HTTP Fundamentals
HTTP Resources
Uniform Resource Locator (URL)
Browser return below content from server to display for user
HTTP Vs IIS Server
IIS server will look at incoming HTTP request on server and return content from physical location of server where it is installed.
IIS Web Server DEMO
Ports, Queries and Fragments
DEMO of QueryString
URL Encoding
Commonly Encoded Values for UnSafe Characters
Content Types
Content Negotiation DEMO
HTTP Messages
Manual Request
DEMO of POST HTTP request
If we refresh this page again
DEMO of GET HTTP Request
The tool Fiddler is used to look Request and Response contents
HTTP Connections
DEMO of HTTP Connections
The tool WireShark is used to TCP/IP Handshaking between client and Server
Evolution of HTTP
Old Browser is using Serial connection HandShaking Mechanism
Modern Browsers using parallel connection Handshaking mechanism
Modern browsers are using Persistent Connection mechanism in Modern browsers
HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair.
Here, Single connection will be used for subsequent request and responses of browser. this is server depends.
Look at the connection close header response to indicate that connection closed at server side
Modern browsers are also using Pipe line Connection mechanism in Modern browsers
HTTP Architecture
Proxies Servers
If company wants to prohibit Twitter then proxy redirect to BIN
Reverse Proxy can do many services for company, like load balancing, compressing and etc.
Settings to check proxy at local machine
Caching
DEMO of Caching
Some Responses with Private Caching
Some responses with No Caching options
HTTP Security
Http is stateless protocol, that means for every request will have response from server and both the client and server will forget about transactions
Below listed Server side methods are available ASP.NET application programming model to save state between Server and Client transactions.
Cookies for State Management system
Cookies is client side state management mechanism to store information about HTTP Transactions.
Tracing Sessions and HTTP Only with the help of Cookies
Cookies(Session Cookies is Non persistence), Domains and Persistence
Below is non persistence cookie HTTP response.
Persistence cookie HTTP Response.
DEMO of Basic Authentication
Take the Basic Authorization information as below
Use below site to decrypt Basic Authorization information which we copied in our previous page
Here Digest authentication is like Basic Authentication, but in digest authentication use Advanced Encryption algorithm which is specified by server.
Chrome browser will be asking to provide user name and password via windows authentication
But IE will not ask user name and password directly instead it will take automatically from current system login identity by setting below settings.
There are two different authentication mechanism in Form based authentication. that is Secured(HTTPS) and Unsecured(HTTP) protocols. In HTTPS authentication our credentials would be encrypted based on certificates.
Open ID is centralized authentication mechanism now a days. At present applications are not ready to store and manage user credentials instead they are dealing with third party credential providers to get the user credentials to manage users' login.
Secure HTTP
HTTPS authentication mechanism is used to in form based authentication method to encrypt request and response messages.
IIS - Internet Information Server for Developers
IIS Setup
History of IIS
In windows 2000, IIS 5 was installed by default.
But in the case of windows 2003, IIS 6 was not installed as a default component in the system. Here site owner can select the version of .NET Framework which would reply with proper contents back to users' request.
In windows 2008, IIS 7 and IIS 7.5 was broken up into many sub components. This may reduce security vulnerability of user request by selecting appropriate components for specific services of server.
Installing IIS Via Server Manager
To install the latest MS Components via Web Platform Installer
Adding SSL Certificates
There are three things Browser will check when user makes HTTPS request based on certificate
Certificate date in range
Is this trusted certificate authority(Public key infrastructure)
Host name checking
SSL Wildcard sertificates
Wildcard certificate will be used to for multisub domain sites
IIS Configuration
Web config and IIS configs are interchangeable via Feature delegates
Based on below settings Application can read and Web.config can set the settings
Application pools
Manage IIS
Log parser tool to analyze logs
Powershell for IIS Management
Web Deployment tool for IIS
Deployment command to copy website from one IIS location to another IIS location via Web Deployment command
Web Deployment push from VS
IIS Extensions
Installing Web Extensions from IIS site
Installing IIS Extensions from Web Platform Installer
IIS Express
Installing IIS Express
To view the IIS Express log and config files
Configure for HTTPS site under IIS Express
Browser fails to load page because localhost certificate expires
IIS 8 - What's New
IIS 8 Setup
Application Initialization
W3Wp process starts immediately when we restart IIS
Server Name Indication (SNI)
Server Name Indication (SNI) is an extension to the TLS protocol[1] that indicates what hostname the client is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 virtual hosting for HTTPS.To make use of SNI practical, it is necessary that the vast majority of users use web browsers that support it. Users whose browsers do not support SNI will be presented with a default certificate and hence are likely to receive certificate warnings, unless the server is equipped with a wildcard certificate that matches the name of the website.
Normal SSL feature to allow install and use single Certificate in IIS, because certificate tied with Local web server IP address.
CPU Throttling in Application pool of IIS
Web socket support in IIS 8
Extending IIS 7.5 with Modules and Handlers
We could enable/Disable Modules of IIS through this applicationHost.config
In IIS 6.0 and previous releases, ASP.NET was implemented as an IIS
ISAPI extension.
In these earlier releases, IIS processed a request to an ASP.NET
content type and then forwarded that request to the ASP.NET ISAPI DLL, which
hosted the ASP.NET request pipeline and page framework. Requests to non-ASP.NET
content, such as ASP pages or static files, were processed by IIS or other
ISAPI extensions and were not visible to ASP.NET.
The major limitation of this model was that services provided by ASP.NET
modules and custom ASP.NET application code were not available to non-ASP.NET
requests. In addition, ASP.NET modules were unable to affect certain parts of
the IIS request processing that occurred before and after the ASP.NET execution
path.
In IIS 7, the ASP.NET request-processing pipeline overlays the IIS
pipeline directly, essentially providing a wrapper over it instead of plugging
into it.
IIS 7 processes requests that arrive for any content type, with both
native IIS modules and ASP.NET modules providing request processing in all
stages. This enables services that are provided by ASP.NET modules, such
as Forms authentication or output cache, to be used for requests to ASP
pages, PHP pages, static files, and so on.
The ability to plug in directly into the server pipeline allows ASP.NET
modules to replace, run before, or run after any IIS 7 functionality. This
enables, for example, a custom ASP.NET Basic authentication module that is
written to use the Membership service and SQL Server user database to replace
the built-in IIS Basic authentication feature that works only with Windows accounts.
In addition, the expanded ASP.NET APIs use direct integration to enable
more request-processing tasks. For example, ASP.NET modules can modify request
headers before other components process the request, by inserting an
Accept-Language header before ASP applications execute, which forces
localized content to be sent back to the client based on user preference.
Old UI
New Implementation
UI Extension of IIS
HttpModules
Example of prebuilt HttpModule
Custom Http Module
HttpHandlers
IsReusable method in HttpHandlers
This will intimate ASP.NET runtime can reuse this object if someone make the request on same httphandler object
No need to give any configurations in Web.Config file
MS JQuery Template
Managing IIS and Diagnostics
Introduction to IIS Certificates
Theory and analyzing various certificates
Export Certificate with only public key since this third party server certificate
Export certificate from Local machine with private key and public key
Key stores in files, obtaining a certificate and Certificate Authorities
To obtain the certificate
MS certificate portal
MMC Application
Self Signed Certificate
Browser will check the CRL Distribution point to check the validity of the certificate
No comments:
Post a Comment