Using the IIS 7.0 Integrated Pipeline (2023)

VonMike Wolodarsky

IIS 6.0 and earlier versions enabled the development of .NET application components on top of the ASP.NET platform. ASP.NET integrated with IIS through an ISAPI extension and provided its own application and request processing model. This exposed two separate server pipelines, one for the native ISAPI filter and extension components, and one for the managed application components. ASP.NET components would run entirely within the ASP.NET ISAPI extension bubble and only for requests assigned to ASP.NET in the IIS Script Map configuration.

IIS 7.0 and later integrate the ASP.NET runtime with the core web server and provide a unified request processing pipeline that is exposed to native and managed components called modules. The many benefits of integration include:

• Allow services provided by native and managed modules to apply to all requests, regardless of driver. For example, managed forms authentication can be used for all content, including ASP pages, CGI pages, and static files.
• Allow ASP.NET components to provide functionality that was previously not available to them due to their placement in the server pipeline. For example, a managed module that provides request rewrite functionality might rewrite the request before any server processing, including authentication.
• One central location to deploy, configure, monitor and support server functions such as single module and controller mapping configuration, single configuration for custom errors, single URL authorization configuration.

This article examines how ASP.NET applications can take advantage of integrated mode in IIS 7.0 and later, and demonstrates the following tasks:

• Enable/disable modules at the application level.
• Add managed application modules to the server and allow them to apply to all types of requests.
• Add managed controllers.

Learn more about building modules for IIS 7.0 and later atDevelop modules and controllers for IIS 7.0 and later using the .NET Framework.

See also the bloghttp://www.mvolo.com/, for more tips on using integrated mode and developing IIS modules that take advantage of ASP.NET integration in IIS 7.0 and later. Download several of these modules there, includingRedirect requests to your application using the HttpRedirection module,Good directory listings for your IIS website with DirectoryListingModule, miDisplay beautiful file icons in your ASP.NET applications with IconHandler.

requirements

To complete the steps in this document, you must have the following features installed from IIS 7.0 and later.

ASP.NET

Install ASP.NET from the Windows Vista Control Panel. Select "Programs and Features" - "Turn Windows features on or off." Next, open "Internet Information Services" - "World Wide Web Services" - "Application Development Features" and enable "ASP.NET".

If you have a Windows Server® 2008 build, open Server Manager - Roles and select Web Server (IIS). Click Add Role Services. Under Application Development, enable ASP.NET.

classic ASP

We want to show you how ASP.NET modules now work with all content and not just ASP.NET pages, so install Classic ASP from the Windows Vista Control Panel. Choose "Programs" - "Turn Windows features on or off." Next, open "Internet Information Services" - "World Wide Web Services" - "Application Development Features" and enable "ASP".

If you have a Windows Server 2008 build, open Server Manager - Roles and select Web Server (IIS). Click Add Role Services. Under "Application Development", enable "ASP".

Add forms authentication to your application

As part of this task, we will enable ASP.NET forms-based authentication for the application. In the next task, we'll enable the forms authentication mechanism to execute all requests made to your application, regardless of content type.

First, set up forms authentication as you would for a normal ASP.NET application.

create master page

To demonstrate the functionality, let's add a default.aspx page to the root of the web. Open Notepad (to make sure you have access to the following wwwroot directory, you need to run it as administrator, right-click the "Programs\Accessories\Notepad" icon and click "Run as administrator") and create the following file:%system drive%\inetpub\wwwroot\default.aspx. In it, add the following lines:

<%=Datetime.Now%> <BR> Username: <asp:LoginName runat="server"/>

Everything default.aspx does displays the current time and the name of the logged in user. We'll use this page later to show forms authentication in action.

Configure forms authentication and access control rules

Now to secure default.aspx with forms authentication. Create a web.config file in%systemdrive%\inetpub\wwwrootdirectory and add the configuration shown below:

<configuration> <system.web> <!--membership provider input goes here--> <authorization> <deny users="?"/> <allow users="*"/> </authorization> <mode authentication="Forms"/> </system.web> </configuration>

This configuration sets the ASP.NET authentication mode to use forms-based authentication and adds authorization settings to control access to the application. This setting denies access to anonymous users (?) and only allows authenticated users (*).

Creating a Membership Provider

Paso 1:We need to provide an authentication store to validate the user's credentials. To demonstrate the deep integration between ASP.NET and IIS 7.0 and later, we'll use our own XML-based membership provider (you can also use SQL Server's default membership provider if SQL Server is installed).

