IIS7文件映射 - .asax，.ashx，.asap [英] IIS7 file mappings - .asax, .ashx, .asap

问题描述

IIS使我们能够配置Asp.Net文件映射。因此，除了aspx之外，当请求具有以下文件扩展名时，IIS也会调用Asp.Net运行时：

a）。 ascx - > .asmx扩展名用于请求用户控件。

• 由于无法直接访问用户控件，任何人向用户控件发送请求的方式和原因是什么？
  
  
  

b）.ashx - >此扩展名用于HTTP处理程序。

•但是为什么要直接请求.ashx页面而不是在配置文件中注册此处理程序并启用它当请求具有某些（非ashx）扩展名的文件时？

•此外，由于可以注册多个Http处理程序，如果Asp.Net都使用ashx，Asp.Net将如何知道调用哪个处理程序延期？

•请求的ashx文件包含什么？也许是Http处理程序类的定义？

•我知道如何在请求非ashx页面时注册Http处理程序，但我们如何注册Http处理程序ashx页？

c）.asax - >此扩展用于请求全局应用程序文件

•为什么我们要直接调用Global.asax？



•我假设在请求Global.asax时，会创建一个从HTtpApplication类派生的对象，除非这次没有进行网页处理？

thanx

---

问 - 除了Asp.Net能够请求global.asax进行编译之外，还有其他原因我会选择请求文件.asax扩展名直接？

•ashx文件不一定是注册。它们基本上是一个更简单的aspx，因为当你不需要整个页面生命周期时。一个常见的用途是从数据库中检索动态图像。

所以如果我写一个Http处理程序，我应该把它放在一个文件中使用.ashx扩展名和Asp.Net将构建一个HttpHandler对象，类似于如何从.aspx文件构建页面实例？

•如果黑客确实试图制作一个请求其中一个文件，你想要发生什么？您当然不希望IIS将其视为文本文件，并将您的应用程序的源代码发送到浏览器。

Asp .Net可以与.cs，.csproj，.config，.resx，.licx，.webinfo文件类型相同。即，它使用IIS注册这些文件类型，以便它可以明确地阻止用户访问这些文件

•仅仅因为您不希望浏览器请求资源，这并不意味着您不希望asp.net引擎处理该资源。这些扩展也是ASP.Net如何为网站模型站点选择文件进行编译的。

但是为什么不是Asp .Net还允许直接请求.cs，.csproj，.config，.resx，.licx，.webinfo文件？

a）和c） - 据我所知，这些都不会暴露给任何外部请求进程

我的书声称这两个是在IIS中映射的/ p>

感谢您的帮助

编辑：

b）.ashx扩展名在配置文件中定义它不是web.config，它在machine.config中

< add path =* .ashxverb =* type =System.Web.UI.SimpleHandlerFactoryvalidate =True/>


http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx

为什么使用.ashx：区别在于处理.ashx的.NET类读取.ashx文件中的Page指令以将请求映射到该指令中指定的类。这样就不必为每个处理程序在web.config中放置一个显式路径，这可能会导致web.config很长。

我认为Http处理程序类是在.ashx文件中定义的，但是扩展名为.ashx的文件只包含Page指令？

因为我不是100％确定我是否理解正确：假设我们要通过向IIS7发出请求来调用10个Http处理程序。我假设每个Http处理程序都会有特定的.ashx文件 - >因此，如果对FirstHandler.asxh发出请求，那么将调用该文件中指定的处理程序？

YET另一个编辑：



我必须承认我对ashx扩展仍然有点不确定。

我意识到通过使用它我们可以创建'hey.ashx'页面，其中Page指令将告诉哪个类（Http）处理程序）在为'hey.ashx'发出请求时调用 - 因此无需在web.config中注册Http处理程序。

但是如果你这样使用Http处理程序，那么只有在对扩展名为.ashx的文件发出请求时才会调用它们。因此，如果我想要为具有其他扩展名的文件调用Http处理程序，例如.sourceC，那么我仍然需要在web.config中注册Http处理程序？！

解决方案

为了明确清除您对asp.net对这些请求所做的任何混淆，请查看以下网址中的web.config：

％systemroot％\ Mesrosoft.NET \ Framework \v2.0.50727 \ CONFIG

当你可以看到（在我的下面发布），asp.net几乎排除了你不确定他们是否接受特殊处理的任何文件。请注意，有* .cs，*。acsx，* .asax。

 < add path =*。asaxverb =*type =System.Web.HttpForbiddenHandlervalidate = 真/> 
< add path =*。ascxverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。masterverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。skinverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。browserverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。sitemapverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。dll.configverb =GET，HEADtype =System.Web.StaticFileHandlervalidate =True/> 
< add path =*。exe.configverb =GET，HEADtype =System.Web.StaticFileHandlervalidate =True/> 
< add path =*。configverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。csverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。csprojverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。vbverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。vbprojverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。webinfoverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。licxverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =* .resxverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。resourcesverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。mdbverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。vjsprojverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。javaverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。jslverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。ldbverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。adverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。ddverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。lddverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。sdverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。cdverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。adprototypeverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。lddprototypeverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。sdmverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。sdmDocumentverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。mdfverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。ldfverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。excludeverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
< add path =*。refreshverb =*type =System.Web.HttpForbiddenHandlervalidate =True/> 
  

另外，请记住，IIS可能未配置为将某些请求（MIME类型）映射到ASP.NET管道。

IIS enables us to also configure Asp.Net file mappings. Thus besides aspx, IIS also invokes Asp.Net runtime, when requests have the following file extensions:

a) .ascx --> .asmx extension is used to request user controls.

