IIS 7.0 – ASP.NET Integration

This paper is an attempt to précis the ground-breaking integration of IIS 7.0 and ASP.NET in the Web sever core of Windows Server 2008, emphasizing the significant facets engrossed by the integration, and a demonstration that implements ASP.NET Forms Authentication for non-ASP.NET content types.

Significant Facets

In my paper on Web Server in Windows Server 2008, I have pointed out that ASP.NET is no longer employed with the Web server as a standalone application framework. It serves by now as a platform for extending the IIS Web server, facilitating ASP.NET components to turn into constituents for its request processing pipeline.

In the previous versions of IIS, ASP.NET request is passing through a native IIS processing before it will be forwarded to an ASP.NET ISAPI assembly (aspnet_asapi.dll) for managed code processing. On the other hand, other content types may be accommodated through native IIS request processing, like in the case of static file, or by other ISAPI extensions. Thus, non-ASP.NET requests could not enjoy the ASP.NET managed modules.

In IIS 7.0, however, ASP.NET is no longer implemented as an IIS ISAPI extension. The native process model of IIS and the managed process model of ASP.NET are unified into a sole process model. With the integration of ASP.NET runtime, IIS 7.0 made both native (C++ API) and managed (ASP.NET) modules available to any type of request. In other words, ASP.NET modules are now relevant to any content type including ASPX page, HTML page, and other content types. Additionally, this integration results to a unified modules and handlers configuration. It has eliminated, furthermore, duplication of some strides in the request processing pipeline, such as authentication and authorization.

Demonstration

1.       As we have mentioned earlier, this section will demonstrate the extensibility of ASP.NET Forms Authentication to non-ASP.NET content types. We will start by creating a database using ASP.NET SQL Server Setup Wizard. To do this, let us open our Visual Studio Command Prompt and execute aspnet_regsql. In this demonstration, we will name our database as ASPNETDatabase.

2.    Using Visual Studio 2005, we will create a Web site and call it ASPNETWebSite.

3.    Subsequently, we will add two static files: an HTML page with a title of HTML Page, and an image file.

4.       After that, we will add a Login.aspx page, and we will include a Login control as:

<asp:Login ID="Login1" runat="server"></asp:Login>

5.    To preliminary implement Forms Authentication to our Web application, let us open our web.config file and change the <authentication> mode value from Windows to Forms, then we will add some values to our <authorization> element. The results will be:

<authentication mode="Forms"/>

<authorization>

            <deny users="?"/>

      </authorization>

6.    After completing the previous task, we will open our Intenet Information Services Manager and add a Web site, we will name it ASPNET Web Site, pointing the Content Directory to the location of our Web application.

7.    In the ASP.NET area of our ASPNET Web Site Home, let us do the following:

a.        Set Connection String: Server=ServerName;Database=ASPNETDatabase;User ID=UserName;Password=Password

b.    Add .NET User

8.       Lastly, we will add some values in the <modules> section of our applicationHost.config to make it <modules runAllManagedModulesForAllRequests="true">. It is located at %windir%\System32\inetsrv\config\applicationHost.config.

By default, even though that our application pool is set to Integrated mode, ASP.NET modules are configured with managedHandler precondition. It means that only ASP.NET request will be carried out by managed modules. Now, if we want to employ ASP.NET modules to all our requests, we can write the following in the web.config file of our Web application right after the <configuration> element:

<system.webServer>

            <modules>

                  <remove name="FormsAuthenticationModule" />

<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />

                  <remove name="UrlAuthorization" />

<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />

            </modules>

</system.webServer>

Otherwise, like what we have did in this step, we can set the runAllManagedModulesForAllRequests of the <modules> element to true to shape all managed modules to carry out any type of request notwithstanding of their repective managedHandler precondition.

9.    At this moment, we will notice the following:

a.    A corresponding application pool is created with an Integrated Managed Pipeline Mode. This means the ASPNET Web Site we have created benefits the IIS 7.0 and ASP.NET integration. Thus, ASP.NET forms authentication is functional even to our HTML pages and image file. To explore, you can downgrade it to Classic mode, and browse the site. There you will notice that the HTML page and the image file do not require authentication.

b.    Since our Web application is configured for forms authentication, Forms Authentication component is coordinately enabled in IIS,  and the connection string we have set is automatically reflected in web.config file of our Web application. This underlines the unified configuration results of the integration.

c.    The user we have provisioned is stored in the aspnet_Users table of our ASPNETDatabase.

10. Now, its time for us to explore http://Server Name:Port Number/File Name to appreciate the extensibility of ASP.NET Forms Authentication.

Hoping to share you something.