Add the following entry just after the <configuration>/<system.web> initial configuration element in the web.config file:

<membership defaultProvider="AspNetReadOnlyXmlMembershipProvider"> <providers> <add name="AspNetReadOnlyXmlMembershipProvider" type="AspNetReadOnlyXmlMembershipProvider" description="Schreibgeschützter XML-Mitgliedschaftsanbieter" xmlFileName="~/App_Data/MembershipUsers.xml"/> </providers> </ Mitgliedschaft>

Paso 2:Once the configuration entry is added, you need to save the membership provider code provided in the attachment asXmlMembershipProvider.cs en su%systemdrive%\inetpub\wwwroot\App_Codedirectory. If this directory does not exist, you must create it.

Stage 3:All that is left is the actual credential store. Save the following XML snippet as a MembershipUsers.xml file at%systemdrive%\inetpub\wwwroot\App_DataDirectory.

<Users> <User> <Username>Bob</Username> <Password>contoso!</Password> <Email>bob@contoso.com</Email> </User> <User> <Name user>Alice</username> <password>contoso!</password> <email>alice@contoso.com</email> </user> </user>

If the App_Data directory does not exist, you must create it.

After completing this task, go to the IIS Admin Tool and add or remove users for your application. Start INETMGR from the Run menu.... Expand the "+" signs in the tree view on the left until you see "Default Web Site". Select “Default Website” and scroll to the right and click on the “Security” category. All other roles show ".NET Users". Click .NET Users and add one or more user accounts of your choice.

Locate the newly created users in MembershipUsers.xml.

Create a login page

To use forms authentication, we need to create a login page. Open Notepad (to ensure you have access to the wwwroot directory below, you need to run it as administrator by right-clicking the "Programs\Accessories\Notepad" icon and clicking "Run as administrator") and Create the "login . aspx" file in the "login.aspx" file.%systemdrive%\inetpub\wwwrootDirectory. Note: Be sure to set Save As: All Files to prevent the file from being saved as login.aspx.txt. In it, add the following lines:

<%@ Idioma de página="c#" %> <form id="Form1" runat="servidor"> <asp:LoginStatus runat="servidor" /> <asp:Login runat="servidor" /> </form >

This is the login page you will be redirected to if your authorization rules deny access to a specific resource.

Test

Open an Internet Explorer window and requesthttp://localhost/default.aspx. You will see that you are redirected to login.aspx because you were not initially authenticated and we previously denied access to unauthenticated users. If you successfully log in with one of the username/password pairs specified in MembershipUsers.xml, you will be redirected to the default.aspx page you originally requested. This page shows the current time and the user ID you used to authenticate.

At this point, we have successfully implemented a custom authentication solution using forms authentication, login and membership controls. This functionality is not new to IIS 7.0 or later; it has been available in earlier versions of IIS since ASP.NET 2.0.

However, the problem is that only ASP.NET-generated content is protected.

When you close and reopen the browser window and askhttp://localhost/iisstart.htm, you will not be prompted for credentials. ASP.NET does not participate in a request for a static file such as iisstart.htm. Therefore, it cannot be protected with forms authentication. You will see the same behavior with classic ASP pages, CGI programs, PHP or Perl scripts. Forms authentication is a feature of ASP.NET and is simply not available when making requests to those features.

Enable forms authentication for the entire application

In this task, we will remove the ASP.NET limitation in earlier versions and enable ASP.NET Forms Authentication and the URL Authorization feature for the entire application.

To take advantage of ASP.NET integration, our application must be configured to run in integrated mode. The ASP.NET integration mode can be configured per application pool, allowing ASP.NET applications in different modes to be hosted side by side on the same server. The default application pool that our application resides in already uses integrated mode by default, so we don't need to do anything here.

So why couldn't we take advantage of embedded mode when we tried to access the static page earlier? The answer is found in the default settings of all ASP.NET modules shipped with IIS 7.0 and later.

Leverage Integrated Pipeline

The default configuration for all managed modules shipped with IIS 7.0 and later, including forms authentication and URL authorization modules, use a precondition that these modules only apply to content managed by a controller (ASP.NET) . This is done for backwards compatibility reasons.

By removing the precondition, we execute the desired managed module for all requests to the app, regardless of content. This is necessary to protect our static files and all other application content with forms-based authentication.

To do this, open the application's web.config file located in the%systemdrive%\inetpub\wwwrootdirectory and add the following lines just below the first <configuration> element:

<system.webServer> <modules> <remove name="FormsAuthenticationModule" /> <add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" /> <remove name="UrlAuthorization" /> <add name= "UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" /> <remove name="DefaultAuthentication" /> <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" /> </modules> < /sistema.servidorweb>

This configuration re-adds the module elements without the precondition so that they can be executed for all requests to the application.

Test

Close all instances of Internet Explorer so that previously entered credentials are no longer cached. Open Internet Explorer and make a request to the application at the following URL:

http://localhost/iisstart.htm

You will be redirected to the login.aspx page to log in.

