Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-7645-9698-8
21222324252627282930
A check is made to see if App_Offline.htm exists in the root of the website. If it does exist,
requests are not served by the website
The internal thread pools used by ASP.NET are set up based upon either the settings in configu-
ration or using an heuristic if auto-configuration of thread settings was selected.
Diagnostic and health related features are initialized. For example, ASP.NET initializes the coun-
ters for tracking the maximum number of queued requests as well as detecting that a response
has deadlocked or hung. Part of this initialization also includes initializing tracing (as config-
ured in
<trace />) as well as starting the Health Monitoring feature (as configured in
<healthMonitoring />).
The compiled type for
global.asax is loaded, and if Application_Start is defined in
global.asax, it is called.
As you can see from this list, much of the work that occurs is internal and focused around initializing the
internal workings of the ASP.NET runtime. However, a few steps are of interest from a security perspec-
tive and are discussed in more detail in the following sections.
Disabling a Website with the HttpRuntime Section
In ASP.NET 2.0, the <httpRuntime /> configuration section has an enable attribute \”. By default it is
set to
true, but you can set the attribute to false as shown here:
<httpRuntime enable=”false” />
Doing so causes ASP.NET to reject all requests made to the ASP.NET application. Instead of running the
requested page (or handler), ASP.NET instead returns a 404 error indicating that the requested resource
is not available. This setting is a pretty handy way to force an ASP.NET site to act as if it is offline while
an administrator uploads new content or is making other modifications to a production web server.
Note that if you change this configuration setting on a live web server, the underlying application
domain will restart because the configuration file changed.
Disabling a Website with App_Offline.htm
This is an alternative technique for indicating that an ASP.NET application is unavailable. If a file called
App_Offline.htm is placed in the root of your website, all requests to the site return the contents of
App_Offline.htm instead of running the requested page. Because it is an HTML file, you can place any
static content you want into the file, and ASP.NET will stream it back to the browser. The one restriction
is that the amount of content cannot exceed one megabyte. Of course, it is pretty unlikely that a devel-
oper would ever want to stuff that much content onto a page indicating that the site is unavailable.
As with the
enable attribute of <httpRuntime />, placing App_Offline.htm into the root of your
website causes the application domain to recycle. Additionally, when you remove the file from the root
of your website, the application domain will recycle a second time. ASP.NET always has a file change
monitor listening for this file so that it knows to recycle the application domain when the file’s presence
changes. The application domain recycling occurs only when the existence of
App_Offline.htm
changes. For example, after the file exists, there is an application domain up and running with the sole
purpose of returning back the contents of the file. The application domain won’t recycle again until the
App_Offline.htm file is removed (or edited).
24
Chapter 1
04_596985 ch01.qxp 12/14/05 7:46 PM Page 24