7.1. IIS 5 ISAPI Extension Behavior
Before ASP.NET there was IIS 5, and it was good. You could write classic ASP applications that incorporated their own authentication and authorization behavior. And you could add other external resources like images, stylesheets, and so on and reference them from your classic ASP applications. However, sometimes you wanted to perform some preliminary work prior to passing a request on to ASP. Probably the most frequently asked-for capability was URL rewriting, for which the new IIS 7.0 Integration mode offers an easy solution.
However, in IIS 5 the only way to accomplish something like this was by writing an ISAPI filter, a rather daunting prospect for most us. The underlying reason for this restriction is that in IIS5 the core runtime is only extensible through ISAPI filters and extensions; that was the extensibility mechanism at the time.
Of course, one nice side effect in IIS 5 was that the authentication model for classic ASP was the IIS authentication model. There was no artificial bifurcation between IIS authentication modes and some other ASP-like authentication mode. This meant that after you had things configured in IIS, your ASP security just worked with IIS's implementation of integrated security. Furthermore, when an ASP application relied on just plain HTML pages, image files, CSS files, and the like, there was no need for special security configuration work to get these to work. ASP, IIS, and static files lived together peacefully. ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