Enter a previously used username/password pair. If you have successfully logged in, you will be redirected to the original resource and the IIS Welcome page will be displayed.

To better illustrate this, let's add a classic ASP page and secure it with forms authentication.

Open notepad (to make sure you have access to the following wwwroot directory, you need to run it as administrator, right-click the "Programs\Accessories\Notepad" icon and click "Run as administrator") and create onepage.aspfile in your%systemdrive%\inetpub\wwwrootDirectory.

<% para jedes s en Request.ServerVariables Response.Write s & ": "&Request.ServerVariables(s) & VbCrLfnext%>

Close all instances of Internet Explorer again; otherwise your credentials will continue to be cached and requestedhttp://localhost/pagina.asp. You will be redirected to login page again and show ASP page after successful authentication.

Congratulations, you have successfully added managed services to the server and enabled them for all requests to the server, regardless of the driver.

resume

This tutorial showed how you can take advantage of the integrated mode of ASP.NET to expose powerful ASP.NET features not just for your ASP.NET pages, but for your entire application.

Most importantly, you can now create new managed modules using the familiar ASP.NET 2.0 APIs that run on any application content, providing your application with a rich set of request processing services.

Feel free to visit the bloghttps://www.mvolo.com/, for more tips on using integrated mode and developing IIS modules that take advantage of ASP.NET integration in IIS 7 and later. There you can also download several of these modules, includingRedirect requests to your application using the HttpRedirection module,Good directory listings for your IIS website with DirectoryListingModule, miDisplay beautiful file icons in your ASP.NET applications with IconHandler.

Appendix

This membership provider is based on the sample XML membership provider containingsubscription providers.

To use this membership provider, save the code belowXmlMembershipProvider.csthat back%systemdrive%\inetpub\wwwroot\App\_CodeDirectory. If this directory does not exist, you must create it. Note: Be sure to set Save As: All Files when using Notepad to prevent the file from being saved as XmlMembershipProvider.cs.txt.

