Introduction to the internal mechanism of ASP. NET (I)

Introduction to the internal mechanism of ASP. NET (I)

What operations does the server perform when an HTTP request is sent to An ASPX page? How can I parse this request? How does ASP. NET run after receiving requests, such as how to compile and use managedCodeTo run ?..... Understanding these issues allows us to Develop ASP. NET better.

 

SeriesArticleLink:

Introduction to the internal mechanism of ASP. NET (I)

Introduction to the internal mechanism of ASP. NET (2)

Introduction to ASP. NET internal mechanism (III)

Introduction to ASP. NET internal mechanism (IV)

Introduction to ASP. NET internal mechanism (V)

Introduction to ASP. NET internal mechanism (6)

Introduction to ASP. NET internal mechanism (7)

Introduction to ASP. NET internal mechanism (8)

 

1. when we request an ASP. for example, enter "http: // localhost/demo. aspx ", this request is sent to the server (of course, this website is deployed in IIS ). After the request arrives at the server, IIS starts a series of operations. Note that not every request will be processed by ASP. NET, and you will understand why later.

2. there is a component in IIS: HTTP. sys, in fact, the role of this component is very simple, is to verify the request URL, such as the previous "http: // localhost/demo. aspx ". if the requested URL does not match HTTP. the request will not be passed to ASP. net ProcessingProgramIn this way, illegal URL requests are blocked at the IIS threshold, so ASP. NET does not need to process this illegal request, thus reducing the pressure on the server.

Next, let's take a look at how HTTP. sys processes the request URL. When you understand this problem, it can help us solve many previous problems.
First, take a look at the figure below:

When sending a request to request a page, HTTP. sys checks the request URL and the total size of headers, including checking the size of the query string in the URL, such as demo. aspx? Username = demo. The cookie size is also checked. Add all these values to check if they exceed 16 KB. If they exceed 16 KB, the request fails. Therefore, the request is not passed to ASP. NET at all.

There are also many requirements when HTTP. sys checks the URL. For example, the previous URL:
Http: // localhost/demo. aspx

This URL is composed of segments of the localhost, demo. aspx path. Each string separated by "/" is a path segment. In this example, there are two path segments. By default, HTTP. sys requires a URL with no more than 255 path fragments, and the size of each path segment cannot exceed 260 letters. However, note that if there is a query string after demo. aspx, "demo. aspx? Page = 1 ", then this segment can exceed the limit of 260 letters, that is," demo. aspx? Page = 1 "can be larger. However, the size of these URLs, as mentioned earlier, cannot exceed 16 kb. If HTTP. sys is not required, IIS sends a 404 error.

As mentioned earlier, it is the default one. In fact, we can modify these settings in the registry. However, the default settings are quite good, so there is no need to change them.

3. After the request URL passes the HTTP. sys check, the request is passed to aspnet_filter.dll, which is referred to as filter.
In fact, this filter does two things: converting the cookieless ticket in the URL into HTTP headers; protecting the corresponding directories of ASP. NET.

First, let's take a look at the first role: Check the cookie-free information in the URL and convert it to HTTP headers.

you should understand the new features in ASP. net2.0-cookieless is supported. Because we generally perform forms-based authentication during verification, this authentication method stores information in cookies, but some users' browsers disable cookies, therefore, in order for us to continue using this verification method, we will save the verification information as no cookie. You can check the information about this. Let's take a look at the following URL:
http: // localhost/demo/(S (tuucni55xfzj2xqx1mnqdg55)/default. aspx
we actually store the relevant information in the URL. The above "S" is marked in parentheses "() "Information is the information without Cookie (tuucni55xfzj2xqx1mnqdg55 ).
let's see what "s" is:
S-cookieless ticket for session state
A-cookieless ticket for anonymous identification
F-cookieless ticket for Forms authentication

In fact, the filter does not know the meaning of these identifiers (such as "S. the filter only checks whether the URL contains these identifiers, and these identifiers are followed by "()". If these identifiers are found in the URL, the filter converts these identifiers to HTTP headers, and delete these identifiers in the URL. We originally requested http: // localhost/demo/default. ASPX page, but if the filter does not delete the identifier, then we request http: // localhost/demo/(S (tuucni55xfzj2xqx1mnqdg55)/default. if aspx does not exist, a 404 error is returned (the requested file cannot be found ).

Now let's take a look at the second role of filter: To protect the corresponding directories of ASP. NET.
In the ASP. Met website we developed, many file directories are not allowed to be accessed, such as app_data and app_code for storing data. Therefore, the filter checks whether the request URL contains such characters, such as http: // localhost/demo/app_code /.... once such a string is found, or even any string developed with "app _", such as "app_myfolder", the request will be rejected. However, if you already have a directory named "app _" in your project, if you want to access this directory, you can modify and set HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ ASP in the registry.. net.

 

I will write this article today. Next I will talk about it.