ASP.NET Integration with IIS 7

ASP.NET Integration Architecture

In IIS 6.0 and previous releases, ASP.NET was implemented as an IIS ISAPI extension.

In these earlier releases, IIS processed a request to an ASP.NET content type and then forwarded that request to the ASP.NET ISAPI DLL, which hosted the ASP.NET request pipeline and page framework. Requests to non-ASP.NET content, such as ASP pages or static files, were processed by IIS or other ISAPI extensions and were not visible to ASP.NET.

The major limitation of this model was that services provided by ASP.NET modules and custom ASP.NET application code were not available to non-ASP.NET requests. In addition, ASP.NET modules were unable to affect certain parts of the IIS request processing that occurred before and after the ASP.NET execution path.

ASP.NET Integration with IIS 7_.net

 

 Figure 1: IIS 6.0 & ASP.NET Pipelines

 

In IIS, the ASP.NET request-processing pipeline overlays the IIS pipeline directly, essentially providing a wrapper over it instead of plugging into it.

IIS processes requests that arrive for any content type, with both native IIS modules and ASP.NET modules providing request processing in all stages. This enables services that are provided by ASP.NET modules, such as Forms authentication or output cache, to be used for requests to ASP pages, PHP pages, static files, and so on.

The ability to plug in directly into the server pipeline allows ASP.NET modules to replace, run before, or run after any IIS functionality. This enables, for example, a custom ASP.NET Basic authentication module that is written to use the Membership service and SQL Server user database to replace the built-in IIS Basic authentication feature that works only with Windows accounts.

In addition, the expanded ASP.NET APIs use direct integration to enable more request-processing tasks. For example, ASP.NET modules can modify request headers before other components process the request, by inserting an Accept-Language header before ASP applications execute, which forces localized content to be sent back to the client based on user preference.

 

ASP.NET Integration with IIS 7_ide_02

 

 

Figure 2: IIS 7 and Above Integrated Mode

Because of the runtime integration, IIS and ASP.NET can use the same configuration to enable and order server modules, and to configure handler mappings. Other unified functionality includes tracing, custom errors, and output caching.

 

Runtime Fidelity

In Integrated mode, the ASP.NET request-processing stages that are exposed to modules are directly connected to the corresponding stages of the IIS pipeline.

The complete pipeline contains the following stages, which are exposed as HttpApplication events in ASP.NET:

https://docs.microsoft.com/en-us/dotnet/api/system.web.httpapplication?view=netframework-4.8#events

  1. BeginRequest. The request processing starts.
  2. AuthenticateRequest. The request is authenticated. IIS and ASP.NET authentication modules subscribe to this stage to perform authentication.
  3. PostAuthenticateRequest.
  4. AuthorizeRequest. The request is authorized. IIS and ASP.NET authorization modules check whether the authenticated user has access to the resource requested.
  5. PostAuthorizeRequest.
  6. ResolveRequestCache. Cache modules check whether the response to this request exists in the cache, and return it instead of proceeding with the rest of the execution path. Both ASP.NET Output Cache and IIS Output Cache features execute.
  7. PostResolveRequestCache.
  8. MapRequestHandler. This stage is internal in ASP.NET and is used to determine the request handler.
  9. PostMapRequestHandler.
  10. AcquireRequestState. The state necessary for the request execution is retrieved. ASP.NET Session State and Profile modules obtain their data.
  11. PostAcquireRequestState.
  12. PreExecuteRequestHandler. Any tasks before the execution of the handler are performed.
  13. ExecuteRequestHandler. The request handler executes. ASPX pages, ASP pages, CGI programs, and static files are served.
  14. PostExecuteRequestHandler
  15. ReleaseRequestState. The request state changes are saved, and the state is cleaned up here. ASP.NET Session State and Profile modules use this stage for cleanup.
  16. PostReleaseRequestState.
  17. UpdateRequestCache. The response is stored in the cache for future use. The ASP.NET Output Cache and IIS Output Cache modules execute to save the response to their caches.
  18. PostUpdateRequestCache.
  19. LogRequest. This stage logs the results of the request, and is guaranteed to execute even if errors occur.
  20. PostLogRequest.
  21. EndRequest. This stage performs any final request cleanup, and is guaranteed to execute even if errors occur.

By using the familiar ASP.NET APIs, the ability to execute in the same stages as IIS modules makes tasks that were only previously accessible in native ISAPI filters and extensions now possible in managed code.

For example, you can now write modules that do the following:

  1. Intercept the request before any processing has taken place, for example rewriting URLs or performing security filtering.
  2. Replace built-in authentication modes.
  3. Modify the incoming request contents, such as request headers.
  4. Filter outgoing responses for all content types.

See Developing an IIS 7 and Above Module with .NET for a good example of how to extend IIS with a custom ASP.NET authentication module.