Inside IIS & Asp.Net

Inside IIS & Asp.Net

Introduction

Tools like ASP.NET greatly simplify the development of a complex Web application. Although this is a great thing for general productivity, it can also keep you from understanding the fundamental communications between your Web server and your ASP.NET application code. Furthermore, there will be times when you need to butt-in and intercept HTTP requests, which requires a greater understanding of the process of communication between your Web server of choice, and ASP.NET.

This article explains how IIS and ASP.NET communicate, and describes some techniques for intercepting some of this communication. I’ll review how ASP.NET is configured to handle requests, and how applications and Web services are handled by default.

Then I’ll discuss how you might butt-in to those requests with HTTP handlers, handler factories and modules. You’ll see how they function individually and together through a series of examples.

splash_title_richMedia_300x250.gif
<a href=’http://ad.doubleclick.net/jump/atssn/tt_articles;bkg=FFFFFF;kw=;dcopt=;pos=1;sz=300×250;ptile=1;ord=7821332?”> <img src=’http://ad.doubleclick.net/ad/atssn/tt_articles;bkg=FFFFFF;kw=;dcopt=;pos=1;sz=300×250;ptile=1;ord=7821332?” width=’300′ height=’250′ border=’0’></a>

From IIS to ASP.NET

IIS communicates with the .NET framework through unmanaged ISAPI extensions: aspnet_isapi.dll and aspnet_filter.dll. The aspnet_isapi.dll is an extension that serves as a request router, and the aspnet_filter.dll is a filter that primarily handles cookieless session states for ASP.NET. These unmanaged components, along with the state Windows service (aspnet_state.exe) and the ASP.NET worker process (aspnet_wp.exe) are the core of the ASP.NET processing model.

When the .NET framework is installed on a machine that has IIS installed, IIS is configured so that requests for specific extensions are handled by aspnet_isapi.dll. As a point of interest, the filter is also configured within IIS..

image01.jpg

Requests for ASP.NET resources are forwarded by IIS to ASP.NET via this configured extension. This extension is the bridge between unmanaged and managed code. Before control is passed to your application, an ASP.NET application object must be instantiated (by the runtime) and configuration settings are considered to determine how this request should be handled. Machine.config and collective web.config files are processed collectively to support this process.

image02.jpg

For this article, we are specifically interested in the <httpHandlers> configuration section. Settings in this section indicate which .NET type should handle the request. The default settings found in the machine.config file when .NET is installed, are as follows:

<httpHandlers>
<add verb="*" path="trace.axd" type="System.Web.Handlers.TraceHandler"/>
<add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory"/>
<add verb="*" path="*.ashx" type="System.Web.UI.SimpleHandlerFactory"/>
<add verb="*" path="*.asmx" type="System.Web.Services.Protocols.WebServiceHandlerFactory,
System.Web.Services, Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" validate="false"/>
<add verb="*" path="*.rem"
type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory,
System.Runtime.Remoting, Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" validate="false"/>
<add verb="*" path="*.soap"
type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory,
System.Runtime.Remoting, Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" validate="false"/>
<add verb="*" path="*.asax" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.ascx" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.config" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.cs" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.csproj" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.vb" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.vbproj" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.webinfo" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.asp" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.licx" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.resx" type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.resources" type="System.Web.HttpForbiddenHandler"/>
<add verb="GET,HEAD" path="*" type="System.Web.StaticFileHandler"/>
<add verb="*" path="*" type="System.Web.HttpMethodNotAllowedHandler"/>
</httpHandlers>


The <httpHandlers> section indicates which HTTP handler factory, or handler, should be used to handle the request. In summary, the high-level workflow from IIS to your ASP.NET applications is as follows:

•IIS receives request for a resource

•For resources mapped to ASP.NET ISAPI Extension (i.e., *.aspx, *.asmx) the request is passed to an unmanaged ASP.NET DLL which communicates with the HttpRuntime object

•The HttpRuntime object handles creation of the HttpApplication object (as needed), and the inspection of configuration settings, then passes control to the appropriate handler for the request

•The handler is created to process request, which ultimately sends a response

The following diagram illustrates this workflow:

image03.jpg

<httpHandlers> settings can be modified at the global (machine.config) level, or overridden at the application (web.config) level. In other words, you can specify a different factory or handler to process particular resource requests. For example, to reject requests for *.rem objects, you can edit the machine.config, or the application web.config as follows:

<add verb="*" path="*.rem" type="System.Web.HttpForbiddenHandler"/

Associating the HttpForbiddenHandler with *.rem replaces the default behavior, which be to use HttpRemotingHandlerFactory. If you specify this override in the machine.config, this will impact all applications on the Web server.

image04.jpg

HTTP Handlers and Handler Factories

As mentioned above, the ASP.NET runtime relies on HTTP handlers or handler factories to process requests. Configuration file settings associate an HTTP handler or handler factory class with specific resources. Let’s take a closer look at these settings.

