ASP.NET–What is ISAPI ?/What is CGI?/ Advantage Of ISAPI Over CGI

January 24, 2012 3 comments

Hi Geeks ,

In this article we will see the Advantage of ISAPI (Internet Server Application Provide Interface) over CGI(Common Gateway Interface).

* What is ISAPI?

It is an API developed to provide the application developers with a powerful way to extend the functionality of IIS.

ISAPI consists of two components:

Extensions and Filters:

These are the only two types of applications that can be developed using ISAPI. Both Filters and Extensions must be compiled into DLL files which are then registered with IIS to be run on the web server.

Extensions                                                                                                                              An ISAPI server extension is a DLL that can be loaded and called by an HTTP server. Internet server extensions, also known as Internet server applications (ISAs), are used to enhance the capabilities of an Internet Server API (ISAPI)-compliant server. An ISA is invoked from a browser application and provides similar functionality to a Common Gateway Interface (CGI) application

Advantages of ISAPI Server Extensions

Users can fill out forms and click a submit button to send data to a Web server and invoke your ISA, which can process the information to provide custom content or store it in a database. Web server extensions can use information in a database to build Web pages dynamically, and then send them to the client computers to be displayed. Your application can add other custom functionality and provide data to the client using HTTP and HTML.

Both server extensions and filters run in the process space of the Web server, providing an efficient way to extend the server’s capabilities.


An ISAPI filter is a DLL that runs on an ISAPI-enabled HTTP server to filter data traveling to and from the server. The filter registers for notification of events, such as logging on or URL mapping. When the selected events occur, the filter is called, and you can monitor and change the data (on its way from the server to the client or vice versa). ISAPI filters can be used to provide enhanced logging of HTTP requests (for example, to track who is logging on to your server), custom encryption, custom compression, or additional authentication methods.

Common ISAPI applications

This is a list of common ISAPI applications implemented as ISAPI extensions:

  • Active Server Pages (ASP), installed as standard
  • Asp.Net, installed as standard on IIS 6.0 onwards
  • PHP, available for free to install.
    * What is CGI?

It is a gateway for transferring information between a World Wide Web server and a CGI program.

A CGI program is any program designed to accept and return data that conforms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic or ASP.NET.

CGI programs are the most common way for Web servers to interact dynamically with users. Many HTML pages that contain forms, for example, use a CGI program to process the form’s data once it’s submitted. Another increasingly common way to provide dynamic feedback for Web users is to include scripts or programs that run on the user’s machine rather than the Web server. These programs can be Java applets, Java scripts, or ActiveX controls. These technologies are known collectively as client-side solutions, while the use of CGI is a server-side solution because the processing occurs on the Web server.

* ISAPI over CGI

->The Internet Server Application Programming Interface (ISAPI) model was developed as a faster alternative to the Common Gateway Interface (CGI).

->ISAPI provides a number of advantages over CGI, including lower overhead, faster loading, and better scalability. T

->The chief difference between the CGI and ISAPI programming models is how processing is handled.

With CGI, the system creates a unique process for every request. Each time an HTTP server receives a request, it initiates a new process. Because the operating system must maintain all these processes, CGI requires many of resources. This inherent limitation makes it difficult to develop responsive Internet applications with CGI.

With ISAPI, requests do not require a separate process. Threads are used to isolate and synchronize work items, resulting in a more efficient use of system resources.


Categories: ASP.NET

Authenticate Multiple Applications using Single Forms Authentication in ASP.NET / Form Authentication Across multiple Applications

Hi Geeks,

Today I came across a situation where i needed to authenticate more than 3 applications using single forms Authentication , I had  the structure of my applications on IIS as follows :



As you see in the above Hosting Structure I have one Main Login Application and

I have to authenticate the application 1,2,3 from the MainLogin application which is at root level and rest of the applications are on sub roots.

At start i thought it would be very critical to do this but Microsoft made it so easy that it wont take so much efforts.

