ASP. NET architecture and security mechanism

This article describes the ASP. NET architecture, security mechanisms, and Provider models. However, in the process of writing, I found that the Provider model has greatly reduced its position in this article because of its wide knowledge. At the same time, I realized that it is impossible to use ten parts to clearly describe the ASP. NET architecture and security mechanism, but I will still try to use the least text to describe the most.

I hope that through this series of articles, you can better understand ASP. NET architecture and security mechanisms.

Http Request Processing Process Overview

"Why do I enter www.tracefact.net in the address bar to see Zhang Ziyang's personal space ?", It is similar to thinking: "Why did Apple go to the ground instead of the sky ?". For ordinary visitors, this is taken for granted as if the sun rises in the east and falls in the west every day. For many programmers, it is the responsibility of system administrators or network administrators to consider this as irrelevant. After all, IIS is a component of Windows and is not an integral part of ASP. NET. In fact, IIS and. Net Framework have already done a lot of behind-the-scenes work within a tenth of a second.

You may feel that it is irrelevant to understand how these behind-the-scenes jobs work. As a programmer, you only need to ensure that the developed programs can run efficiently. However, during development, you often need to use classes such as HttpContext. At this time, have you ever thought about the composition of these classes and how they are created? You may simply answer: HttpContext represents a context of the current request. But you know IIS, Framework, ASP. NET is how to work together to process each Http request, how to distinguish different requests, IIS, Framework, ASP. NET data flow between the three?

To answer these questions, you must first understand how IIS processes page requests. This is also the basis for understanding Form and Windows authentication modes.

When an Http request arrives at the server

When the server receives an Http request, IIS first needs to determine how to process the request (NOTE: the server must process a .htm page and A. aspx page ). So what does IIS do? -According to the file suffix.

After the server obtains the suffix of the requested page (NOTE: it can also be a file, such as jimmy.jpg), it will find an application that can process such extensions on the server, if IIS cannot find an application that can process such files, and the file is not protected by the server (NOTE: A protected example is the file in App_Code, an unprotected example is your js script), so IIS will directly return this file to the client.

Applications that can process various extensions are generally called ISAPI applications (NOTE: Internet Server Application Programe Interface, Internet Server Application Interface ). Although this ISAPI sounds very elegant, it is also an "application", but you can take a closer look at its full name to understand that it is actually only an interface and acts as a proxy, it maps the requested page (File) and the actual processing program corresponding to the suffix.

1. HttpRuntime transfers an Http request to HttpApplication. HttpApplication represents a Web application created by a programmer. HttpApplication creates an HttpContext object for this Http request. These objects contain many other objects related to this request, including HttpRequest, HttpResponse, and HttpSessionState. These objects can be accessed through the Page class or Context class in the program.

2. Next, the Http request uses some modules which can be used before performing a specific task.

3. In this step, perform some actual operations, usually the business logic completed on the. aspx page.

4. the Http request returns to the Module again. At this time, the Module can do some things after some work has been completed.

NOTE: Pay attention to the words marked in red. Then, let's take a look at whether there are many paired events such as Inserting and Inserted in ASP. NET? In fact, ASP. NET can divide an Insert operation into two parts, and then intercept the background principles of the event separately.

Summary

First, I will outline the topics that will be discussed in this series of articles. Then, I raised a question for some programmers: learning and using ASP. NET architecture and security mechanisms at a relatively high level.

Later, I took an example to access my personal space home page and introduced three things described in this article:
1. What does IIS do when the Http request arrives at IIS.
2. The host environment of the Http request.
3. Http pipeline.

1. Data source controls in ASP. NET
2. Introduction to the use of XML Web Services in ASP. NET
3. Web. config file of ASP. NET application
4. Overview ASP. net xml Web Services
5. Implement HTTP requests in ASP. NET