Click here to learn
about this Sponsor:
Home  |  News  |  Articles  |  Polls  |  Forum  |  Directory

Keywords: Match:
Embedded Web Server For Windows CE .NET
by Chris Muench, Embedded MVP   (Dec. 5, 2002)

We dipped into the Microsoft Developer Network library and came up with this valuable overview of the Windows CE.NET Web Server. Chris Muench of Siemens describes the differences between CE.NET Web Server and the Internet Information Services for Windows 2000 and Windows .NET Server, and discussed how to build, configure, and secure your embedded Web Server.


Introducing the Distributed Ecosystem

Welcome to the distributed world! The role of the Internet has grown as individuals and companies access and share information over a variety of networks. Users demand efficient, standardized interconnectivity to maximize the productivity and entertainment that smarter devices provide. To better suit the needs of this environment, Microsoft Windows CE .NET includes a feature-rich Web Server that offers distributed solutions for these devices.

Introduction

As the IT world changes from "island computing" to "broad distributed computing," tools that enable devices to share information are becoming an essential part of a developer’s resources. The key enablers for the distributed ecosystem are the standards most commonly used by the Internet, such as Transmission Control Protocol/Internet Protocol (TCP/IP), Hypertext Transfer Protocol (HTTP) and Extensible Markup Language (XML).

Defining the Distributed Ecosystem

Windows CE .NET was created from the ground up to become a first-class citizen in a distributed environment. Although Windows CE .NET was initially developed as a great client, it has matured to fill server needs as well. With the continuing evolution of the Internet toward a distributed network of smart nodes, Windows CE .NET provides a good balance of client and server roles.

Traditionally, a "client" is a defined end-node that receives information from a server, whereas a "server" provides content in response to client requests. In a distributed environment, each node can be a client and server at the same time. A node might request configuration data from a configuration and maintenance server while simultaneously serving its configuration data to other clients that are interested in viewing or changing the data.

In object-oriented programming, you encapsulate specific data for a certain task in a secure location within a class, and you only allow access to it via class methods. These methods are both incoming and outgoing. If you extend the same methodology into a distributed environment, you will conclude that each smart device should encapsulate its data within, and allow access from the outside through standardized methods.

With Web Services, this paradigm finally found a perfect implementation. Web Services allow well-defined and secure access to data across device boundaries, using the Internet as the medium.

The Role of the Web Server

The most important part of a "distributed ecosystem-enabled" device is the Web Server. It handles all incoming requests from other clients and provides a secure and predictable communication interface between your valuable data and the outside world. A Web Server, by design, is able to manage multiple incoming requests simultaneously, guaranteeing the scalability and availability of the server.

Before the Internet, communications across machine boundaries were awkward and complicated. Many protocol negotiations were required, which often led to communication failures. When you use Web Services through a Web Server, all you need to know to start communicating is the IP address of the computer you want to talk to.

How Does .NET Fit In?

Microsoft is introducing the .NET Compact Framework as a new, versatile technology for developing distributed applications. Version 1 of the .NET Compact Framework is intended to allow smart clients to consume Web Services from other devices. Because Web Services do not require the development of any proprietary technology or tools, Windows CE .NET-based devices can serve Web Services like any other smart device. Windows CE .NET includes both the Simple Object Access Protocol (SOAP) client and server parts for building your own Web Services.

The Embedded Web Server of Windows CE .NET

Starting with version 3.0, Windows CE has shipped all the required components of a Web Server. Each version of Windows CE .NET has extended the features and functionality of the embedded Web Server.

The Components of the Embedded Web Server

The embedded Web Server has the following two general requirements:
  • TCP/IP

    You need TCP/IP and a Network Interface Card (NIC) installed on the device that will run the embedded Web Server.

  • 70 kilobytes (KB) of read-only memory (ROM)

    The embedded Web Server requires approximately 70 KB of ROM. If you include the Microsoft Active Server Pages .NET (ASP) engine, you need an additional 45 KB of ROM.

