昨天又把Asp.NET请求处理流程看了下,做一下备忘吧,别等下又忘记了。下面将的是WebForm模型下的请求处理流程
当我们要访问一个.aspx作为后缀的文件时,请求到达服务器的IIS,服务器根据我们所请求的文件后缀来查找处理程序来处理请求,对于.aspx查找到的是aspnet_isapi.dll处理程序,接下来进入Asp.Net请求处理管道,先是通过HttpRuntime,HttpRuntime通过ProcessRequest方法创建HttpContext和HttpApplication(对于HttpApplication的创建是通过HttpApplicationFactory.GetApplicationInstance(context)来实现的),在HttpApplicationFactory.GetApplicationInstance方法返回创建的HttpApplication对象之前,会调用一个名为InitInternal的内部方法,该方法会做一些列的初始化的操作,在这些初始化操作中,最典型的一个初始化方法为InitModules(),该方法的主要的目的就是查看Config中注册的所有HttpModule,并根据配置信息加载相应的Assembly,通过Reflection创建对应的HttpModule,并将这些Module加到HttpApplication 的_moduleCollection Filed中。
HttpApplication本身并包含对Request的任何处理,他的工作方式是通过在不同阶段出发不同Event来调用我们在HttpModule中注册的Event Hander。
下面列出了HttpApplication所有的Event,并按照触发的时间先后顺序排列:
- BeginRequest:
- AuthenticateRequest & Post AuthenticateRequest
- AuthorizeRequest & Post AuthorizeRequest
- ResolveRequestCache & Post ResolveRequestCache
- PostMapRequestHandler:
- AcquireRequestState & AcquireRequestState:
- PreRequestHandlerExecute & Post RequestHandlerExecute:
- ReleaseRequestState & Post ReleaseRequestState
- UpdateRequestCache & PostUpdateRequestCache
- EndRequest
HttpModule
HttpModule实现了System.Web.IHttpModule interface,该Interface很简单,仅仅有两个成员:
[AspNetHostingPermission(SecurityAction.InheritanceDemand, Level=AspNetHostingPermissionLevel.Minimal), AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)]
public interface IHttpModule
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
// Methods
void Dispose();
void Init(HttpApplication context);
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
我们只要在Init方法中注册相应的HttpApplication Event Handler就可以了:
public class BasicAuthCustomModule : IHttpModule
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
public void Init(HttpApplication application)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
application.AuthenticateRequest +=
new EventHandler(this.OnAuthenticateRequest);
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
public void Dispose()
{ }
public void OnAuthenticateRequest(object source, EventArgs eventArgs)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
所有的HttpModule同machine.config或者Web.config的httpModules Section定义,下面是Machine.config定义的所有httpModule。
<httpModules>
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />
<add name="Session" type="System.Web.SessionState.SessionStateModule" />
<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<add name="PassportAuthentication" type="System.Web.Security.PassportAuthenticationModule" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" />
<add name="ErrorHandlerModule" type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</httpModules>
HttpHandler
如果说HttpModule关注的是所有Inbound Request的处理的话,Handler确实关注基于某种类型的ASP.NET Resource的Request。比如一个.apsx的Web Page通过一个System.Web.UI.Page来处理。HttpHandler和他所处理的Resource通过Config中的system.web/handlers section来定义,下面是Machine.config中的定义。
<httpHandlers>
<add verb="*" path="trace.axd" type="System.Web.Handlers.TraceHandler" />
<add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory" />
<add verb="*" path="*.ashx" type="System.Web.UI.SimpleHandlerFactory" />
<add verb="*" path="*.asmx" type="System.Web.Services.Protocols.WebServiceHandlerFactory, System.Web.Services, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false"/>
<add verb="*" path="*.rem" type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory, System.Runtime.Remoting, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="false"/>
<add verb="*" path="*.soap" type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory, System.Runtime.Remoting, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="false"/>
<add verb="*" path="*.asax" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.ascx" type="System.Web.HttpForbiddenHandler" />
<add verb="GET,HEAD" path="*.dll.config" type="System.Web.StaticFileHandler" />
<add verb="GET,HEAD" path="*.exe.config" type="System.Web.StaticFileHandler" />
<add verb="*" path="*.config" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.cs" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.csproj" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.vb" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.vbproj" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.webinfo" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.asp" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.licx" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.resx" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.resources" type="System.Web.HttpForbiddenHandler" />
<add verb="GET,HEAD" path="*" type="System.Web.StaticFileHandler" />
<add verb="*" path="*" type="System.Web.HttpMethodNotAllowedHandler" />
</httpHandlers>
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
需要注意的是,我们不但可以单纯地定义一个实现了System.Web.IHttpHandler的Type,也可以定义一个实现了System.Web.IHttpHandlerFactory 的Type。System.Web.UI.Page是一个典型的Httphandler,相信对此大家已经很熟悉了。在最后还说说另一个典型的HttpHandler:System.Web.HttpForbiddenHandler,从名称我们不难看出,它用于那些禁止访问的Resource,现在应该知道了为了Global.asax不同通过IIS访问了吧。
转载自文章:http://www.cnblogs.com/artech/archive/2007/09/13/891266.html