First You need to add the following code to Web.Config file the  MainLogin Application

  1. <authentication mode="Forms">
  2.       <forms loginUrl="login.aspx"></forms>
  3.     </authentication>
  5.     <machineKey validationKey="45AC1CA923F4DC8E5AE294064AFD7810FFB178B21D747B32D3A4765BFA27F892318589A59F09B08C704051504D74969F2EDADBD51CE489343C2A3CF834DEA9D6"
  6.                 decryptionKey="917CF306390024BBDBC94817A22506FDB19123D88D159B524345CB4022895BB8" validation="SHA1"
  7.                 decryption="AES" />


-> Important Note : Dont Ignore…

Paste the same code to the Web.Config file of all the applications with same machine key,validation key,deception key otherwise it wont work.

If you are adding other forms authentication parameters like name ,Protection,path,domain,timeout , you should add same parameters with same values in Web.Config file of all applications.

To Configure the Machine key for the application see Configure Machine key

-> So the main Question here is HOW did it WORK????

1) Whenever user sends  request to the server it always checks for the .ASPXAUTH Cookie.

Note : .ASPXAUTH Cookie is the cookie which is generated by the the logon page creates a cookie that contains a forms authentication ticket that is set for the session only if you are using  ASP.NET inbuilt Login Control otherwise you need to generate the ticket using following code

Add Authentication Ticket
  1. if (Membership.ValidateUser(userName.Text, password.Text))
  2. {
  3.     if (Request.QueryString["ReturnUrl"] != null)
  4.     {
  5.         FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
  6.     }
  7.     else
  8.     {
  9.         FormsAuthentication.SetAuthCookie(userName.Text, false);
  10.     }
  11. }
  12. else
  13. {
  14.     Response.Write("Invalid UserID and Password");
  15. }

So whenever user successfully log in using Main Login Application it will generate the .ASPXAUTH Cookie with Forms Authentication Ticket which contains all the credentials for the authentication and this cookie is used by the other applications to start their authenticated session.


Hope This Will Help You Smile

Categories: ASP.NET

WCF # 21 # – WCF Encoder , Types of WCF Encoders , Choose Appropriate encoder

December 23, 2011 Leave a comment

Hi Geeks,

Today We will see WCF Encoder ,their types and how to chose the appropriate encoder according to the situation.

-> First we will see what does Encoding mean in WCF ????

It is the term used to describe the process of converting a WCF message into an array of bytes. This is done so that the message can be sent across a transport protocol.

Note : Encoding is not something that you work with directly. Instead, it is specified by the binding used to expose a service.

For Ex In this example we have used

Text Encoder Binding Example
  1. <bindings>
  3.       <basicHttpBinding>
  4.         <binding name="testBinding"
  5.             messageEncoding="Text">
  7.         </binding>
  8.       </basicHttpBinding>
  9.     </bindings>


-> Types of WCF Encoders

WCF provides five types of encoding formats:



3.Message Transmission Optimization Mechanism(MTOM )

4.JavaScript Object Notation

5.Plain Old XML (POX)

We will go in depth with first three types as those are used the most.

1.Binary Encoding

Binary encoding, the first thing to understand is that it is not a interoperable encoding. If your clients and service are all built with WCF then go ahead and use Binary Encoding.

Binary Encoding is great stuff if you are using Message level security. In message security 90% of the SOAP header is security!

the binary message encoder, uses a compact binary format and is optimized for WCF to WCF communication, and hence is not interoperable. This is also the most performant encoder of all the encoders WCF provides.

2.Text (DataContractSerializer)

The text message encoder, supports both plain XML encoding and SOAP encoding. The plain XML encoding mode of the text message encoder is called "plain old XML" (POX) to distinguish it from text-based SOAP encoding.

Text encoding was acceptable for ASP.NET Web Services because it allowed for interoperability across platforms. WCF abstracts out the encoding mechanism and
allows for bindings that allow for both styles of encoding. This allows WCF to provide functionality that replaces both .NET Remoting and ASP.NET Web Services.

The text encoder converts messages into text-based XML. This is great for interoperability.

3.Message Transmission Optimization Mechanism(MTOM )

The text  encoder converts messages into text-based XML. This is great for interoperability, but it is not efficient at transmitting large chunks of binary data.

MTOM is used to send large amounts of binary data as raw bytes in interoperable scenarios.