The following entry associates the System.Web.UI.PageHandlerFactory class with *.aspx resources, for all HTTP verbs (i.e., GET, POST):

<add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory"/>

This next entry associates System.Web.HttpForbiddenHandler with *.config resources:

<add verb="*" path="*.config" type="System.Web.HttpForbiddenHandler"/>

These are preexisting classes provided with the base class library, but you can also build custom handlers and handler factories, by implementing the IHttpHandlerFactory and IHttpHandler interface (respectively). Before we talk about how to implement custom handlers and factories, let’s review their features. From a high level, HTTP handler factories are specified in order to dynamically return the correct HTTP handler object to manage the requested resource. If an HTTP handler is specified, it is instantiated directly by the runtime. Regardless, the end-result is to invoke a handler for the resource.

After the runtime passes control to a handler, it is the handler’s job to handle the request, instantiating the appropriate ASP.NET server-side objects, and send an HTTP response. For example, PageHandlerFactory returns a System.Web.UI.Page object for the requested *.aspx resource, and System.Web.HttpForbiddenHandler throws an HttpException indicating that the request is not supported.

Implementing IHttpHandler

Similar to ISAPI extensions, handlers provide low-level access to HTTP request and response objects. Implementing a custom handler allows you to process specific resources differently. You can intercept requests for those resources and override the response. For example, if you wanted to log the IP addresses of those requesting forbidden files, you could write a handler that logged information about those requests before throwing an HttpException. You may even want to send back a little love note to those making such request, as shown in the sample code, like this:

image05.jpg

To create a custom HTTP handler, create a .NET component that implements IHttpHandler. This interface has the following members:

  • ProcessRequest() – this method is invoked by the runtime to handle the request
  • IsReusable – this property indicates if multiple requests can share the same handler

ProcessRequest() is passed the HttpContext for the request, which can be used to access HttpRequest, HttpResponse and HttpSessionState objects.

NOTE: A handler must implement IRequiresSessionState if it will access the session object.

Here is a simple example of an HTTP handler that writes output to the browser:

   public class ForbiddenLogHandler: IHttpHandler
{
public ForbiddenLogHandler()
{
}

public virtual void ProcessRequest(HttpContext context)
{

context.Trace.Write("ForbiddenLogHandler.ProcessRequest()");

HttpResponse rs = context.Response;
HttpRequest rq = context.Request;

rs.Write("<p><H1>We know who you are...</H1></p>");

rs.Write("You were referred by " + rq.UrlReferrer + "<br>");
rs.Write("Your IP is" + rq.UserHostAddress + "<br>");
rs.Write("Your domain is" + rq.UserHostName + "<br>");
rs.Write("<p>Why were you requesting a restricted resource?</p>");

}

public virtual bool IsReusable
{
get { return true; }
}
}

The following web.config section configures the ForbiddenLogHandler for any *.cs, *.resx, or *.config files within the application:

<httpHandlers>
<add verb="*" path="*.cs" type="WebHandlers.ForbiddenLogHandler,WebHandlers"/>
<add verb="*" path="*.resx" type="WebHandlers.ForbiddenLogHandler,WebHandlers"/>
<add verb="*" path="*.config" type="WebHandlers.ForbiddenLogHandler,WebHandlers"/>
</httpHandlers>

Implementing IHttpHandlerFactory

Where HTTP handlers may be useful in responding to requests for specific resources, a handler factory makes it possible to intercept a request, perform some pre-processing on the request, and then following a factory pattern, create the handler for the resource.

To create a custom handler factory, create a .NET component that implements IHttpHandlerFactory. This interface has the following members:

  • GetHandler() – wadda ya know, this method returns a valid IHttpHandler for the runtime to process the requested resource
  • ReleaseHandler() – provides an opportunity for the factory to reuse a handler

GetHandler() is called by the runtime, and must return null, or a valid IHttpHandler. Here is an example of an HTTP handler factory that counts the number of hits from a particular IP address, if the count is exceeded, returns a custom handler, if not, passes control to the default handler for the resource.

public class HitTrackingHandlerFactory: IHttpHandlerFactory
{
public HitTrackingHandlerFactory()
{
}

public virtual IHttpHandler GetHandler(HttpContext context,
String requestType, String url, String pathTranslated)
{

if (!HitLogHelper.CheckHitCount(context.Request.UserHostAddress, context.Request.UserHostName))
return new HitsExceededHandler();

