Background Intelligent Transfer Service Concepts

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Concepts

This topic describes how to use BITS notifications, and also provides security-related information for BITS.

Using BITS notifications

BITS Server Extensions provides a way to notify Web applications of the arrival of data from a client computer to the server, and for that server to generate a reply to the client computer. You can configure this mechanism for each virtual directory on the server by using controls in the Allow notifications section of the BITS Server Extensions tab.

When Allow notifications is checked, two controls become available for configuration: Notification type and Notification URL.

Notification type requires that you select either Send the file name or Send the data.

  • Send the file name passes only the name of the file and tells the server the location the location of that uploaded file, as well as where to record a reply. Your application is responsible for opening the request (uploaded) data file and for creating any response data.

  • Send the data passes all of the data and replies directly between the server and application and specifies the locations for the data and replies.

When BITS Server Extensions receives all of the uploaded data from the application on the client computer, it generates a notification reply in the Notification URL that you specify. For Send the file name, BITS writes the response to a URL. For Send the data, BITS writes the data and response to a temporary file for the client computer to download.

BITS uses IIS security mechanisms. BITS notifications are generated solely in the security context specified for the client system. This context is set in Authentication Methods, which is accessed from the Directory Security tab of the Properties page for the virtual directory.

Securing virtual directories

IIS allows a user to set Run script and Execute permissions for a virtual directory separately from Write permissions. Customarily, administrators disallow writing to the virtual directory to prevent clients from uploading executable scripts or programs to a directory and then executing them.

However, when a virtual directory has been enabled for BITS uploads, clients can write to this directory by means of BITS uploads, even though write permissions on the virtual directory have been disallowed. To protect the server, BITS Server Extensions disables all Run script and Execute permissions on a virtual directory that has been upload-enabled for BITS. To keep the virtual directory secure, BITS Server Extensions does not respond to any client requests for uploading data until permissions are disabled. If these permissions are enabled at any time, BITS Server Extensions denies all upload requests until the permissions are disabled again. Whenever BITS Server Extensions denies a request, it writes an IIS log entry.

For more information about securing virtual directories, see the online Help.

Using BITS with SSL

BITS Server Extensions is installed with a default configuration that does not secure BITS traffic during data replication. If you want to use BITS to transfer sensitive data, you should do so over a secure connection, such as Secure Sockets Layer (SSL).

For general information about SSL, see the online Help.