On the Internet, ensuring state and
application integrity (i.e., authorization, authentication, and auditing) is even more important
because of the wild nature of the Web. In this section, we provide a quick overview of the ASP.NET
request processing architecture. While not strictly required for server control development,
understanding the basics of the ASP.NET processing architecture, as well as HttpModules and
HttpHandlers, can help a developer understand where to plug in custom server controls or
where an HttpModule or HttpHandler may be more appropriate.
When a browser client makes a request to Internet Information Services (IIS) for a resource
such as an .aspx file, by default, ASP.NET initiates and then maintains user state for the duration of
the user??™s site interaction, which can include multiple request/response HTTP sessions. Figure 3-1
shows the logical data flow for a typical ASP.NET request. The request is made to IIS, which checks
the file extension mappings to determine how to handle the request. If it is an ASP.NET request, IIS
hands off the request to the ASP.NET Internet Server Application Programming Interface (ISAPI)
library, aspnet_isapi.dll. That library next funnels the request into the ASP.
Pages:
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159