Juan, thank you very much for the information.
I've read them quickly and I still confused,
maybe I didnot describe my question clearly.
In Fritz's "Essential ASP.NET with Examples",
section 3.1.5, he said:
"IIS is always listening for requests and dispatching
them to the ASP.NET worker process if they are
ASP.NET requests. This is important to realize because
the configuration settings in the IIS metabase are applied
<i>before</i> the request to the ASP.NET worker process
is dispatched.
....
For example, if you specify in the IIS metabase that users
must be authenticated using Windows authentication, but
in your ASP.NET application application web.config file
you have granted anonymous access, user will always be
required to authenticate before thay can access pages.."
I experiment it both with IIS 5 and IIS 6, and I get the same
result as Fritz said. But why? All the documents say that in
IIS 6, HTTP.sys is only a "gate" to pass requests to w3wp.exe,
so in the above example, when and who checked the IIS
metabase for the authentication? Is it WAS or aspnet_isapi.dll
in w3wp process? This is what I really want to know.
Hope I made my question clear (English is not my mother tongue).
Michael
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:Oc**************@TK2MSFTNGP14.phx.gbl...
I should have added these 2 links. They have additional info.
"HTTP Protocol Stack (IIS 6.0)" :
http://www.microsoft.com/technet/pro...2cda661b4.mspx
"Http.sys.doc" (Changes to HTTP API in Windows Server 2003 SP1) :
http://download.microsoft.com/downlo...6/HTTP.SYS.doc
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:eh**************@TK2MSFTNGP14.phx.gbl... Michael, what do you find odd in that ?
http.sys does *not* load any application code,
it only parses and routes requests.
Please review these documents :
"Security Enhancements in Internet Information Services 6.0" :
http://download.microsoft.com/downlo...IISEnhance.doc
"Technical Overview of Internet Information Services (IIS) 6.0" :
http://download.microsoft.com/downlo...ISOverview.doc
They will be of use in understanding how http.sys works within IIS.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================
"Michael Tsai" <hu**********@gmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl... Hi,
It said that IIS 6 use HTTP.sys as the front end for
handling HTTP request, and pass ASP.NET requests
to w3wp.exe, but after some simple experiments,
I found the security settings (e.g. Authentication method)
in IIS metabase is still applied before the HTTP request
reach my ASP.NET application.
Anyone one can explain this for me? or point to an
article that explains: when a user requests an ASP.NET
page, what happened between HTTP.sys and IIS metabase?
Michael