Within ASP.NET, several processing steps must occur for an ASP.NET application to be initialized and process requests. Additionally, ASP.NET is only one piece of the Web server architecture that services requests made by browsers. It is important for you to understand the application life cycle so that you can write code at the appropriate life cycle stage for the effect you intend.
1. User requests an application resource from the Web server.
- The life cycle of an ASP.NET application starts with a request sent by a browser to the Web server (for ASP.NET applications, typically IIS). ASP.NET is an ISAPI extension under the Web server. When a Web server receives a request, it examines the file name extension of the requested file, determines which ISAPI extension should handle the request, and then passes the request to the appropriate ISAPI extension. ASP.NET handles file name extensions that have been mapped to it, such as .aspx, .ascx, .ashx, and .asmx.
- If a file name extension has not been mapped to ASP.NET, then ASP.NET will not receive the request. This is important to understand for applications that use ASP.NET authentication. For example, because .htm files are typically not mapped to ASP.NET, ASP.NET will not perform authentication or authorization checks on requests for .htm files. Therefore, even if a file contains only static content, if you want ASP.NET to check authentication, create the file using a file name extension mapped to ASP.NET, such as .aspx.
- If you create a custom handler to service a particular file name extension, you must map the extension to ASP.NET in IIS and also register the handler in your application's Web.config file.
2. ASP.NET receives the first request for the application.
- When ASP.NET receives the first request for any resource in an application, a class named
3. ASP.NET core objects are created for each request.
- After the application domain has been created and the HostingEnvironment object instantiated, ASP.NET creates and initializes core objects such as
4. An HttpApplication object is assigned to the request
- After all core application objects have been initialized, the application is started by creating an instance of the HttpApplication class. If the application has a Global.asax file, ASP.NET instead creates an instance of the Global.asax class that is derived from the HttpApplication class and uses the derived class to represent the application.
- The first time an ASP.NET page or process is requested in an application, a new instance of HttpApplication is created. However, to maximize performance, HttpApplication instances might be reused for multiple requests.
- When an instance of HttpApplication is created, any configured modules are also created. For instance, if the application is configured to do so, ASP.NET creates a
5. The request is processed by the HttpApplication pipeline.
The following events are executed by the HttpApplication class while the request is processed. The events are of particular interest to developers who want to extend the HttpApplication class.
- Validate the request, which examines the information sent by the browser and determines whether it contains potentially malicious markup. Request validation is performed by comparing all input data to a list of potentially dangerous values. If a match occurs, ASP.NET raises an HttpRequestValidationException.
- Perform URL mapping, if any URLs have been configured in the UrlMappingsSection section of the Web.config file.
- Raise the BeginRequest event. The BeginRequest event signals the creation of any given new request. This event is always raised and is always the first event to occur during the processing of a request.
- Raise the AuthenticateRequest event.Occurs when a security module has established the identity of the user.The AuthenticateRequest event signals that the configured authentication mechanism has authenticated the current request. Subscribing to the AuthenticateRequest event ensures that the request will be authenticated prior to processing the attached module or event handler.
- Raise the PostAuthenticateRequest event.
- Raise the AuthorizeRequest event. Occurs when a security module has verified user authorization. The AuthorizeRequest event signals that ASP.NET has authorized the current request. Subscribing to the AuthorizeRequest event ensures that the request will be authenticated and authorized prior to processing the attached module or event handler.
- Raise the PostAuthorizeRequest event.
- Raise the ResolveRequestCache event. Occurs when ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the event handler (for example, a page or an XML Web service).
- Raise the PostResolveRequestCache event.
- Based on the file name extension of the requested resource (mapped in the application's configuration file), select a class that implements IHttpHandler to process the request. If the request is for an object (page) derived from the Page class and the page needs to be compiled, ASP.NET compiles the page before creating an instance of it.
- Raise the PostMapRequestHandler event. Occurs when ASP.NET has mapped the current request to the appropriate event handler.
- Raise the AcquireRequestState event. Occurs when ASP.NET acquires the current state (for example, session state) that is associated with the current request. The AcquireRequestState event is raised after the event handler has been created.
- Raise the PostAcquireRequestState event.
- Raise the PreRequestHandlerExecute event.
- Call the ProcessRequest method (or the asynchronous version BeginProcessRequest) of the appropriate IHttpHandler class for the request. For example, if the request is for a page, the current page instance handles the request. Enables processing of HTTP Web requests by a custom HttpHandler that implements the IHttpHandler interface. Place your custom HttpHandler code in the ProcessRequest virtual method.
- Raise the PostRequestHandlerExecute event.
- Raise the ReleaseRequestState event.
- Raise the PostReleaseRequestState event.
- Perform response filtering if the Filter property is defined.
- Raise the UpdateRequestCache event.
- Raise the PostUpdateRequestCache event.
- Raise the EndRequest event.