• Since user controls can’t be accessed directly, how and why would anyone send a request to a user control?
  
  

b) .ashx --> this extension is used for HTTP handlers.

• But why would you want to request an .ashx page directly instead of registering this handler inside configuration file and enable it to be called when files with certain ( non ashx ) extensions are requested?

• Besides, since there can be several Http handlers registered, how will Asp.Net know which handler to invoke if they all use ashx extension?

• What does the requested ashx file contain? Perhaps a definition of a Http handler class?

• I know how we register Http handlers to be invoked when non-ashx pages are requested, but how do we register Http handler for ashx page?

c) .asax --> This extension is used to request a global application file

• Why would we ever want to call Global.asax directly?

• I assume that when request is made for Global.asax, an object derived from HTtpApplication class is created, except this time no web page processing takes place?

thanx

---

Q - Besides Asp.Net being able to request global.asax for compilation, is there any other reason why I would choose to request file with .asax extension directly?

• ashx files don't have to be registered. They are basically a simpler aspx, for when you don't need the entire page life cycle. A common use is for retrieving dynamic images from a database.

So if I write a Http handler, I should put it in a file with .ashx extension and Asp.Net will build an HttpHandler object similarly to how it builds a page instance from .aspx file?

• If a hacker did try to make a request for one of these files, what would you want to happen? You certainly wouldn't want IIS to treat it like a text file and send the source for your app down to the browser.

Asp.Net could do the same it does with .cs, .csproj, .config, .resx, .licx, .webinfo file types. Namely, it registers these file types with IIS so that it can explicitly prevent users from accessing these files

•Just because you don't expect requests from the browser for a resource, it doesn't mean you don't want that resource handled by the asp.net engine. These extensions are also how ASP.Net picks up files to compile for the web site model sites.

But then why doesn’t Asp.Net also allow .cs, .csproj, .config, .resx, .licx, .webinfo files to be directly requested?

a) and c) - as far as I am aware, these are not exposed to process any external requests

my book claims the two are mapped in IIS

I appreciate your help

EDIT:

b) The .ashx extention is defined in a config file it's just not the web.config, its in the machine.config

<add path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" validate="True" />
http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx

Why use .ashx: The difference is that the .NET class that handles a .ashx reads the Page directive in the .ashx file to map the request to a class specified in that directive. This saves you from having to put an explicit path in the web.config for every handler that you have, which could result in a very long web.config.

I thought Http handler class was defined inside .ashx file, but instead file with .ashx extension only contains Page directive?

Since I’m not 100% sure if I understand this correctly: Say we have ten Http handlers we want to invoke by making a request to IIS7. I assume for each Http handler there will be specific .ashx file --> thus if request is made for FirstHandler.asxh, then handler specified inside that file will be invoked?

YET ANOTHER EDIT:

I must confess that I’m still a bit unsure about ashx extension.

I realize that by using it we can for example create 'hey.ashx' page, where Page directive will tell which class ( Http handler) to invoke when request is made for 'hey.ashx' – thus no need to register Http handler in web.config.

But if you use Http handlers that way, then they will only get invoked when requests are made for files with .ashx extension. Thus, if I want Http handler to be invoked for files with other extensions, such as .sourceC, then I will still need to register Http handler in web.config?!

解决方案

To definitely clear any confusion you might have on what asp.net does with these requests, check the web.config in:

%systemroot%\Microsoft.NET\Framework\v2.0.50727\CONFIG

As you can see (posted mine below), asp.net excludes pretty much any of the files that you are unsure if they were receiving special treatment. Notice there is *.cs, *.acsx, *.asax.

<add path="*.asax" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ascx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.master" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.skin" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.browser" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sitemap" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.dll.config" verb="GET,HEAD" type="System.Web.StaticFileHandler" validate="True"/>
<add path="*.exe.config" verb="GET,HEAD" type="System.Web.StaticFileHandler" validate="True"/>
<add path="*.config" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.cs" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.csproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.vb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.vbproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.webinfo" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.licx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.resx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.resources" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.mdb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.vjsproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.java" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.jsl" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ldb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ad" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.dd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ldd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.cd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.adprototype" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.lddprototype" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sdm" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sdmDocument" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.mdf" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ldf" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.exclude" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.refresh" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>

Also, bear in mind that IIS might not be configured to map some requests (MIME types) to the ASP.NET pipeline.

这篇关于IIS7文件映射 - .asax，.ashx，.asap的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！