Freigeben über

Can I write an ISAPI Filter using Managed Code?

  • Artikel

Question:

Hi,

Is it possible to write an ISAPI filter equivalent (IHttpModule imlementation?) using managed code? I want my filter to get invoked for non .NET applications a well.

thanks

Answer:

Unfortunately, you cannot [yet] write an ISAPI Filter equivalent using managed code. The closest you can get on existing technologies is IIS6+ASP.Net 2.0 configured as Wildcard Application Mapping, which allows managed code (either HttpModule or HttpHandler) to be invoked for any request type (.NET as well as non .NET) and optionally use the DefaultHttpHandler to pass the request handling back to IIS for further processing. For example, this allows .NET Forms Authentication to apply for ASP pages.

However, I do not consider this to be really "ISAPI Filter equivalent", by which I mean invoking managed code throughout the request processing lifecycle. Managed code is only invoked in one place in the request pipeline, right before the request is processed and executed. Meanwhile, ISAPI Filter has over a dozen different events firing throughout the request lifecycle, one of which corresponds to "right before the request is processed and executed".

Of course, you can always write an ISAPI DLL in native code which basically parses the request, launches the CLR inside an AppDomain, and passes requests into it for processing. This is how ASP.Net works today. Or you can write an ISAPI DLL which uses COM Interop to call into managed code components. You may even do a lot of work and write an ISAPI Filter DLL which triggers on all events and passes data into the AppDomain to "simulate" managed code running inside of ISAPI Filter events. But none of these are really "ISAPI Filter equivalent" with managed code.

In other words, it is not possible to use managed code to customize authentication events - IIS negotiates Basic/NTLM/Kerberos/Passport authentication prior to processing and executing the request, which also preceeds when the ASP.Net Wildcard Application Mapping is executed... thus it is not possible for managed code to participate in modifying the IIS authentication behavior. This is why you must configure IIS to be "Anonymous Only" in order to apply .NET Forms Authentication.

Now, IIS7 presents a different story. You will have ISAPI Filter equivalent extensibility of IIS7 using managed code, and it is using the familiar IHttpModule and IHttpHandler interfaces. What we did in IIS7 is refactor and componentize the IIS6 Web Server into a compact "IIS7 Server Core" which exposes a brand new native code extensibility interface, and we are providing 40+ "Functionality Modules" which are coded using the new native code extensibility interface. The 40+ "Functionality Modules" allow the "IIS7 Server Core" to provide the "IIS6 feature set" plus expose completely new features and functionality. One of them is extensibility of the IIS7 Server Core using managed code in an integrated fashion.

Finally, a word of caution when attempting to use managed code to "filter" requests, regardless of IIS version. Since only one CLR Version can be in a given process, if you configure managed code of one version to "filter" requests that are ultimately executed with another CLR Version, that will cause a conflict and prevent request execution.

//David

Comments

  • Anonymous
    February 23, 2006
    What you can do however is write one in mixed code using managed c++. provide your exports, use #pragma unmanaged, and from OnPreprocHeaders you can call into your managed code, inside of the same library using #pragma managed

    This of course doesnt give you the same thing as its managed httpmodule counterpart, but gives you a way to use the advantages of both worlds now. I havent tested this extensively, just was playing around with an idea when I did that. It worked some of the time, at times on a second request would act up, other times it would be ok. I never followed up with debugging it further.

  • Anonymous
    February 23, 2006
    The comment has been removed

  • Anonymous
    August 14, 2006
    System.Web.Hosting.IISAPIRuntime

    Official Interface Description:
    http://msdn2.microsoft.com/es-es/library/system.web.hosting.iisapiruntime.aspx

    Unoficcial Interface Example:
    http://www.koders.com/csharp/fidB2DAC08D67F5CAE73690B2295D6E0A13492B475E.aspx?s=string

    ---------------------------------------
    Johan Hernandez - thepumpkin1979 at hhoottmmaaiill.com

  • Anonymous
    August 15, 2006
    Johan - Thanks for the link, but unfortunately, it is not relevant. Even though the type name includes "ISAPI Runtime", it is quite the misnomer. What you point to is the Managed Stub to ISAPI used by ASP.Net for its pipeline on IIS. However, it is still unable to extend IIS pipeline like an ISAPI Filter.

    Microsoft simply does not provide any way to extend IIS behavior with a managed code "ISAPI" interface. You will have to wait for IIS7 for the ability.

    //David

  • Anonymous
    August 16, 2007
    David - I've just started an open source project for this same purpose, ISAPI Filters in .NET 2.0 for IIS 5.x and IIS 6.0. The current version is for .NET 2.0, so all ASP.NET code will need to be the same version. Haven't tried setting it up at web scope instead of global, but should work. It is a work in progress and version 0.9 (beta) is out. Comments are welcome.

  • Anonymous
    November 02, 2007
    The comment has been removed

  • Anonymous
    June 01, 2008
    hi Johan, this link http://www.koders.com/csharp/fidB2DAC08D67F5CAE73690B2295D6E0A13492B475E.aspx?s=string can't work now. can you tel me how to use ISAPIRuntime in my code?

  • Anonymous
    April 12, 2011
    Is there a way to do this now? In IIS7? On Windows Server 2008?