As mentioned previously,MTOM refers to Message Transmission Optimization Mechanism.This is standard for optimizing the binary data by sending the binary data

Mtom Encoder Binding Example
  1.     <bindings>
  2.       <basicHttpBinding>
  3.         <binding name="testBinding"
  4.             messageEncoding="Mtom">
  5.         </binding>
  6.       </basicHttpBinding>
  7.     </bindings>

4.JavaScript Object Notation

One of the emerging popular formats for sharing content online is JSON, shorthand for JavaScript Object Notation. Intended to be slightly more efficient than XML, it’s found a home in lots of AJAX powered web applications. Some companies actually require you talk to their APIs in terms of JSON too, so having the ability to parse and emit arbitrary JSON in a strongly typed way is a valuable tool to have. As of .NET 3.5 SP1, we are equipped with the DataContractJsonSerializer.


To know more on the WCF classes and for choosing appropriate encoder belonging to each type please visit WCF Encoders.

Thank You.

Hope this Will help you..


Categories: WCF

ASP.NET # MVC # 20 – Pass/Send Object from Server to JavaScript method on Ajax Form’s onSuccess Event using JSON(JavaScript object notation).

December 22, 2011 Leave a comment

Hi Friends,

Many times we come across the situation where we need to pass the class object from server to the JavaScript function on onSuccess method of Ajax.BeginForm.

OnSuccess gets called only if the request was successful.

In this post we will see how to pass the object from the method on controller to the client side JavaScript method.

-> We have our Ajax Form and JavaScript method as follows:

Code on MVC View
  1. <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
  2.     <script type="text/javascript">
  3.         function funSuccess(context) {
  4.             debugger;
  5.             var html = context.get_data();
  6.             var obj = $.parseJSON(html);
  7.             alert(obj.SuccessMessage);
  8.         }
  9.     </script>
  10.     <%using (Ajax.BeginForm("PostFormMethod", "Search", new AjaxOptions { OnSuccess = "funSuccess" }))
  11.       { %>
  12.     <h1>
  13.         Hello Ajax</h1>
  14.     <input type="submit" id="btnSubmit" />
  15.     <%} %>
  16. </asp:Content>


As you see in the code above we have Ajax.BeginForm  which has PostFormMethod as its Action name and Search as its controller name , and funSuccess is the JavaScript method which is being called on onSuccess event of the form.

-> We have our code on Controller side as follows

Code On Controller
  1. [HttpPost]
  2.         public string PostFormMethod()
  3.         {
  4.             Result obj = new Result();
  5.             obj.SuccessMessage = "Record Saved Successfully!!!";
  6.             System.Web.Script.Serialization.JavaScriptSerializer oSerializer =
  7.              new System.Web.Script.Serialization.JavaScriptSerializer();
  8.             return oSerializer.Serialize(obj);
  10.         }

In the above method we are returning the Serialized class object by using the JavaScriptSerializer which is returning the string in serialize format to the onSuccess method of the form.

-> The JavaScript method funSuccess deserialize the object using  $.parseJson jquery function which will return you the object as you see in the following image.




Hope this will help!!!


Categories: ASP.NET MVC

WCF #20 – Compare WCF and web services /Difference between WCF and web services / WCF vs. Web services

December 21, 2011 1 comment

Hi Geeks,

In this post we will see measure differences between the WCF and web services and will compare them on important aspects.

WCF [Windows Communication Foundation]

WCF provides a common platform for all .NET communication.

It is a programming platform and runtime system for building, configuring and deploying network-distributed services. It is the latest service oriented technology; Interoperability being one of its fundamental characteristics.   It is a combined set of features including Web Services, Remoting, MSMQ and COM+.

The figure below shows the different technologies combined to form WCF.