Object handler = null;

try
{
String filename = url.Substring(url.LastIndexOf('/')+1);
String file = filename.Substring(0, filename.IndexOf('.'));
String ext = filename.Substring(filename.LastIndexOf('.')+1);

if (ext == "aspx")
{
return System.Web.UI.PageParser.GetCompiledPageInstance(url, pathTranslated, context);
}
else if (ext == "asmx")
{
System.Web.Services.Protocols.WebServiceHandlerFactory fact = new
System.Web.Services.Protocols.WebServiceHandlerFactory();

handler = fact.GetHandler(context, context.Request.RequestType, url, pathTranslated);
}
else if (ext == "rem")
{
System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory fact = new
System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory();
handler = fact.GetHandler(context, context.Request.RequestType, url, pathTranslated);
}
else
{
throw new HttpException("Unable to process extension *." + ext);
}

}
catch (Exception e)
{
throw new HttpException("HitTrackingHandlerFactory", e);
}
return (IHttpHandler)handler;
}


public virtual void ReleaseHandler(IHttpHandler handler)
{
return;
}
}

public class HitsExceededHandler: IHttpHandler
{
public HitsExceededHandler()
{
}

public virtual void ProcessRequest(HttpContext context)
{
context.Response.Write("<h1>Number of hits exceeded!</h1><p>");
}

public virtual bool IsReusable
{
get { return true; }
}
}

Implementing IHttpModule

A module provides an event-driven mechanism for interacting with application events, and HTTP request and response objects. Registered modules are instantiated before HTTP handlers and handler factories, so that they can register for application events. In fact, modules interact with Web applications in two ways: by listening to application events, and by firing custom events to applications that have registered to listen. The latter of these two tightly couples the module with your application. The former provides access to the request, response, and session objects at various stages in the processing of each HTTP request, in an independent component.

To create a custom module, create a .NET component that implements IHttpModule. This interface has the following members:

  • Init() – provides an opportunity for modules to register for application events
  • Dispose() – provides an opportunity to clean up resources allocated by

The following sample Init() method registers for the HttpApplication object’s PreRequestHandlerExecute, PostRequestHandlerExecute, and Error events:

protected void Init() 
{
application.PreRequestHandlerExecute +=
(new EventHandler(this.Application_PreRequestHandlerExecute));
application.PostRequestHandlerExecute +=
(new EventHandler(this.Application_PostRequestHandlerExecute));
application.Error += (new EventHandler(this.Application_Error));
}

You can also handle these events in individual applications in the global.asax, however using a module makes it possible to toggle the configuration externally, and deploy a common set of event handlers for multiple applications:

<httpModules>
<add name="EventModule" type="WebHandlers.EventModule,WebHandlers"/>
<add name="ErrorHandlerModule" type="WebHandlers.ErrorHandlerModule,WebHandlers"/>
</httpModules>

In such a global error handler, you could provide a catch all error handler that notifies the site administrator of uncaught exceptions.

Handlers vs. Modules

From an architectural perspective, handlers and modules serve a much different purpose. Handlers (and factories returning handlers) provide a way to intercept the request, and redirect how it is handled. The best a module can do in this respect, is send a custom response, and cancel the handler from completing its job. What they have in common is the ability to access to the underlying HttpApplication, HttpRequest, HttpResponse, and HttpSessionState objects (at certain points) so that you can manipulate and/or interact with this data.

The order of events for these components is as follows:

  • HttpApplication is created (if necessary)
  • HttpModules are created (in order of appearance in configuration files)
  • Modules will receive request notification and authentication events, prior to control passing to the appropriate handler.
  • HttpHandlerFactory/HttpHandler is created, to process the request
  • Resulting objects are created (I.e., the Page, Web Service or Remote object)
  • These objects, the application, and any modules continue to interact with one another via events

The following diagram illustrates the default behavior, in order of instantiation:

image06.jpg

This next diagram illustrates where custom factories, handlers, modules and extensions would fit in the workflow:

image07.jpg

The Code

Code samples supplied with this article demonstrate the order of events when custom handler factories, handlers and modules are all present. Code demonstrates the following:

  • The <trace> element of the web.config file is configured to display trace output in the Web page. When the page is loaded, you’ll be able to see trace statements, and you can also view the trace.axd file like so:

    http://localhost/ASPNETCS/WebResources/trace.axd

  • From the main Web page, you can click on invalid resources to see the results of the ForbiddenLogHandler, which handles *.resx, *.cs, and *.config requests.
  • A custom message is written to the response stream, but the data returned can also be interesting data to collect from those visiting your site, for data mining.
  • The main Web page also has a link to an invalid resource, which will generate an application error. The ErrorHandlerModule is configured to pick up errors, and e-mail the administrator a notification, while also writing custom HTML to the response stream.
  • After 2 passes though the HitTrackingHandlerFactory, you will no longer be able to browse the main page. An XML file is written by the factory, counting hits from particular IPs, and rejecting that IP after 2 hits. Note the file path is currently hard-coded, so you’ll need to create a directory for the file, and modify the code to match. Delete the file to reset the behavior. The factory also demonstrates forwarding the request to be handled by default behavior of ASP.NET configuration, if the request is approved.