The Platform Builder components

The following table shows all Windows CE .NET components of the embedded Web Server. The real size of the components is dependent on the central processing unit (CPU) that the target device is using, and is subject to change in future releases.


What's New in Windows CE .NET

The following features are new in Windows CE .NET version 4.0:
  • Server-side Secure Socket Layer (SSL) support
  • Script mapping support

The following features are new in Windows CE .NET version 4.1:
  • Authentication based on SSL client certificates
  • Support for IP version 6
  • Host header support


How To Build a Device That Includes the Web Server

Creating a Windows CE .NET image that includes the embedded Web Server is not difficult. You can follow this procedure to get started:
  1. Start Platform Builder and select File/New Platform . . . The New Platform Wizard appears.
  2. Select Emulator X86 or any other board support package (BSP) you have the hardware for, and then click Next.
  3. The next page asks you if you want to start with one of many predefined platforms. Because all platforms are capable of running the Web Server, it does not really matter which one you choose. Choose the Web Pad as your starting base, and name the platform MyWebPad.
  4. The next wizard page asks you to choose a base template for the Web Pad. Select Enterprise Web Pad with Applications.
  5. The next page allows you to customize some basic features. You do not need to make any changes here. Click Next.
  6. On the next page, open the branch for LAN and select the Wired Local Network, because we want to access the server via our local area network (LAN).
  7. The last page asks if you want to include several other technologies that might be possible security risks. For our example, we do not need any of these technologies. Click Finish.
  8. After Platform Builder has created the platform, in the Component Catalog, open the branch Core OS/Communication Services and Networking/Server.
  9. Right-click the Web Server (HTTPD) component and add it to your platform. Then, confirm the security notification that an improperly configured Web Server can lead to security vulnerabilities.
  10. Add some registry keys and at least one Hypertext Markup Language (HTML) file to the platform.

    The following lists some basic registry keys:
    [HKEY_LOCAL_MACHINE\COMM\HTTPD]
    "IsEnabled"=dword:1
    "Basic"=dword:1
    "DefaultPage"="default.asp"


    The following entry turns on the Web Server's ability to display local files that can be seen by a browser:

    "DirBrowse"=dword:1

    [HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS]
    "(default)"="\windows\www"
    "A"=dword:1
    "Userlist"="testuser"


  11. Set the default page to Default.asp, and add this page into the project to be put into the windows\www directory. You can create the file with the following content:

    <%
    Response.Write("
    Hello World
    ")
    Response.Write("The Time is "& Now())
    %>

  12. Build the platform and launch it in the emulator.
  13. Open Internet Explorer in the emulator and point the URL to http://localhost to see your new page.


Comparing IIS for Windows CE .NET with IIS 5.0/6.0 in Windows 2000/.NET Server

The following table presents an overview of what you can expect from the Web Server in Windows CE .NET compared to IIS on Windows 2000. If you are familiar with the IIS server for the desktop, you will find this section helpful in highlighting differences between the two.


Developing for the Embedded Web Server

Developing ASP Pages for IIS on Windows CE .NET

One of the greatest features of the embedded Web Server is the support for ASP. This allows you to create sophisticated, dynamic pages that, for example, could configure your device or allow you to monitor its current state.

Limitations of ASP for the embedded Web Server

As with all technologies of Windows CE .NET, ASP for the embedded Web Server contains a subset of the functionality that is available in ASP for IIS 5.0.
  • No state maintained between requests

    This is the greatest difference between the IIS and Windows CE .NET implementations of ASP. Windows CE .NET does not provide support for the Session or Application objects and does not send the Session-ID cookie that is used on IIS. Therefore, there is no automatic technique for maintaining state between requests or sessions.

    The script writer must maintain information between requests and sessions, and can do this by sending cookies to the client browser. This scheme assumes that the client browser has cookie support enabled.

  • No tag support

    Windows CE .NET–based ASP treats the tag and properties as plain text. Interpretation of the tag by the client browser is browser-specific. To create server sided objects on ASP, use the CreateObject() method.

