Wiley Professional ASP.NET 2.0 Security, Membership, and Role Management 978-0-7645-9698-8 Benutzerhandbuch
Produktcode
978-0-7645-9698-8
Initial Phases of a
Web Request
Before the first line of code you write for an
.aspx
page executes, both Internet Information Services
(IIS) and ASP.NET have performed a fair amount of logic to establish the execution context for a
HyperText Transfer Protocol (HTTP) request. IIS may have negotiated security credentials with your
browser. IIS will have determined that ASP.NET should process the request and will perform a hand-
off of the request to ASP.NET. At that point, ASP.NET performs various one-time initializations as
well as per-request initializations.
HyperText Transfer Protocol (HTTP) request. IIS may have negotiated security credentials with your
browser. IIS will have determined that ASP.NET should process the request and will perform a hand-
off of the request to ASP.NET. At that point, ASP.NET performs various one-time initializations as
well as per-request initializations.
This chapter will describe the initial phases of a Web request and will drill into the various security
operations that occur during these phases. In this chapter, you will learn about the following steps
that IIS carries out for a request:
operations that occur during these phases. In this chapter, you will learn about the following steps
that IIS carries out for a request:
❑
The initial request handling and processing performed both by the operating system layer
and the ASP.NET Internet Server Application Programming Interface (ISAPI) filter
and the ASP.NET Internet Server Application Programming Interface (ISAPI) filter
❑
How IIS handles static content requests versus dynamic ASP.NET content requests
❑
How the ASP.NET ISAPI filter transitions the request from the world of IIS into the
ASP.NET world
ASP.NET world
Having an understanding of the more granular portions of request processing also sets the stage
for future chapters that expand on some of the more important security processing that occurs
during an ASP.NET request as well as the extensibility points available to you for modifying
ASP.NET’s security behavior.
for future chapters that expand on some of the more important security processing that occurs
during an ASP.NET request as well as the extensibility points available to you for modifying
ASP.NET’s security behavior.
This book describes security behavior primarily for Windows Server 2003 running IIS6 and
ASP.NET. Due to differences in capabilities between IIS5/5.1 and IIS6, some of what is described
is not available or applicable when running on Windows 2000/XP. Differences in behavior
between versions of IIS are noted in some cases.
ASP.NET. Due to differences in capabilities between IIS5/5.1 and IIS6, some of what is described
is not available or applicable when running on Windows 2000/XP. Differences in behavior
between versions of IIS are noted in some cases.
04_596985 ch01.qxp 12/14/05 7:46 PM Page 1
COPYRIGHTED MATERIAL