locked
What do I replace FPSE with? RRS feed

  • Question

  • User-25623578 posted

     We have 4 different environments with some environments containing 9 servers. We currently use FrontPage Server Extensions to manage permissions for our hundreds of developers over about 750k files. We are stuck on Win2k3 / iis6 because of this. I have read on webdav a bit but am looking to ask what everyone is doing to replace the permission management portion of FPSE for large amounts of files+developers?

     

    Any Suggestions?

    Friday, April 30, 2010 11:07 AM

All replies

  • User-823196590 posted

    Straight-up NTFS permissions on application root folders.

    Friday, April 30, 2010 11:21 AM
  • User-25623578 posted

    That is not what I wanted to hear :(

    Friday, April 30, 2010 12:10 PM
  • User-25623578 posted

     Are there any decent third party products?

    Friday, April 30, 2010 2:22 PM
  • User1073881637 posted

    Nothing like FPSE exists as far as I know.  There is FPSE on IIS 7 but the support was put to a 3rd support,

    http://learn.iis.net/page.aspx/134/installing-the-frontpage-server-extensions-on-iis-70/

    Not sure that helps.   I would abandon FPSE if at all possible for longer term architecture.

    Friday, April 30, 2010 9:34 PM
  • User-25623578 posted

     I completely agree in ditching FPSE. I need to replace the security management portion.  The skinny is that we have many developers who currently can manage permissions to their subwebs. If at all possible I want to start building 2008/iis7.x servers instead of putting 2003 boxes out there. The crux is that i'm certain the dev's will flip their lids if i snatch their permissions to manage access to their subwebs. I would love to move to NTFS and be done with it but the environment here may not allow for that.

     

    Thanks for any suggestions.

    Monday, May 3, 2010 10:38 AM
  • User-964210117 posted

    We went through this exact scenario. If you have the development staff available, WebDAV is the way to go. We replaced a 4 server, 750 site FPSE intranet architecture with a 2 server 2K8 WebDAV architecture recently, and our users love it.

     Our big hurdle was self management, and we ended up using the Microsoft.Web.Administration API to write a series of web services that greatly simplify, and largely automate, permissions management in IIS.

     In a nutshell: We created a web service that deploys each subweb and folder programmatically on the server with a custom apppool. At the NTFS level we leave the permissions wide open, with all members of our AD having write access. This isn't as much of a security risk as it sounds, as the drives aren't shared and the ONLY access to these folders is through our IIS WebDAV implementation. We manage access permissions directly through WebDAV, again using the Microsoft.Web.Administration API. We never have to touch IIS directly, everything is managed via our custom management applications.

     Our architecture uses a small external database to store subweb/user relationships, which allows us to differentiate between subweb "owners" and "editors". Because we have that information, we were able to extend the functionality of the webapps to the users themselves, allowing subweb "owners" to add or remove additional users from their own sites without the intervention of our IT staff.

     Our users actually tell me that they prefer the new system to the old FrontPage architecture, but this route DOES require a considerable developer time investment to implement and debug. I believe that the entire developement project took two full time C# .Net developers about two weeks from initial planning to user beta testing (both were experienced .Net developers, but neither had used this API before). I don't believe that there are any off the shelf applications that can do this, so developing in-house (or hiring a consultant) is the only option. If you have the resources, it's worth the effort though.

    Tuesday, May 25, 2010 12:44 PM
  • User-823196590 posted

    Very cool!  Maybe you want to market that ...

    Tuesday, May 25, 2010 3:29 PM
  • User-964210117 posted

    I wish, but that's not an option. I work for a government agency, and because the project was paid for using taxpayer dollars, we can't sell it. We did toy with the idea of open sourcing it for a while (we can't sell it, but we can give it away), but doing that would require a couple of audits to ensure that we're not revealing any architectural secrets or violating anyone's IP. We can't get the authorization to spend any staff time on those audits, so it remains an internal tool only.

     It's really not a difficult tool for any experienced .Net developer to assemble, and the included IIS System Configuration tool is even kind enough to generate sample code for most of the more involved requests. The real question is whether it's worthwhile for an organization to invest a months worth of developer/days into something like this. For most smaller FPSE users, it's probably not. For ISP's and enterprise installations, it may be. It certainly was worthwhile for us (6k+ users on 700+ sites).

     Our only other option was implementing FTP. We had a very strictly enforced "No FTP" rule in place from the mid-90's up until last month (because of security vulnerabilities and support issues), so our users and management both freaked out when we proposed replacing FPSE with FTPES. The WebDAV solution required additional effort, but ultimately made everyone happy.

    Tuesday, May 25, 2010 4:37 PM
  • User1138193213 posted

    For what it's worth, I wrote a blog post series some time ago that was titled "Life after FPSE" that has some helpful information:

    I also wrote the following walkthroughs with some additional helpful WebDAV information:

    BTW - I loved the solution of managing the WebDAV authoring rules using the IIS administration APIs, that makes for a great replacement for the FPSE administration features. Great idea. ;-]

    Monday, June 7, 2010 7:26 PM