  • No transaction support

    None of the methods or properties that are associated with transactions are supported on Windows CE .NET–based ASP. Tags and commands that are used by ASP on IIS to support transactions are ignored by Windows CE .NET–based ASP and are treated as plain text. How the client browser interprets these values is browser-specific.

  • No server-side scriptlets

    There is no support for server-side scriptlets in Windows CE .NET–based ASP. The and related tags are ignored by Windows CE .NET–based ASP and are treated as plain text. How the client browser interprets the tag is browser-specific.

  • No additional server-side scripting options

    On IIS, you can specify options such as tags is executed in the specified language on the server, instead of on the client computer.

    Windows CE .NET ignores the RUNAT option of tags and sends the script to the client browser. How the client browser interprets the RUNAT option is browser-specific.

  • No Global.asa file

    Windows CE–based ASP does not search automatically for a file that is named Global.asa to obtain global settings. You may include initial settings or commonly used routines by using header files.

  • No automatic initialization or termination functions

    Script procedures may be named Application_OnStart, Application_OnEnd, Session_OnStart or Session_OnEnd, although Windows CE .NET–based ASP does not treat them differently from any other user-created procedures. Unlike IIS ASP, Windows CE .NET–based ASP does not call script procedures automatically on application or session initialization or termination.

  • No metabase support

    The Web Server does not provide metabase support. If a script contains a property that can be set in the IIS metabase, but that is not explicitly listed as supported in this Web Server document, it is not supported for use with the Web Server. For example, scripts containing ScriptMap statements may operate correctly with IIS, but they will fail with the Web Server.

    Debugging

    Although ASP for the embedded Web Server does not support debugging, you can use Response.Write() statements to "debug" ASP pages. Also, because the source code for the Web Server is available for debugging purposes, you can step through the processing of the request in a debugger to help find bugs in ASP scripts.

    Securing the IIS for Windows CE .NET

    Security is a very important aspect of computing in a distributed and relatively open environment like the Internet. You can manage which users get access to what data on your device. The embedded Web Server supports the following authentication schemes:
    1. No authentication Allows all clients to access the server.
    2. Basic authentication Authenticates users against a user list that is defined in the registry. All users must use the same password, which is set in the Network control panel.
    3. NTLM authentication Uses the same user list as basic authentication, but the Web Server passes the authentication request to a domain controller that is specified in the registry.
    4. SSL Client Certificates Request a certain SSL certificate from the client to log the user on. To learn how the certificates can be set up, please refer to the article on SSL Client Authentication.


    The user list

    As mentioned above, embedded Web Server security can be managed through a user list. The user list is a registry entry corresponding to each of the virtual roots. For example, you can create a virtual root named "/www".

    In the registry, you can configure this root:

    [HKEY_LOCAL_MACHINE\Comm\HTTPD\VROOTS\/www]
        "(default)"="\windows\www"
        "A"=1
        "UserList" = "LoriKane; -JaneClayton; @Group1"

    The first entry "(default)" points to the physical location of your Web pages, in this case in the directory "www" under "Windows".

    The second parameter defines what security will be used by the v-root.
    • A=0—No authentication
    • A=1—V-ROOT requires a user name and password
    • A=2—Same as 1 just with additional administrative rights for the user

    The third parameter is the user list. You can use the following wildcards:
    • "-…" denies access to this user
    • "@.." allow access to this group of users. The group has to match a user group in the domain that will be used to authenticate the users.
    • "-*" deny all (domain) users
    • "@*" allows all (domain) users

    If you are using basic authentication, the groups wildcard does not do anything. Also, as mentioned above, the incoming authentication request will be verified directly against the user list and the password that is set in the Network control panel of your device. To set basic authentication, use the following registry key:

    [HKEY_LOCAL_MACHINE\Comm\HTTPD]
    "Basic"=1


    To enable NTLM (Domain) authentication, you must set the following registry key:

    [HKEY_LOCAL_MACHINE\Comm\HTTPD]
    "NTLM"=1

    Locate the users.hts for the userthe root.through a user list.
    Best practices
    • Limit deployment to ten connections simultaneously

      A typical deployment uses a Web Server in a private network to provide a remote user interface to configure a headless device. The registry defines the number of connections and when the MaxConnections registry value is not set, the registry limits the number to 10.

