C# IIS7 文件映射 - .asax、.ashx、.asap
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/702572/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
IIS7 file mappings - .asax, .ashx, .asap
提问by SourceC
IIS enables us to also configure Asp.Net file mappings. Thus besides aspx, IIS also invokes Asp.Net runtime, when requests have the following file extensions:
IIS 还使我们能够配置 Asp.Net 文件映射。因此,除了 aspx 之外,当请求具有以下文件扩展名时,IIS 还会调用 Asp.Net 运行时:
a) .ascx --> .asmx extension is used to request user controls.
a) .ascx --> .asmx 扩展名用于请求用户控件。
- Since user controls can't be accessed directly, how and why would anyone send a request to a user control?
- 由于无法直接访问用户控件,因此有人如何以及为什么要向用户控件发送请求?
b) .ashx --> this extension is used for HTTP handlers.
b) .ashx --> 此扩展名用于 HTTP 处理程序。
? But why would you want to request an .ashx page directly instead of registering this handler inside configuration file and enable it to be called when files with certain ( non ashx ) extensions are requested?
? 但是为什么要直接请求 .ashx 页面而不是在配置文件中注册此处理程序,并在请求具有某些(非 ashx )扩展名的文件时调用它?
? Besides, since there can be several Http handlers registered, how will Asp.Net know which handler to invoke if they all use ashx extension?
? 此外,由于可以注册多个 Http 处理程序,如果它们都使用 ashx 扩展名,Asp.Net 如何知道要调用哪个处理程序?
? What does the requested ashx file contain? Perhaps a definition of a Http handler class?
? 请求的 ashx 文件包含什么?也许是 Http 处理程序类的定义?
? I know how we register Http handlers to be invoked when non-ashx pages are requested, but how do we register Http handler for ashx page?
? 我知道我们如何注册 Http 处理程序以在请求非 ashx 页面时调用,但是我们如何为 ashx 页面注册 Http 处理程序?
c) .asax --> This extension is used to request a global application file
c) .asax --> 该扩展名用于请求全局应用文件
? Why would we ever want to call Global.asax directly?
? I assume that when request is made for Global.asax, an object derived from HTtpApplication class is created, except this time no web page processing takes place?
? 为什么我们要直接调用 Global.asax?
? 我假设当对 Global.asax 发出请求时,会创建一个从 HTtpApplication 类派生的对象,除了这次没有网页处理发生?
thanx
谢谢
Q - Besides Asp.Net being able to request global.asax for compilation, is there any other reason why I would choose to request file with .asax extension directly?
问 - 除了 Asp.Net 能够请求 global.asax 进行编译,还有什么其他原因我会选择直接请求带有 .asax 扩展名的文件?
? ashx files don't have to be registered. They are basically a simpler aspx, for when you don't need the entire page life cycle. A common use is for retrieving dynamic images from a database.
? ashx 文件不必注册。它们基本上是一个更简单的 aspx,用于当您不需要整个页面生命周期时。一个常见的用途是从数据库中检索动态图像。
So if I write a Http handler, I should put it in a file with .ashx extension and Asp.Net will build an HttpHandler object similarly to how it builds a page instance from .aspx file?
所以如果我写了一个 Http 处理程序,我应该把它放在一个扩展名为 .ashx 的文件中,Asp.Net 将构建一个 HttpHandler 对象,类似于它如何从 .aspx 文件构建页面实例?
? If a hacker did try to make a request for one of these files, what would you want to happen? You certainly wouldn't want IIS to treat it like a text file and send the source for your app down to the browser.
? 如果黑客确实尝试请求获取这些文件之一,您希望发生什么?您当然不希望 IIS 将其视为文本文件并将您的应用程序的源发送到浏览器。
Asp.Net could do the same it does with .cs, .csproj, .config, .resx, .licx, .webinfo file types. Namely, it registers these file types with IIS so that it can explicitly prevent users from accessing these files
Asp.Net 可以对 .cs、.csproj、.config、.resx、.licx、.webinfo 文件类型执行相同的操作。即,它向 IIS 注册这些文件类型,以便它可以明确阻止用户访问这些文件
?Just because you don't expect requests from the browser for a resource, it doesn't mean you don't want that resource handled by the asp.net engine. These extensions are also how ASP.Net picks up files to compile for the web site model sites.
?仅仅因为您不希望浏览器对资源发出请求,并不意味着您不希望该资源由 asp.net 引擎处理。这些扩展也是 ASP.Net 选择文件以编译网站模型站点的方式。
But then why doesn't Asp.Net also allow .cs, .csproj, .config, .resx, .licx, .webinfo files to be directly requested?
