When Microsoft released ASP.NET, it enabled the quick production of Web applications by abstracting and hiding from developers the basic nature and limitations of both HTML and HTTP. While this abstraction has obvious productivity bonuses, understanding both the architecture of the Web and of ASP.NET is essential in understanding how your Web application can be attacked, and how you can defend it.
This chapter introduces you to HTTP and the ASP.NET abstractions by examining the following:
How HTTP works
How HTTP form submissions work
How ASP.NET implements postbacks
How the ASP.NET processing pipeline works
How you can use HTTP Modules
HTTP is a request/response standard protocol between a client and a server. The client is typically a Web browser, a spidering robot (such as search engines use to crawl the Web), or other piece of software. The server is a program that understands HTTP, listens for requests from a client (also known as a User Agent), and responds appropriately.
An HTTP client initiates a connection to the server over a communications mechanism known as ...