    • Do not use the Web Server to perform critical operations

      A typical deployment uses the Web Server to display status information or to host a family or community Web site. You should not use the Web Server to perform critical operations, such as machine control or financial processing.

    • Use authentication

      Use NTLM and/or Basic authentication mechanisms to limit access to known users only. You can set the option in the HKEY_LOCAL_MACHINE\COMM\HTTPD registry key. For specific security information, see the "Security Note" in "Base Registry Settings." For more information about authentication, see "Web Server Authentication and Permissions" in the Windows CE .NET documentation.

    • Use Secure Sockets Layer (SSL)

      SSL protocol protects data from packet sniffing by anyone with physical access to the network. For more information, see "SSL Support" in the Windows CE. NET documentation.

    • Use user access lists

      Carefully choose your virtual roots and limit access to the appropriate files by providing appropriate user access lists. Anonymous users with access to the virtual root may be able to access files and directories within that virtual root. You can set the options in the HKEY_LOCAL_MACHINE\Comm\HTTPD\VROOTS registry key. For specific security information, see the "Security Note" in "Virtual Path Settings." Also see "Web Server Authentication and Permissions" in the Windows CE. NET documentation.

    • Remove or disable sample Internet Server APIs (ISAPIs) and other development tools when you create the retail image

      Some sample ISAPIs that you include in your device may allow unauthorized users to access your system resources or protected data. Many of the samples provided are for development and debugging purposes only and pose a significant security risk if deployed on a public network.

    Internet Explorer, the Universal Client

    As it is on the desktop, Internet Explorer (IE) is the best option for Web navigation on the device. Windows CE .NET comes with two versions of IE: Pocket Internet Explorer (PIE) and Generic Internet Explorer (GENIE).

    Pocket Internet Explorer

    PIE is a very basic Web browser. It supports basic Web browsing and is optimized for small device footprints.

    Generic Internet Explorer

    Genie 4.0 (which came with Windows CE .NET 4.0) is based on desktop IE 4.0. It supports many more features than PIE, such as cascading stylesheets (CSS), Dynamic Hypertext Markup Language (DHTML), and scripting.

    CEIE 5.5

    The latest edition of GENIE is based on IE 5.5 and provides the most comprehensive support of Web features.

    Comparing the Internet Explorers

    The following table presents a detailed comparison of the different IE versions.


    Summary

    The distributed ecosystem is continually maturing toward more Web-enabled scenarios. Participating in these environments is becoming mandatory, even for embedded devices. The embedded Web Server is essential to enable a device for the distributed ecosystem. Therefore, you should include it on all devices running Windows CE .NET, even if they are mobile, headless or running in mission-critical environments.


    Copyright (c) 2002 Microsoft Corporation. All rights reserved. Reproduced by WindowsForDevices.com under license.


    (Click here for further information)

Windows XP for Embedded Applications
This white paper describes the benefits of using Windows XP when developing embedded applications.

A Manager's Guide to Selecting a Mobile Device Operating System
This white paper offers a comparative review of Microsoft Windows CE and Windows Mobile.

Visual Basic 6.0 to .NET Migration
This paper focuses on the methodology and techniques which Infosys (Microsoft Technology Center) has developed for migrating VB 6.0 Applications to .NET. Our approach ensures a smooth, cost effective, and efficient migration.

Mobile Device Security: Securing the Handheld, Securing the Enterprise
This whitepaper identifies security threats to corporate data on mobile devices and details how mobile devices can become a "backdoor" to the enterprise.

Mobile Device Security: The Eight Areas of Risk
It's common knowledge that adding mobile devices to your network increases security risks. There are multiple facets to mobile security, all of which should be paid close attention to. This E-Guide presents a more in depth look into the eight key areas of securing wireless devices.

Quality Assurance and .NET
This paper discusses best practices for functional, regression and load testing of .NET applications.

