Chapter 2. How the Web Works

Over the years, the Web has grown from its origin as simple textual HTML with links to include images, sounds, JavaScript, Java Applets, style sheets, Shockwave, Flash, Silverlight, and all sorts of other types of content and browser capabilities. However, underneath it all, the method for requesting and receiving resources has remained the same: Hypertext Transfer Protocol (HTTP).

When Microsoft released ASP.NET, it enabled the quick production of Web applications by abstracting and hiding from developers the basic nature and limitations of both HTML and HTTP. While this abstraction has obvious productivity bonuses, understanding both the architecture of the Web and of ASP.NET is essential in understanding how your Web application can be attacked, and how you can defend it.

This chapter introduces you to HTTP and the ASP.NET abstractions by examining the following:

  • How HTTP works

  • How HTTP form submissions work

  • How ASP.NET implements postbacks

  • How the ASP.NET processing pipeline works

  • How you can use HTTP Modules


HTTP is a request/response standard protocol between a client and a server. The client is typically a Web browser, a spidering robot (such as search engines use to crawl the Web), or other piece of software. The server is a program that understands HTTP, listens for requests from a client (also known as a User Agent), and responds appropriately.

An HTTP client initiates a connection to the server over a communications mechanism known as ...

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.