ASMX Web Services

These are published, described and located over Internet. An ASMX web service is a collection of protocols and standards used for exchanging data between applications or systems with following characteristics:

1. A Web Service is a piece of executable code that is accessible over the Web.

2. A Web Service can communicate using platform-independent and language-neutral Web protocols.

3. A Web Service can share schemas and contracts/interface which in turn can be called from another program.

4. A Web Service can be registered and located through a Web Service Registry.

5. A Web Service supports loosely coupled connections between systems.

Conceptual Differences

The conceptual difference between WCF and ASMX Services can be highlighted under following points

1. Protocols Support

  • WCF
    • HTTP
    • TCP
    • Named pipes
    • MSMQ
    • Custom
    • UDP
  • ASMX

             Http Only


  • ASMX
    • Can be hosted only with HttpRuntime on IIS.
  • WCF
    • A WCF component can be hosted in any kind of environment in .NET 3.0, such as a console application, Windows application, or IIS.
    • WCF services are known as ‘services’ as opposed to web services because one can host services outside of a web (HTTP) server.
    • Self-hosting the services gives one the flexibility to use transports other than HTTP

Advantages of WCF over ASMX Services

1. Better Interoperability

WCF is interoperable with other services when compared to .Net Remoting,where the client and service have to be .Net.

2. End-to-End Reliability and Security:

WCF services provide better reliability and security in comparison to ASMX web services.

3. Configuration based security and binding:

In WCF, there is no need to make changes in code for implementing the security model or changing the binding. Small configuration changes are all that is needed.

4. Integrated Logging:

WCF has an integrated logging mechanism, changing the configuration file settings provides logging functionality. In ASMX (and other technologies), one has to write logging specific code.

5. Multiple Protocols:

WCF works across multiple protocols including http, tcp, MSMQ etc where as ASMX services can only use http.

6. Transactional Capability:

WCF can create and maintain transactions like com+ .

7. Hosting Options:

WCF services can be hosted on IIS, Self hosting, Windows Services(Windows Application Service) and even console apps, WinForms apps etc.

8. Better Interoperability through Data Contracts

The development of web service with relies on defining data and relies on the XMLSerializer to transform data to or from a service.  WCF Uses DataContractAttribute and DataMember attributes to Translate .net types to XML.
DataContract attributes can be used for classes and structures-DataMember Attribute to Field or Property
The differences between DataContractSerailizer and XML Serializer include: 
DCS has better performance over XML Serialization
– XML Serialization doesn’t indicate which field or property of the type is serialized, DCS Explicitly shows which field or property is serialized
– DCS can serialize classes implementing IDictionary interface(Hash Table)

9. Exception Handling

In ASP.NET Web services, Unhandled exceptions are returned to the client as SOAP faults. In WCF Services, unhandled exceptions are not returned to clients as SOAP faults. A configuration setting is provided to have the unhandled exceptions returned to clients for the purpose of debugging.


Limitations of ASMX:

An ASMX page doesn’t tell you how to deliver it over the transports or to use a specific type of security.  WCF lets you choose that easily via configuration parameters.

ASMX is tightly coupled to the HTTP runtime and has a strong dependence on IIS to host it. WCF can be hosted by any Windows process that is able to host the .NET Framework 3.0.

ASMX services are instantiated on a per-call basis, while WCF gives one the flexibility by providing various instantiating options such as singleton, private session, per call.

ASMX provides the way for interoperability but it does not provide guaranteed end-to-end security or reliable communication.  WCF provides both end-to-end reliability as well as security.

Summary :



Thank You.


Categories: WCF

Internet Information Services (IIS) 7 Application Pools / Types of Application Pools/Difference between Integrated and Classic Application Pool.

December 6, 2011 3 comments

Hi Geeks,

Today , I got a chance to host a ASP.NET application on IIS , and i learnt the advantage of Application pool of IIS in deep.

In this article we will see how application pool works and their types :

Application Pool

The application Pools element contains configuration settings for all application pools running on your Internet Information Services (IIS) 7 server. An application pool defines a group of one or more worker processes, configured with common settings that serve requests to one or more applications that are assigned to that application pool. Because application pools allow a set of Web applications to share one or more similarly configured worker processes, they provide a convenient way to isolate a set of Web applications from other Web applications on the server computer. Process boundaries separate each worker process; therefore, application problems in one application pool do not affect Web sites or applications in other application pools. Application pools significantly increase both the reliability and manageability of your Web infrastructure.

You can choose to use the default application pool provided by IIS on install, or you can create your own application pool. You can run as many application pools on your IIS 7 server as you need, though this can affect server performance. Application pools can contain one or more worker processes. Each worker process represents work being done for a Web site, Web application, or Web service. You can create a Web garden by enabling multiple worker processes to run in a single application pool.