SCADA Security in Integrated Networks
As businesses leverage their SCADA systems by integrating them into the business networks, they must also assure the security of the SCADA system.

The Advantages of Small Form Factor HMI
HMIs have mutated and changed with new requirements, and they have become more flexible and capable. And while they've been doing that, they've become smaller and more useful.

9 Critical Requirements for Web Application Security
Learn why your Web applications expose dangerous security breaches and what’s required to effectively protect your Web applications and the sensitive information behind them.

 
Got a HOT tip?   please tell us!
Free weekly newsletter
 Enter your email...
Click here for a profile of each sponsor:
PLATINUM SPONSORS
(Become a sponsor)

ADVERTISEMENT
(Advertise here)
Updated! The latest Windows-powered...

mobile phones!

other cool
gadgets
HOT TOPICS
Microsoft targets PNDs with new embedded OS
Microsoft tips .NET MF 3.0 highlights
Microsoft previews Windows Embedded Standard
Microsoft offers free Windows CE 6.0 textbook
Microsoft renames embedded operating systems
Microsoft unveils Windows Mobile 6.1
New Atom models target low-cost PCs
REFERENCE GUIDES
Windows Device Showcase
Intro to Windows Embedded
Intro to Shared Source
Real-time Windows Embedded
Windows Embedded books
Join our Windows Embedded discussion forums:
 Windows XP Embedded
Windows CE
Windows Mobile
Windows Embedded developer newsgroups
 Windows CE
XP Embedded
PocketPC
Smartphone
Microsoft's Windows Embedded resources
 Embedded dev center
Mobile dev center
Windows CE tutorials
XP Embedded tutorials
Windows Embedded seminars
Windows Embedded application categories
3rd-party partners
BREAKING NEWS

• Cortex-A8 SBCs target signage and kiosks
• Student competition offers a different kind of fireworks
• Windows CE SBC targets HMI development
• All-you-can-eat carrier launches -- sort of
• Adeneo and IntervalZero promote "soft-control" architecture
• App creates virtual serial ports in Windows CE
• Windows satellite phone service takes off (literally)
• Bsquare and Microsoft renew key distribution agreement
• Software syncs HTC phones with Macs
• Electricity meter runs Windows, talks to Google
• Windows device is two phones in one
• MIcrosoft's online store to debut with 600 Windows Mobile apps
• Windows Mobile gets upgraded Skype VoIP client
• Panel PC targets outdoor use
• Samsung shrinks ARM11 application processor
MOST POPULAR (last 90 days)
• "Netbook" uses Intel's Atom N270
• Windows CE takes on Linux in low-end netbooks
• HTC ups Touch resolution
• Microsoft unleashes new embedded OS
• Windows Mobile phone gets 800 x 480 display
• HTC spins WiMAX phone?
• Smart camera sports Atom
• Dual-core AMD netbook gets rave review
• Windows Mobile 7 "delayed"
• GPS phone uses new Marvell "Tavor" chip
MOST POPULAR (Classics from the vault)
Windows XP Embedded USB boot
Troubleshooting Windows XPe's blue screen "Stop 0x0000007B" error
Asus reveals $190 mini notebook
Windows Mobile 6 SDKs available for download
Windows Mobile VPN client plays with Cisco
HTC adds GPS to Windows Mobile Touch line
Microsoft unveils Windows Mobile 6.1
Guide to HTC's Windows Mobile smartphone platforms
• HTC releases Touch Diamond ROM upgrade
Customizing Windows XP Embedded thin clients
Also visit our sister sites:

Sign up for WindowsForDevices.com's...

news feed

Or, follow us on Twitter...

Home  |  News  |  Articles  |  Polls  |  Forum  |  Directory  |  About  |  Contact
 

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Windows is a trademark or registered trademark of Microsoft Corporation in the United States and/or other countries and is used by WindowsForDevices under license from owner. All other marks are the property of their respective owners. WindowsForDevices is an independent publication not affiliated with Microsoft Corporation.