The term application has been used throughout this book. You probably know intuitively what a web application is. Here is a working definition for a web application: “A web application consists of all of the web pages, files, code, objects, executables, images, and other resources located in an IIS virtual directory or a subdirectory of that virtual directory.” In other words, a web application is either a web site or a web service.

The web application will start the first time any of its pages are requested from the web server. It will run until any of a number of events cause it to shut down. These events include the following:

If a page is requested and the application is not running, the application will automatically restart.

Unlike traditional EXE applications, web applications do not have a fixed starting point. A user can drop in through any number of paths or entry points. Web application flow and security should be designed accordingly.

For example, a virtual directory may contain three web pages: default.aspx, login.aspx, and bugs.aspx. If you enter the following URL in a browser, you will go to default.aspx, which may send you to login.aspx:

    http://localhost

On the other hand, users may enter the following URL to go directly to the login page:

    http://localhost/login.aspx

Once logged in, they can go to bugs.aspx. If a user tries to go directly to bugs.aspx without logging ...