20.3 IIS 7.0 and form verification (1)

20.3 IIS 7.0 and Form Verification 1)

You may wonder why we discuss form verification with IIS 7.0 separately. First, Chapter 18th has learned that the new management console of IIS 7.0 allows you to directly configure the vast majority of ASP. NET options in the management console. Secondly, IIS 7.0 provides a new ASP. NET integration mode-integrating ASP. net http processing pipelines and iis http processing pipelines. It can use your existing ASP. NET knowledge to develop new capabilities. For example, one of the capabilities is to use ASP. NET Form Verification for other Web applications configured in IIS 7.0, and these applications are not necessarily built through ASP. NET.

In addition, IIS 7.0 maintains most of the Web application configurations on the Web server to the web. config file. That is to say, many options of Web applications can be configured through the IIS 7.0 console or directly modifying the web. config file. Due to the close integration of ASP. NET configuration features and IIS 7.0, any direct modifications to the web. config file will be immediately reflected on the management console, and vice versa.

Let's first check whether form verification can be configured in the IIS 7.0 console. As shown in Figure 20-4, you can verify the configuration feature configuration form on the IIS 7.0 console.

After you enable form verification in this way, you must configure the expected verification rules. The most important thing is to add a "deny" rule for all anonymous users through the authentication Configuration feature of the IIS 7.0 console, as shown in-5.

Figure 20-4 configure form verification on the IIS 7.0 Console

Both configurations affect the web. config file, and the Web server obtains the information from the web. config file and generates appropriate behaviors accordingly. You can see this from the following code segment:

You may notice that IIS configures Form Verification in the <system. web> section as expected. However, no verification rules are found by default and have not been manually added. As stated in chapter 18th, not all configuration items are saved directly to the web. config configuration file by default. URL verification is one of these configuration options. In Chapter 23rd, we will learn general details about URL verification and content specific to IIS 7.0.

In either case, the unified management console is very clean. You do not have to use different tools to configure IIS security and ASP. NET security. Many configurations are saved directly to the web. config file by default. For example, you can configure IIS in Chapter 18th, Chapter 19th, and Chapter 23rd, so that almost all options are saved to web. config. However, I have mentioned that when IIS 7.0 is run in ASP. NET integration mode, more details may be provided in Chapter 18th and Chapter 19th ).

When IIS 7.0 runs in consolidation mode, it is the default value). IIS uses an HTTP processing pipeline to simultaneously process the HTTP Module Based on ASP. NET and the native HTTP module of IIS 7.0. Because form verification is implemented as an ASP. net http module, you can use it in any Web application or virtual directory configured in IIS 7.0 when running in integration mode. That is to say, form verification can even be used for other types of applications, such as static HTML sites, traditional ASP applications, or even PHP applications. All you have to do is configure the application as a virtual directory and configure form verification on the IIS 7.0 console. This automatically adds a web. config configuration for the application. For details, see how to configure Form Verification for a non-ASP. NET application. Assume that the following traditional ASP applications run on Web servers:

Now, in IIS, the folder that saves this traditional ASP page file, such as TestClassic. asp, is shared as a virtual directory or Web application. Then, you can configure Form Verification and authorization settings as described earlier. Because IIS 7.0 supports form verification by integrating the HTTP form verification module released by ASP. NET, it can work like the ASP. NET application itself. All you have to do is ensure that there is a required logon page, which itself is an ASP. NET page. You also need to obtain the required parts of the ASP. NET page from the Web application or from other virtual directories if cross-application form authentication cookies are used ). Figure 20-6 shows the traditional ASP page and ASP. NET login page in the virtual directory. Form Verification is directly configured through the IIS 7.0 console as described above.

Click to view the big chart) ASP. NET content mixed with traditional ASP.

BibliographyPrevious sectionNext section