3.2. Integrated Mode Per-Request Security
It has been previously mentioned how the request-processing pipeline gets unified when an ASP.NET application is running in the IIS 7.0 integrated mode. It is clear how the duplication of effort has been eliminated since both ASP.NET and IIS 7.0 now share the same request-processing pipeline.
The unified pipeline indicates that at every stage in the pipeline, IIS and ASP.NET modules subscribe to the same event and hence they run side by side. IIS runtime will check the configured modules and executes them according to their order of listing inside the <modules /> configuration section with some exceptions. The native modules have the capability to change the order programmatically, which is the case with the native AnonymousAuthenticationModule. This module always runs at the end of the authentication event fired by the pipeline no matter what other authentication modules are enabled. As you will see later, this proves why the managed WindowsAuthenticationModule does not fire its Authenticate event since AnonymousAuthenticationModule, when enabled, fires after the managed WindowsAuthenticationModule.
The configured modules for a specific pipeline event could include both native and managed modules. For instance, the FormsAuthenticationModule has been integrated into the authentication modules in IIS. This allows you now to enable this module for your application from inside the IIS Manager tool. When the managed FormsAuthenticationModule ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