Summary

This article should give you the tools you need to determine what architectural model is best for you application, with respect to intercepting HTTP requests, and modifying application behavior globally. For your reading pleasure, here are a few ideas:

  • Customize authentication, to provide a guest account for users that do not have permission
  • Pre-authenticate users for a “trial” usage of your application
  • Toggle logging behavior, to collect useful statistics about your clients, and perform data mining

Authors

spacer.gif Michele is a Chief Architect with IDesign, Microsoft Regional Director for San Diego, Microsoft MVP for Web Services and a BEA Technical Director. In addition, Michele is a member of the board of directors for the International Association of Software Architects (IASA). At IDesign Michele provides high-end architecture consulting services, training and mentoring. Her specialties include architecture design for robust, scalable and secure .NET architecture; localization; Web applications and services; and interoperability between .NET and Java platforms. Michele is a member of the INETA; a frequent conference presenter at major technology conferences such as Tech Ed, PDC, SD and Dev Connections; conference chair for SD’s Web Services track; and a regularly published author. Michele’s next book is Windows Communication Framework Jumpstart for O’Reilly, due out in early 2006. Reach her at www.idesign.net or visit her blog at www.dasblonde.net.

This passage is refered from : http://www.theserverside.net/tt/articles/showarticle.tss?id=IIS_ASP

转载于:https://www.cnblogs.com/wbqsln/archive/2011/03/02/1968704.html

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/110653.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

  • layUI展示树状treetable树形表格完整代码「建议收藏」

    layUI展示树状treetable树形表格完整代码「建议收藏」前言:因项目功能需要,在shiro权限管理模块中需要使用树状展示,前端使用的layUI框架,在官网的开发文档上没有找到树状表格的内容。只有树状菜单的文档:https://www.layui.com/doc/modules/tree.html树状表格步骤如下:1、首先下载所需调用的文件。下载链接:https://download.csdn.net/download/qq_35393472/10…

  • Android 开发环境详细概述

    Android 开发环境详细概述理解AndroidApp开发环境搭建的部分以及他们之间如何联系,协调工作(会和理解为什么要去做,知其然知其所以然)掌握环境搭建的步骤掌握配置环境项的用途,以方便我们的开发操作Android开发组成Java+AndroidSDK+开发工具(IDE)Android的开发语言是Java,只有安装JDK才能让Java运行起来Android的SDK提供了运行和硬件开发环境Eclipse开发工具可以提高编…

  • 模板消息php40008,企业微信发送模板消息 40008 Warning: wrong json format. ?

    模板消息php40008,企业微信发送模板消息 40008 Warning: wrong json format. ?同样的入参,在单元测试,本地启动服务调用均正常,在某个机器一直返回错误{“touser”:”abingnew”,”msgtype”:”miniprogram_notice”,”miniprogram_notice”:{“title”:”测试标签”,”page”:”/pages/index/index”,”description”:”阿炳new向您发来推广任务”,”appid…

  • 52激活成功教程游戏论坛_激活成功教程版吾爱

    52激活成功教程游戏论坛_激活成功教程版吾爱2019.6.6号,当小编打开吾爱激活成功教程论坛的时候,发现网站已经不能打开,出现一个公告:吾爱激活成功教程一直致力于软件安全技术交流,作为一个尊重原创、重视版权的论坛,为了顺应新时代版权的发展,加强版权保护的力度

  • 数据库基础知识一(MySQL)[通俗易懂]

    数据库基础知识一(MySQL)[通俗易懂]数据库是研究数据管理的技术。即如何妥善地保存和科学地管理数据。数据管理是指对数据进行分类、组织、编码、存储、检索和维护等操作。数据管理技术好坏评判的标准:(1)数据冗余(2)数据共享(3)数据独立性(4)数据统一集中管理数据库:按一定结构组织存储的、集成的、可共享的数据的集合。数据库有两种类型:关系型数据库与非关系型数据库。关系型数据库:存储格式能直观地反映实体间的关系,和创…

  • Redis哨兵模式主从同步不可以绑定127.0.0.1或者0.0.0.0,不然无法进行主从同步

    Redis哨兵模式主从同步不可以绑定127.0.0.1或者0.0.0.0,不然无法进行主从同步

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号