Web development learning experience 6 -- Research on httpapplication Pipeline

After studying the design concept of Asp.net, we have an essential understanding of the pipeline of httpapplication. The so-called pipeline is actually a Production Pipeline composed of a series of steps, and httpcontext is the product to be processed on this pipeline. Now, let's take a closer look at this production line.

First, see the applicationstepmanager. buildsteps method.

1. validatepathexecutionstep:Performs security checks on the Request Path to prohibit unauthorized access.Going deep into the execute method of this class, we found that this class directly calls the httpcontext. validatepath method, and the other method directly throws httpexception when detecting an invalid path.

2. urlmappingsexecutionstep:Applies the <urlmappings> Configuration section set in Web. config to map a URL to a new URL address.After going deep into the execute method of this class, we found that when this class detects the need for URL ing, it calls httpcontext. rewritepath to implement address rewriting.

3. The beginrequest event is triggered.: There is nothing to say about this step, that isThe notification starts processing the request.. However, when I checked which modules subscribed to the event, I found that the event was subscribed by urlmappingsmodule, and the module processed exactly the same thing as urlmappingsexecutionstep. I'm wondering, isn't that an alternative?

4. Events such as authenticaterequest, defaultauthenticaterequest, and postauthenticaterequest:Verifies the user's identity.To put it bluntly, it is to determine the identity of the current requester, fromCodeAt the level, the user attribute of httpcontext is set.

A) according to the Web. config configuration, the authenticaterequest event can be subscribed to by formsauthenticationmodule, passportauthenticationmodule, and windowsauthenticationmodule. The three events correspond to different authentication methods.

B) The defaultauthenticaterequest event is an internal event and can be subscribed to by the defaauthauthenticationmodule. This module cannot determine the user identity in the authenticaterequest event (that is, no httpcontext is set. user attribute), give a default user identity, so that in the subsequent processing of the pipeline, httpcontext. the user is always non-empty. However, viewSource codeWhen the module is in iis7.0 integrated pipeline mode, it does not subscribe to the defaultauthenticationrequest event, but to the postauthenticaterequest event. It is estimated that in the iis7.0 integrated pipeline mode, this module must be executed after a module that subscribes to postauthenticaterequest, so as to launch a patch.

C) The postauthenticaterequest event can be subscribed to by anonymousidentificationmodule and rolemanagermodule. Anonymousidentificationmodule management applicationProgramAllows the application to perform anonymous access and maintain session consistency. Rolemanagermodule can determine the user's identity.

5. Triggering authorizerequest and postauthorizerequest events: After determining the identity of the user in step 3, the authorization problem is solved. That isDetermine whether the user has the permission to access the requested resources.After this step, you are sure that you have the permission to access the requested resources.

A) The authorizerequest event can be subscribed to by fileauthorizationmodule and urlauthorizationmodule to determine whether the user has the permission to access the specified file or URL.

B) The postauthorizerequest event is not subscribed to by any module by default.

6. Trigger resolverequestcache and postresolverequestcache events: This step isIt is the time when the output cache plays a role.If the requested resources can be directly provided by the output cache, the subsequent steps are skipped to speed up processing and improve performance.

A) The resolverequestchche event can be subscribed by outputcachemodule, which provides the output cache function.

B) postresolverequestcache events are not subscribed to by any module by default.

7. maphandlerexecutionstep: triggers the postmaprequesthandler event.: When it cannot be processed by the output cache, it enters the regular processing process. The first step of formal processing isObtain the ihttphandler instance object according to the configuration,At the code level, the httpcontext. Handler attribute is set. The handler will generate specific HTML code based on the context information.

The most common handler object is the page class and its sub-classes, that is, every ASPX page we write is a specific handler, the maphandlerexecutionstep Class determines the specific page subclass Based on the URL of the user accessing each ASPX page.

In addition, there is httpforbiddenhandler. When a user accesses Resources in the app_code, app_data, and other directories, maphandlerexecutionstep returns httpforbiddenhandelr, which will only tell the user that the resource cannot be accessed, this protects specific resources.