但是为什么 Asp.Net 不允许直接请求 .cs、.csproj、.config、.resx、.licx、.webinfo 文件?
a) and c) - as far as I am aware, these are not exposed to process any external requests
a) 和 c) - 据我所知,这些不会用于处理任何外部请求
my book claims the two are mapped in IIS
我的书声称这两个映射在 IIS 中
I appreciate your help
我感谢您的帮助
EDIT:
编辑:
b) The .ashx extention is defined in a config file it's just not the web.config, its in the machine.config
<add path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" validate="True" />
http://msdn.microsoft.com/en-us/library/bya7fh0a.aspxWhy use .ashx: The difference is that the .NET class that handles a .ashx reads the Page directive in the .ashx file to map the request to a class specified in that directive. This saves you from having to put an explicit path in the web.config for every handler that you have, which could result in a very long web.config.
b) .ashx 扩展名是在配置文件中定义的,它不是 web.config,而是在 machine.config 中
<add path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" validate="True" />
http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx为什么使用 .ashx:区别在于处理 .ashx 的 .NET 类读取 .ashx 文件中的 Page 指令以将请求映射到该指令中指定的类。这使您不必为您拥有的每个处理程序在 web.config 中放置显式路径,这可能会导致 web.config 很长。
I thought Http handler class was defined inside .ashx file, but instead file with .ashx extension only contains Page directive?
我认为 Http 处理程序类是在 .ashx 文件中定义的,但带有 .ashx 扩展名的文件只包含 Page 指令?
Since I'm not 100% sure if I understand this correctly: Say we have ten Http handlers we want to invoke by making a request to IIS7. I assume for each Http handler there will be specific .ashx file --> thus if request is made for FirstHandler.asxh, then handler specified inside that file will be invoked?
因为我不是 100% 确定我是否正确理解这一点:假设我们有十个 Http 处理程序,我们要通过向 IIS7 发出请求来调用。我假设每个 Http 处理程序都会有特定的 .ashx 文件 --> 因此,如果对 FirstHandler.asxh 提出请求,那么将调用该文件中指定的处理程序?
YET ANOTHER EDIT:
I must confess that I'm still a bit unsure about ashx extension.
另一个编辑:我必须承认,我对 ashx 扩展名仍然有点不确定。
I realize that by using it we can for example create 'hey.ashx' page, where Page directive will tell which class ( Http handler) to invoke when request is made for 'hey.ashx' – thus no need to register Http handler in web.config.
我意识到通过使用它我们可以例如创建 'hey.ashx' 页面,其中 Page 指令将告诉当对 'hey.ashx' 发出请求时调用哪个类(Http 处理程序)——因此不需要在其中注册 Http 处理程序网络配置。
But if you use Http handlers that way, then they will only get invoked when requests are made for files with .ashx extension. Thus, if I want Http handler to be invoked for files with other extensions, such as .sourceC, then I will still need to register Http handler in web.config?!
但是,如果您以这种方式使用 Http 处理程序,那么它们只会在对具有 .ashx 扩展名的文件发出请求时被调用。因此,如果我希望为具有其他扩展名的文件(例如 .sourceC)调用 Http 处理程序,那么我仍然需要在 web.config 中注册 Http 处理程序?!
采纳答案by eglasius
To definitely clear any confusion you might have on what asp.net does with these requests, check the web.config in:
要明确清除您可能对 asp.net 对这些请求执行的操作的任何混淆,请检查 web.config 中的:
%systemroot%\Microsoft.NET\Framework\v2.0.50727\CONFIG
%systemroot%\Microsoft.NET\Framework\v2.0.50727\CONFIG
As you can see (posted mine below), asp.net excludes pretty much any of the files that you are unsure if they were receiving special treatment. Notice there is *.cs, *.acsx, *.asax.
正如您所看到的(在下面发布我的),asp.net 排除了几乎所有您不确定它们是否正在接受特殊处理的文件。注意有 *.cs、*.acsx、*.asax。
<add path="*.asax" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ascx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.master" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.skin" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.browser" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sitemap" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.dll.config" verb="GET,HEAD" type="System.Web.StaticFileHandler" validate="True"/>
<add path="*.exe.config" verb="GET,HEAD" type="System.Web.StaticFileHandler" validate="True"/>
<add path="*.config" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.cs" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.csproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.vb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.vbproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.webinfo" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.licx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.resx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.resources" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.mdb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.vjsproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.java" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.jsl" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ldb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ad" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.dd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ldd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.cd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.adprototype" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.lddprototype" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sdm" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.sdmDocument" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.mdf" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.ldf" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.exclude" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
<add path="*.refresh" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
Also, bear in mind that IIS might not be configured to map some requests (MIME types) to the ASP.NET pipeline.