Sistema mit; mit System.Xml; mit System.Collections.Generic; mit System.Collections.Specialized; mit Sistema.Configuración.Proveedor; mit Sistema.Web.Seguridad; mit Sistema.Web.Hosting; mit System.Web.Gestión; mit Sistema.Seguridad.Permisos; mit System.Web; Clase de clase AspNetReadOnlyXmlMembershipProvider: MembershipProvider { Private Dictionary<string, MembershipUser> _Users; privado Zeichenfolge _XmlFileName; // MembershipProvider-Eigenschaften public override string ApplicationName { get { throw new NotSupportedException(); } establecer {Lanzar nueva NotSupportedException(); } } sustitución pública bool EnablePasswordRetrieval { get { return false; } } sustitución pública bool EnablePasswordReset { get { return false; } } public override int MaxInvalidPasswordAttempts { get { throw new NotSupportedException(); } } public override int MinRequiredNonAlphanumericCharacters { get { throw new NotSupportedException(); } } public override int MinRequiredPasswordLength { get { throw new NotSupportedException(); } } public override int PasswordAttemptWindow { get { throw new NotSupportedException(); } } public override MembershipPasswordFormat PasswordFormat { get { throw new NotSupportedException(); } } cadena de sustitución pública PasswordStrengthRegularExpression { get { throw new NotSupportedException(); } } public override bool RequiresQuestionAndAnswer { get { return false; } } public override bool RequiresUniqueEmail { get { throw new NotSupportedException(); } } // MembershipProvider-Methoden public override void Initialize(string name, NameValueCollection config) { // Sicherstellen, dass config nicht null ist if (config == null) throw new ArgumentNullException("config"); // Weisen Sie dem Anbieter einen Standardname zu, wenn er keinen hat if (String.IsNullOrEmpty(name)) name = "ReadOnlyXmlMembershipProvider"; // Fuge ein Standardattribut "description" zur Konfiguration hinzu, wenn das Attribut // nicht existiert oder leer ist if (string.IsNullOrEmpty(config["description"])) { config.Remove("description"); config.Add("descrição", "Nur-Lese-XML-Mitgliedschaftsanbieter"); } // Initialize-Methode der Basisklasse aufrufen base.Initialize(name, config); // _XmlFileName inicializado y sicherstellen, dass der Pfad // App-relativ ist string path = config["xmlFileName"]; if (String.IsNullOrEmpty(ruta)) ruta = "~/App_Data/MembershipUsers.xml"; if (!VirtualPathUtility.IsAppRelative(path)) lance um novo ArgumentException ("xmlFileName deve ser relativo ao aplicativo"); Zeichenfolge FullyQualifiedPath = VirtualPathUtility.Combine (VirtualPathUtility.AppendTrailingSlash (HttpRuntime.AppDomainAppVirtualPath), Pfad); _XmlFileName = HostingEnvironment.MapPath (vollständig qualifizierter Pfad); config.Remove("xmlFileName"); // Stellen Sie sicher, dass wir die Berechtigung haben, die XML-Datenquelle zu lesen, und // lösen Sie eine Ausnahme aus, wenn wir dies nicht tun. Permiso FileIOPermission = new FileIOPermission(FileIOPermissionAccess.Read, _XmlFileName); Erlaubnis.Nachfrage(); // Ausnahme auslösen, wenn nicht erkannte Attribute verbeiben if (config.Count > 0) { string attr = config.GetKey(0); if (!String.IsNullOrEmpty(attr)) lança um novo ProviderException ("Nicht erkanntes Attribut: " + attr); } } public override bool ValidateUser(string nombre de usuario, string contraseña) { // Eingabeparameter validieren if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password)) return false; // Esteja certo, dass die Datenquelle geladen wurde ReadMembershipDataStore(); // Nome do usuário e senha válidos MembershipUser user; if (_Users.TryGetValue(username, out user)) { if (user.Comment == password) // Diferencia maiúsculas de minúsculas { return true; } } falsch zurückgeben; } public override MembershipUser GetUser(string nombre de usuario, bool userIsOnline) { // Nota: Esta implementación ignora userIsOnline // Parámetros válidos if (String.IsNullOrEmpty(username)) return null; // Esteja certo, dass die Datenquelle geladen wurde ReadMembershipDataStore(); // Abrufen des Benutzers aus der Datenquelle MembershipUser usuario; if (_Users.TryGetValue(nombre de usuario, fuera de usuario)) Benutzer zurückgeben; gib null zurück; } public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords) { // Observación: essa implementação ignora pageIndex y pageSize, // y clasifica los objetos de asociación del usuario no específicos // Stellen Sie sicher, dass die Datenquelle geladen wurde ReadMembershipDataStore (); MembershipUserCollection-Benutzer = nuevo MembershipUserCollection(); foreach (KeyValuePair<string, MembershipUser>-Paar em _Users) users.Add(pair.Value); totalRecords = usuarios.Cuenta; wiederkehrende Benutzer; } public override int GetNumberOfUsersOnline() { throw new NotSupportedException(); } public override bool ChangePassword(string nombre de usuario, string oldPassword, string newPassword) { throw new NotSupportedException(); } sustitución pública bool ChangePasswordQuestionAndAnswer (string nombre de usuario, string senha, string newPasswordQuestion, string newPasswordAnswer) { throw new NotSupportedException(); } sustitución pública MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, objeto providerUserKey, out MembershipCreateStatus status) { throw new NotSupportedException(); } public override bool DeleteUser(string nombre de usuario, bool deleteAllRelatedData) { throw new NotSupportedException(); } sustitución pública MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotSupportedException(); } sustitución pública MembershipUserCollection FindUsersByName (string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotSupportedException(); } public override string GetPassword(string nombre de usuario, string respuesta) { throw new NotSupportedException(); } public override MembershipUser GetUser (Objekt providerUserKey, bool userIsOnline) { throw new NotSupportedException (); } cadena de sustitución pública GetUserNameByEmail(string email) { throw new NotSupportedException(); } cadena de sustitución pública ResetPassword(string nombre de usuario, string respuesta) { throw new NotSupportedException(); } public override bool UnlockUser(string nombre de usuario) { throw new NotSupportedException(); } public override void UpdateUser(MembershipUser user) { throw new NotSupportedException(); } // Hilfsmethode private void ReadMembershipDataStore() { lock (this) { if (_Users == null) { _Users = new Dictionary<string, MembershipUser> (16, StringComparer.InvariantCultureIgnoreCase); XmlDocument doc = nuevo XmlDocument(); doc.Load(_XmlFileName); XmlNodeList-Knoten = doc.GetElementsByTagName("Benutzer"); foreach (XmlNode-Knoten no Knoten) { MembershipUser user = new MembershipUser( Name, // Anbietername node["UserName"].InnerText, // Benutzername null, // ProviderUserKey node["Email"].InnerText, // E- Mail-String .Empty, // passwordQuestion node["Password"].InnerText, // Comentário true, // isApproved false, // isLockedOut DateTime.Now, // criaçãoDate DateTime.Now, // lastLoginDate DateTime.Now, / / lastActivityDate DateTime .Now, // lastPasswordChangedDate new DateTime(1980, 1, 1) // lastLockoutDate ); _Usuarios.Agregar (Benutzer.Benutzername, Benutzer); } } } } }