by December 5, 2007 0 comments

Last month we looked at the new architecture of IIS7 over its predecessor
IIS6. We saw that thanks to its new ‘Integrated Pipeline’ mode, features of
ASP.NET are now available as modules in IIS7 and therefore are available to any
other programming platform running on this server. This article takes a look at
actually using these features in a PHP application.

The Integrated Pipeline in IIS7 allows the ASP.NET features such as Forms
Authentication, Caching, URL Filtering and URL Rewriting to work as modules
within the context of IIS7. Because of this, we can now start using many of the
features of this pipeline in other programming platforms as well. During the
development phase of IIS7, Microsoft partnered closely with Zend, the makers of
PHP, to create an optimized version of PHP that works with this new Integrated
Pipeline. It gives PHP features that are not available in either the LAMP or the
XAMP stack. In addition, they have also come up with a generic IIS7 module,
called FastCGI that allows other platforms (say Perl, ColdFusion, etc) to also
take advantage of this pipeline in the future.

Direct Hit!

Applies To:
Web admins
The integrated pipeline allows features of IIS and ASP.NET
to be used by other platforms such as PHP
Primary Link:
Google Keywords: iis7

To get this working, you’ll need to first download the latest PHP release for
Windows as a compressed archive. Unzip the contents of the archive to c:\PHP on
a Windows Server 2008 machine. Change the php.ini settings as recommended in the
install file. Please note that these settings are different from version to

Next, we need to have a PHP Web application that we can use as a sample. For
this example, we will use a simple PHP application called QDig. Unzip the
archive into say c:\inetpub\wwwroot\ Qdig. Put some sample photos in the gallery
folder to use as a sample. Now open up IIS Manager. This is where we will be
doing a number of different configuration level changes that enable PHP to work
with the Integrated Pipeline. First of all, open up the server treeview for the
current machine and right click on Default Web Site and add a new Web
Application. Give the application a unique name, such as QDIG and point the
physical path to the folder you extracted the program to. But make sure that the
Application Pool is set to ‘DefaultAppPool’ if not already. This application
pool uses the Integrated Mode for IIS7 and therefore provides its features to
sites and applications using it.

Once this is done, click on the application you just created. In the Feature
View on the right pane, double click the Modules icon. Ensure that ‘FastCGI’ or
‘iisfcgi’ is listed. (The names are different depending on the build number of
Windows Server 2008 beta that you are running). If they are not, you will need
to download the Tech Preview of FastCGI from and install it.

If you see that the FastCGI does indeed exist on the server, it is now time
to configure PHP on the machine. For this, close the modules window and after
making sure that the QDIG Web application is still selected, double click the
Handlers icon on the right pane.

This is the place where extension can be mapped to different handlers.
Traditionally, say in IIS6, you would create a Script Map for *.php to point to
the PHP executable. However, in IIS7 since you want to use the modular mapping,
you will select ‘New Module Mapping’ in the task pane on the extreme right of
the IIS Manager window. A new dialog box pops up here in which you need to
specify the following items. The extension as ‘*.php,’ the module as ‘FastCGI’
or ‘iisfcgi,’ the optional executable should point to c:\PHP\php-cgi.exe and the
name should be any descriptive name, such as ‘PHP on FCGI.’ Save and confirm the
settings here.

Once these are done, add a default document as ‘index.php.’ Use your browser
to view the Web application. Your PHP application should be running fine at this
point. However, we still have not really started using the Integrated Pipeline
yet-we’ve only used a high performance execution engine through the FastCGI
module. So let’s add some ASP.NET Forms Authentication to the QDIG PHP Web
application. For this example, we will use a simple XML based data source that
contains the user information. We will then use a simple XMLMembershipProvider
that allows ASP.NET login controls to read and write directly to this encrypted
XML file. The XML provider is available for free at CodePlex (
aspnetxmlproviders). Open up the folder where you extracted Qdig. Create a new
folder named App_Data so that the data can be stored automatically there.

Now in IIS Manager, again select the Qdig application and on the right pane,
select the Providers icon. Choose ‘.NET Users’ from the dropdown and click on
‘Add.’ Select the XMLMembershipProvider you got above. Click on Apply and from
the main screen, select ‘.NET Users.’ Click Add here as well and add a few users
to the system (that is, the Web application) by using the dialog box.

Now comes the part where you need to provide the ability for PHP to use the
integrated Forms Authentication. Again on the main screen of IIS Manager for
Qdig, select the Authentication icon. Enable Forms Authentication and then
double click on it in the list. In the properties dialog, note the name of the
authentication page — login.aspx. Close the dialog.

Now open up Notepad and simply paste the following markup into the page:

<%@ Page Language="C#" %>
<head runat="server">
<title>Login Page</title>
<form id="form1" runat="server">
<asp:Login ID="Login1" runat="server" BackColor="#FFFBD6" BorderColor="#FFDFAD"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em"
ForeColor="#333333" TextLayout="TextOnTop">
<TextBoxStyle Font-Size="0.8em" />
<LoginButtonStyle BackColor="White" BorderColor="#CC9966" BorderStyle="Solid"
Font-Names="Verdana" Font-Size="0.8em" ForeColor="#990000" />
<InstructionTextStyle Font-Italic="True" ForeColor="Black" />
<TitleTextStyle BackColor="#990000" Font-Bold="True" Font-Size="0.9em" ForeColor="White"

Save this file into the Qdig application folder as login.aspx. This has now
enabled your Web application written in PHP to have ASP.NET based forms
authentication. However, browsing to the site doesn’t throw up the login page.
This is because we still have one more configuration step to do.

Again, in IIS Manager, go to the Authorization Rules icon for Qdig. Edit the
default rule that allows ‘Everyone’ access to allow only certain specific users
(from the list that you added in the .NET Users earlier). Click on apply and now
try browsing the site. You will be suddenly faced with a login page.

The application will now prompt you for credentials that will be matched with
the users stored in the ASP.NET Membership data source and compared using the

As you can see, with a few configuration changes, you have just added a
complete forms authentication capability to an existing PHP application
without changing even a single line of PHP code. You can extend this further by
adding features such as URL Rewriting or Caching-again using simply
configuration rather than code to get it working. This lets you do things in PHP
that is impossible or difficult to do in the LAMP or XAMP stack very easily on
IIS7. So in case you wish to host PHP applications, IIS7 is not just another
platform that you can host it on, but one that offers much more features as

Vinod Unny, Enterprise Infotech

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.