此外,请记住,IIS 可能未配置为将某些请求(MIME 类型)映射到 ASP.NET 管道。
回答by eglasius
a) and c) - as far as I am aware, these are not exposed to process any external requests
a) 和 c) - 据我所知,这些不会用于处理任何外部请求
b) by default, it will look for a .ashx file with the path/name requested. This makes it really easy to add a handler to a web site, with no configuration necessary.
b) 默认情况下,它将查找具有请求路径/名称的 .ashx 文件。这使得向网站添加处理程序变得非常容易,无需配置。
Update:In a you also mentioned asmx. My take is the book is explaining some ajax related feature, with some comments regarding:
更新:在你还提到了 asmx。我的看法是这本书正在解释一些与 ajax 相关的功能,其中有一些评论:
- Asp.net doesn't allow making requests pointed to .ascx.
- You can make a request to a web service (.asmx) to get you the info.
- There are some built in features to help you with the above.
- Asp.net 不允许发出指向 .ascx 的请求。
- 您可以向 Web 服务 (.asmx) 发出请求以获取信息。
- 有一些内置功能可以帮助您完成上述工作。
回答by Joel Coehoorn
A few points:
几点:
- asmx files are not the same as ascx files. You use them for web services (soap) rather than web controls.
- ashx files don't haveto be registered. They are basically a simpleraspx, for when you don't need the entire page life cycle. A common use is for retrieving dynamic images from a database.
- If a hacker didtry to make a request for one of these files, what would you want to happen? You certainly wouldn't want IIS to treat it like a text file and send the source for your app down to the browser.
- Just because you don't expect requests from the browser for a resource, it doesn't mean you don't want that resource handled by the asp.net engine. These extensions are also how ASP.Net picks up files to compile for the web site model sites.
- asmx 文件与 ascx 文件不同。您将它们用于 Web 服务(soap)而不是 Web 控件。
- ashx的文件不具有注册。它们基本上是一个更简单的aspx,用于当您不需要整个页面生命周期时。一个常见的用途是从数据库中检索动态图像。
- 如果黑客确实尝试请求获取这些文件之一,您希望发生什么?您当然不希望 IIS 将其视为文本文件并将您的应用程序的源发送到浏览器。
- 仅仅因为您不期望来自浏览器的资源请求,并不意味着您不希望该资源由 asp.net 引擎处理。这些扩展也是 ASP.Net 选择文件以编译网站模型站点的方式。
回答by missaghi
a).ascx can't be accessed directly becasue the default handler is the class System.Web.HttpForbiddenHandler
a).ascx 不能直接访问,因为默认处理程序是类 System.Web.HttpForbiddenHandler
<add path="*.ascx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" />
.asmx files can be called directly, they are webmethods (though you usually have to make POST request, unless you specify to allow GET's in the web.config
.asmx 文件可以直接调用,它们是 webmethods(尽管您通常必须发出 POST 请求,除非您在 web.config 中指定允许 GET)
b)The .ashx extention isdefined in a config file it's just not the web.config, its in the machine.config
b).ashx 扩展名是在配置文件中定义的,它不是 web.config,而是在 machine.config 中
<add path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" validate="True" />
http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx
http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx
Why use .ashx:The difference is that the .NET class that handles a .ashx reads the Page directive in the .ashx file to map the request to a class specified in that directive. This saves you from having to put an explicit path in the web.config for every handler that you have, which could result in a very long web.config.
为什么使用 .ashx:区别在于处理 .ashx 的 .NET 类读取 .ashx 文件中的 Page 指令以将请求映射到该指令中指定的类。这使您不必为您拥有的每个处理程序在 web.config 中放置显式路径,这可能会导致 web.config 很长。
--
——
c)Global.asax: i don't use gloabl.asax, i rather use the very elegant HttpModule solution, but it's probably setup for legacy sites that had global.asax files.
c)Global.asax:我不使用 Gloabl.asax,而是使用非常优雅的 HttpModule 解决方案,但它可能是为具有 global.asax 文件的旧站点设置的。
