Manged Modules and Custom Modules in IIS

  • Thread starter Thread starter meenakshiBalekar
  • Start date Start date
M

meenakshiBalekar

Table of Contents:

  1. Modules in IIS
  2. Types of Modules
  3. Integration within IIS Architecture and Pipeline
  4. Custom Module and it's creation
  5. Interference with Incoming Requests
  6. Capabilities of Custom Modules
  7. Advantages of Using Custom Modules
  8. Summary



Modules in IIS



Modules in Internet Information Services (IIS) are individual features that the server uses to process requests. Module is a component that handles specific tasks during the processing of web requests. These tasks can range from authentication and logging to compression and caching. Modules are integral to how IIS manages and processes requests, allowing for a modular and customizable approach to web server functionality. They are designed to handle specific tasks, such as authentication, caching, logging, and more.



There are two types of Modules available :


  • Native Modules: Built into IIS and handle core functionalities like authentication, compression, and logging.
  • Managed Modules: Written in managed code (e.g., .NET) and provide additional features like session state management and URL authorization.



Modules can inspect, modify, or act on requests and responses. They participate in the request processing pipeline, ensuring tasks like user authentication, data compression, and request filtering are handled efficiently



Integration within IIS Architecture and Pipeline




Let's take a look into the IIS pipeline mode :



Integration within IIS Architecture and Pipeline

Custom modules are integrated into the IIS request-processing pipeline, which follows these stages. By subscribing to events such as `BeginRequest`, custom modules can intercept and process requests at different points in this pipeline.




meenakshiBalekar_4-1725021972726.png





On the left side we have stages that will be part of request lifecycle. We have different stages like authentication, authorization, execute handler, compression and on the right side we have modules like basic and windows which will be subscribed to different stages.



Modules will be subscribing to different stages




Modules are loaded into the IIS pipeline and participate in the request processing. They can inspect, modify, or act on requests and responses. For example, an authentication module might verify user credentials before allowing access to a resource, while a compression module might compress the response data before sending it to the client.





So how does this works ?



Consider I have an ASP.NET framework application hosted on IIS. On this website I have enabled Windows authentication



meenakshiBalekar_5-1725021972728.png





So here the request to my website will go via standard IIS pipeline, however as we have windows authentication enabled you will be able to see that when authentication stage is reached in the pipeline, it will check if there is any module subscribed for this stage. Once it identifies that the windows authentication is enabled it will intercept the request and will perform Windows authentication and then process the request.



If you want to see how does this looks, you can take a FREB trace and see the Windows authentication module getting kicked in under the authentication stage


meenakshiBalekar_9-1725022361743.png





There are other modules that are not yet subscribed and not performing any activity.



This is how the Modules make IIS a flexible and powerful web server, allowing administrators and developers to tailor its behaviour to meet specific application requirements. But how is the flexibility going to be achieved ?



For that we can customize the modules as per our need.



Custom Modules




You can create your own custom modules to extend IIS functionality. These modules can be written in native code (C/C++) or managed code (C#, VB.NET). Custom modules allow for tailored solutions to specific needs, such as custom logging, authentication, or request handling.



Writing and Adding Custom Modules in IIS




Creating a custom module for IIS involves writing managed or native code that hooks into the IIS request processing pipeline. Here's a step-by-step guide:



Step 1: Create a New Class Library Project

Open Visual Studio and create a new Class Library project.

Name your project, for example, RemoveHeadersModule.



Step 2: Implement the IHttpModule Interface

Add a new class to your project, e.g., RemoveHeadersModule.cs.

Implement the IHttpModule interface in this class.



Code: 
public class CustomModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(OnBeginRequest);
//this is where you can add your logic to modify the request
}
private void OnBeginRequest(object sender, EventArgs e)
{
HttpContext context = ((HttpApplication)sender).Context;
context.Response.Write("Custom Module Executed!");
}
public void Dispose() 
{ }
}





For native code, use C++ to create an ISAPI extension or filter.



Step 3: Register the Module

  1. Open your web.config file.
  2. Add the following configuration to register your custom module:



Code: 
<configuration>
  <system.webServer>
    <modules>
      <add name="<AssemblyName>" type="<namespace.classname>" />
    </modules>
  </system.webServer>
</configuration>




Step 4: Deploy the Module

Build your project to generate the DLL.

Copy the DLL to the bin directory of your web application.

Ensure your web.config is updated with the module registration.



Interference with Incoming Requests


Custom modules can modify the behavior of incoming requests by inspecting and altering request headers, redirecting requests, or even generating responses. For example, a module can be designed to:

  • Log request details.
  • Apply custom authentication or authorization logic.
  • Modify response headers.



This can also be seen from the FREB logs

I have created a class library name : RemoveHeadersModule and integrated it with IIS hosted application. When a FREB trace is taken, I am able to see the same request getting kicked in as :


meenakshiBalekar_7-1725021972733.png



This is how the request can be modified as per requirement.



Capabilities of Custom Modules


Custom modules can be used for various purposes:

  • Authentication and Authorization
  • Request and Response Filtering
  • URL Rewriting
  • Custom Logging
  • Load Balancing

Advantages of Using Custom Modules


Custom modules offer several benefits:

  • Flexibility: Tailor request handling to specific needs.
  • Extensibility: Enhance IIS functionality without modifying core server code.
  • Performance: Improve request processing efficiency through specialized logic.

Summary



In conclusion, the flexibility and power of IIS as a web server are significantly enhanced by the use of modules, both native and custom. These modules allow for a highly customizable and efficient way to handle web requests, providing the ability to tailor the server's behavior to meet the specific needs of applications. Custom modules, in particular, offer the opportunity to extend IIS functionality in targeted ways, such as improving authentication processes, filtering requests and responses, and even rewriting URLs.



By leveraging the capabilities of custom modules, administrators and developers can ensure that their web server is optimized for performance, security, and reliability.

Continue reading...
 
Back
Top