In IIS 7, each application pool uses one of two .NET integration modes for running ASP.NET applications: Integrated or Classic. The .NET integration mode defined for the application pool determines how IIS processes an incoming request to the sites, applications and Web services that run in that application pool.

Types of Application Pools

There are two types of application pools

1) Integrated  (default)

2) Classic


Integrated mode allows IIS to process requests in the application pool by using the IIS 7 integrated pipeline. This allows ASP.NET modules to participate in IIS request processing regardless of the type of resource requested. Using integrated mode makes available features of the ASP.NET 2.0 request pipeline available to requests for static content, as well as ASP, PHP and other content types. By default, IIS 7 application pools run in this mode.

Classic mode uses the IIS 6.0 processing pipeline for hosting ASP.NET applications. In this mode, requests are processed initially through IIS 7 modules, and ASP.NET requests are further processed by the aspnet_isapi.dll. The ASP.NET processing pipeline is separate from the IIS 7 processing pipeline, and the ASP.NET request processing pipeline features are not available to other resource types. This also means that an ASP.NET request must pass through authentication and authorization modules in both process models. While this is not as efficient as Integrated mode, it does allow you to run applications developed using ASP.NET version 1.1 on an IIS 7 server without modifying the application to run in Integrated mode.


Categories: ASP.NET

ASP.NET – Create controls dynamically in using JavaScript and JavaScriptSerializer. [Part II]

November 29, 2011 3 comments

Hi Geeks,

In our last post Create Controls dynamically in ASP.NET using Hidden Field .In this article we will see how to create controls dynamically using JavaScript and JavaScriptSerializer.


We have our HTML view as follows

<form id="form1" runat="server">
    <input id="btnAdd" type="button" value="add" onclick="AddTextBox()" />
    <br />
    <br />
    <div id="TextBoxContainer">
        <!--Textboxes will be added here -->
    <br />
    <asp:Button ID="btnPost" runat="server" Text="Post" OnClick="Post" />
which looks on browser as follows

-> Now on add button click we have to add the text boxes dynamically and on post we have to preserve the text boxes and their values.

-> We use JavaScript and JavaScriptSerializer to do this.

We have our JavaScript Code as follows

 <script type="text/javascript">

GetDynamicTextBox(value)  {           

 return ‘<input name = "DynamicTextBox" type="text" value = "’ + value + ‘" />’ +     ‘<input type="button" value="Remove" onclick = "RemoveTextBox (this)" />’ 

        function AddTextBox() {

            var div = document.createElement(‘DIV’);

            div.innerHTML = GetDynamicTextBox("");



        function RemoveTextBox(div) {



        function RecreateDynamicTextboxes() {

            var values = eval(<%=Values%>);

            if (values != null) {

                var html = "";

                for (var i = 0; i < values.length; i++) {

                    html += "<div>" + GetDynamicTextBox(values[i]) + "</div>";


                document.getElementById("TextBoxContainer").innerHTML = html;



        window.onload = RecreateDynamicTextboxes;


-> As you see in above code we use AddTextBox method to create the text box on Add button click.

-> As well as we have called method  RecreateDynamicTextboxes on window load event because dynamic controls disappears on post as we saw in last post.

-> The RemoveTextbox method called on remove button on click event to remove the buttons

on clicking add button we will have out put as follows


Problem of Dynamic Controls on Page Post Backs :

-> Retrieving/Preserving the textbox values at server side on Page Post

Its very easy to create the dynamic controls but it is not that much easy to take their values at server side on post.                                                                                                                


As we are creating the control dynamically they disappears when page post backs so we also need to take care of this condition and we need to re create the controls when page post backs

-> Solution:

We use JavaScriptSerializer to save the textbox values.

Code on the Server side on Page_Load event is as follows

protected string Values;

protected void Page_Load(object sender, EventArgs e)


      string[] textboxValues = Request.Form.GetValues("DynamicTextBox");

      JavaScriptSerializer serializer = new JavaScriptSerializer();

      this.Values = serializer.Serialize(textboxValues);


Categories: ASP.NET