Re: impact of mapping .??? to ASP.NET ISAPI???
From: Laurent Allardin (laurent@2k1soft.com)
Date: 07/26/02
- Next message: Matt: "restricting access by IP addresses"
- Previous message: Mike Moore: "Re: .pdf security using ASP.NET security..."
- In reply to: Michael Graham: "Re: impact of mapping .??? to ASP.NET ISAPI???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Laurent Allardin" <laurent@2k1soft.com> Date: Thu, 25 Jul 2002 20:42:09 -0400
Thank you Mike and Michael, you really resumed what I would tought!
So to resume, it will cause some performance impact and should not cause any
security issue, either from ASP.NET or IIS (this is something that my ISP
will be happy of).
Maybe, that is something that get even better in the next version of the
ASP.NET (talking about the performance). But getting from ASP, that's really
something pretty nice! Again Thank you for the great answers!
Laurent Allardin, MCSD
2K1Soft Solutions inc.
laurent@2k1soft.com
www.2k1soft.com
"Michael Graham (MS)" <mgraham@onlinemicrosoft.com> wrote in message
news:qRxGawCNCHA.2016@cpmsftngxa07...
> Hello,
>
> I'm just reposting what Mike Moore had mentioned in another post, and
we'll
> keep this thread going. I think that we may want to use an httpHandler
for
> files.
> I had written one for .pdf files a while back, and I'm going to go back
and
> look for it - hopefully it will help. I'll post more tomorrow!
>
> QUESTION
> I am wondering if using the aspnet_isapi.dll to handle PDF files security
> access (or even JPG files, GIF, DOC, XLS, etc...) using ASP.NET security
> option could cause a performance hit, security issue for the Web Server
> etc... What are the impact (security, server impact, performance)?
>
> ANSWER
>
> Part 1 -- how to enable aspnet_isapi.dll to handle these files.
>
> IIS has a list of Application Mappings which dictate whether a particular
> file type (meaning file extension) needs to be processed or if it can be
> sent as is. HTM, BMP and PDF files are examples of files types that are
> not generally listed in the IIS application mappings. Therefore, IIS sends
> these files based only on IIS security.
>
> To have these files processed by aspnet_isapi.dll, do the following:
> * Open Internet Information Services
> * Go to properties for your web folder
> * On the "Directory" or "Virtual Directory" or "Home Directory" tab, click
> "Configuration"
> * On the "App Mappings" tab, review the list of current mappings,
> particularly the entry for .ASPX
> * Create a similar entry for each file type you want handled by ASP.NET
> such that each file type is mapped to aspnet_isapi.dll.
>
> Now these files will be processed on the server by aspnet_isapi.dll before
> being sent to the client.
>
> Note: in machine.config, in the httpModules section, there are a series of
> entries that tell aspnet_isapi.dll what to do with various file types.
One
> of these entries is simply an asterisk (meaning all remaining file types
> that don't have their own specific entry). This entry will govern how
> ASP.NET handles these additional file types. By default, it will use
> System.Web.StaticFileHandler for these file types.
>
> Part 2 -- Performance
>
> Files that have no app mapping in IIS are handled with minimal overhead.
> IIS has its own security, such as whether the folder (and the file) have
> been granted IIS read access. If it passes this test, then IIS attempts to
> read the file. Then the file system checks NTFS permissions. If it passes
> NTFS, then IIS sends the file.
>
> Files that do have app mappings require all the same steps, plus more. IIS
> must call a function in the mapped application for that application to
> process the request. In this case aspnet_isapi.dll.
>
> aspnet_isapi.dll has a sequence of steps (modules) for request
> pre-processing (before the handler) and post-processing (in this case the
> handler is StaticFileHandler). The list of modules is in the
machine.config
> file in the httpModules section. The good news is that all this takes less
> time than one might think.
>
> Without going into the modules too deeply, here are some of the tasks
which
> the DLL and the modules perform
> - authentication
> - authorization
> - check the cache
> - associate this user's session data with this request
> - create and set properties for a series of objects including:
> Application, Session, Server, Request, and Response objects
>
> aspnet_isapi.dll runs pretty quick, but it does add significant overhead
> compared to static files that are not mapped to any application.
> mgraham@online.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
- Next message: Matt: "restricting access by IP addresses"
- Previous message: Mike Moore: "Re: .pdf security using ASP.NET security..."
- In reply to: Michael Graham: "Re: impact of mapping .??? to ASP.NET ISAPI???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