There is also tracehandler, Which is returned only when the user accesses the "trace. axd" resource in the root directory, so as to implement the Asp.net tracking function.

You can register more Custom Handler to meet more specific requirements.

In iis7.0 integrated pipeline mode, the maprequesthandler event is also triggered.

By default, postmaprequesthandler events are not subscribed to by any module.

8. The acquirerequeststate and postacquirerequeststate events are triggered.:Obtains the user's session Status, personalized data, and other information.At the code level, the attributes of httpcontext. Session and httpcontext. profile are set.

A) The acquirerequeststate event can be subscribed to by sessionstatemodule and profilemodule. The two modules provide the session and profile functions respectively.

B) The postacquirerequeststate event is not subscribed to by any module by default.

9. Trigger the prerequesthandlerexecute event, callhandlerexecutionstep, and postrequesthandlerexecute event: Now, everything is ready.Execute processrequest of handler obtained in Part 1It's time. If handler is a page class or its subclass, this method triggers the lifecycle of the page.

A) The prerequesthandlerexecute and postrequesthandlerexecute events are not subscribed to by any module by default.

B) The main task of callhandlerexecutionstep is to call the precessrequest method of handler. This method is used to generate HTML code and write the code into the response of httpcontext. Therefore, this step is the most important step and the step that developers need to customize. In fact, most of the steps we develop Asp.net applications are customized, the different aspx pages we write are actually different handler, and these are different handler, A different HTML page is generated. After this step, the HTML and other code are basically completed (why is it basically completed? This is because there is another step that may change the HTML code. Please refer to step 1). The subsequent steps mainly involve some final work.

10. Trigger the releaserequeststate and postreleaserequeststate events.: Corresponds to step 8th.Saves user session status and other information,For the next processing of user requests.

A) The releaserequeststate event can be subscribed by sessionstatemodule, which saves the session status that may be changed by step 9th in this step. This event is not subscribed to by profilemodule, because profilemodule subscribes to an endrequest event in addition to this event to save profile data.

B) postreleaserequeststate events are not subscribed to by any module by default.

11. callfilterexecutionstep: In this step, the httpcontext. response. filteroutput method is executed, and the HTML code written into response is filtered. The so-called filtering is actually a process of changing html. For example, changing all HTML to lowercase or all to uppercase is a form of filtering. Of course, you can also say that you need to filter out the first 100 characters, although this usually makes no sense. To set a filter, see the response. Filter attribute.

12. Events such as updaterequestcache and postupdaterequestcache: Corresponds to step 6th.Save the generated HTML code to the output cache,For the next processing of user requests.

A) updaterequestcache events can be subscribed to by outputcachemodule.

B) The postupdaterequestcache event is not subscribed by any module by default.

13. An endrequest event is triggered.: Corresponds to step 3rd.The notification request has been processed.This step has a special feature, because the previous steps do not necessarily occur during each request processing, but are inevitable. Therefore, this step becomes a subscription event for many modules to process work such as scanning the tail. Profilemodule, formsauthenticationmodule, passportauthenticationmodule, rolemanagermodule, and sessionstatemodule subscribe to this event, and the tasks subscribed to by each module are different.

A) profilemodule subscribes to this event to save profile data.

B) formsauthenticationmodule subscribes to this event to redirect the user to the specified Login page when the user is not logged on.

C) passportauthenticationmodule subscribes to this event to redirect the user to the specified passport address when the user does not log on.

D) The role of the rolemanagermodule to subscribe to this event is not clear yet. I will wait for the expert to supplement it or continue to explore it.

E) The role of sessionstatemodule to subscribe to this event is not clear yet. I will wait for the experts to supplement it or continue to explore it.

14. noopexecutionstep: This is the last step, but from the source code, this step does not do anything. I wonder, what is the role of this step?

Well, after the above analysis, I think you should have a clear understanding of the httpapplication pipeline. Starting from the next article, we will discuss the specific implementation of each module by function.

(For original works, you are welcome to repost them. Please indicate the author and source for reprinting. Thank you !)