {CarlKarsten} it gets passed to the webserver

[22:21] {CarlKarsten} it does not get passed to anything that has to do with 'who you are'

[22:21] {Evan Delay} Sorry, what are we using as the webserver, I missed it?

[22:22] {CarlKarsten} which is why the OS will not allow the web server to do anything that you the server administartor has not configured it to do

[22:22] {CarlKarsten} any web server

[22:22] {CarlKarsten} remember, it is just a program that sits waiting for requests to come in, and when they do

[22:23] {CarlKarsten} it does something like read a web page from disk and send it back

[22:23] {Evan Delay} Or do stuff in FoxPro for us!

[22:23] {Evan Delay} Or ask FoxPro to do something?

[22:23] {CarlKarsten} exactly

[22:24] {TerryThurber} So as VFP developers we propable won't work discrete packets, we'll let ADO or something else do it for us?

[22:24] {CarlKarsten} exactly ^2

[22:25] {Evan Delay} ADO?

[22:25] {JasonNance} ActiveX Data Objects

[22:25] {Evan Delay} Duh!!!!!

[22:25] {CarlKarsten} as a VFP'er no

[22:26] {TerryThurber} Will we work discrete with FOXISAPI or ISAPI?

[22:26] {CarlKarsten} if you want to get into other things, then yes

[22:26] {CarlKarsten} lets look at the chain of events that takes place with foxisapi

[22:27] {TerryThurber} Okay

[22:28] {CarlKarsten} hmm, i think you need IIS for this,

[22:28] {CarlKarsten} but we can still examine the steps

[22:28] {CarlKarsten} going with this examople

[22:28] {CarlKarsten}

[22:29] {CarlKarsten} btw - this can all happen on the same machine

[22:30] {TerryThurber} ?

[22:30] {CarlKarsten} remember, these ports arn't physical

[22:30] {Evan Delay} You are programming on the NT 4 box?

[22:30] {CarlKarsten} any box

[22:30] {CarlKarsten} using IE because i can type it quick

[22:31] {CarlKarsten} IE sends a packet to port 80 at an address

[22:32] {CarlKarsten} if the the tcp/ip drivers figure out that is the same machine

[22:32] {CarlKarsten} then they just hand the packet to the incomming routines

[22:32] {TerryThurber} A rat-tail?

[22:32] {CarlKarsten} which then see port 80 and hand it to the web server

[22:32] {CarlKarsten} for foxisapi:

[22:33] {CarlKarsten} IE sends this message "/scripts/foxisapi.dll/MyFoxServer.MyFoxClass.HelloWorld" to address:80

[22:33] {CarlKarsten} actually something more like

[22:33] {CarlKarsten} GET "/scripts/foxisapi.dll/MyFoxServer.MyFoxClass.HelloWorld"

[22:33] {CarlKarsten} it really is that simple

[22:34] {Evan Delay} WOW!

[22:34] {CarlKarsten} that string gets some header/footer added around it

[22:34] {CarlKarsten} it gets sent to the reciving machien

[22:34] {CarlKarsten} machine

[22:35] {CarlKarsten} which sees the port 80 and hands it to the webserver

[22:35] {CarlKarsten} IIS then has to take notice the /scripts/foxisapi.dll

[22:35] {CarlKarsten} and hands "MyFoxServer.MyFoxClass.HelloWorld"

[22:36] {Evan Delay} What do you mean "IIS then has to take notice the /scripts/foxisapi.dll"

[22:36] {CarlKarsten} to /foxisapi.dll that is sitting in c:\webhost\wwwroot\scripts

[22:36] {CarlKarsten} hmm, we are way into overtime

[22:37] {TerryThurber} Does the client have to be a browser?

[22:38] {TerryThurber} I guess I'm hoping the client can be a VFP exe (not APP)

[22:38] {CarlKarsten} nope - westwind has some functions like wwGet() (or something like that)

[22:38] {CarlKarsten} nope to "....browser?"

[22:38] {CarlKarsten} yes to VFP

[22:38] {TerryThurber} Can we use the OCX Winsoc

[22:39] {CarlKarsten} I am not sure what all it does, but I think so

[22:39] {Evan Delay} Thanks Carl...I have some studying to do!

[22:39] {TerryThurber} Thanks Carl

[22:39] {CarlKarsten} back to security:

[22:40] {TerryThurber} ISS?

[22:40] {CarlKarsten} the webserver dosn't care where the packet came from

[22:41] {CarlKarsten} which is why NT wants to controle what it can and can't do

[22:41] {CarlKarsten} it = the server

[22:41] {CarlKarsten} cuz the web server will try and do what ever the instructions in the packet tell it to

[22:42] {CarlKarsten} so, back to installing,

[22:42] {CarlKarsten} does anyone have any more q's about getting it running?

[22:42] {JasonNance} Something you need to keep in mind is what kinds of permissions the websever has.

[22:42] {Evan Delay} Fine here.

[22:43] {JasonNance} If it is run as admin, and someone sends an exploit to your server causing it to puke, then they basically have admin access to your machine.

[22:43] {CarlKarsten} who is much more 'into' this low level stuff

[22:43] {JasonNance} That's why you run your web server as an isolated user (like www) and only give it access to the inetroot dir (recursively)

[22:44] {TerryThurber} Is authorization the domain of ISAPI?

[22:44] {Evan Delay} Carl, would you like to wrap up?

[22:44] {CarlKarsten} before I say good bye, i want to thank everyone for comming

[22:45] {Evan Delay} Thanks Carl for giving the lecture!

[22:45] {MarkusVoellmy} Thx Carl

[22:45] {Evan Delay} *applause*

Contributors: Carl Karsten, Evan Delay, Cindy Winegarden
Category IIS Category Web Tools Category Wednesday Night Lectures
( Topic last updated: 2000.11.13 02:03:26 PM )