Migration Solutions for ColdFusion Applications to ASP.NET
       solutions   products   partners   company   support   downloads         store
Vince Bonfanti's Weblog

Vince Bonfanti is President and co-founder of New Atlanta Communications, LLC. Founded in 1997, New Atlanta creates server-based software products built using Java/J2EE and Microsoft .NET Framework technologies. New Atlanta's current products include ServletExec, a Java Servlet and Java Server Pages (JSP) engine for Microsoft IIS and Apache web servers; JTurbo, a J2EE-certified Type 4 (pure Java) JDBC driver for Microsoft SQL Server; and, BlueDragon, a ColdFusion-compatible web application server that allows native deployment and integration of CFML applications onto ASP.NET and J2EE servers.
Vince is also the original creator of Lasso, a CGI-based scripting language and runtime for web publishing of FileMaker Pro databases. In 1997, Lasso technology was sold to FileMaker, Inc., a wholly-owned subsidiary of Apple Computer, Inc., to become the FileMaker Pro 4.0 Web Companion.

IIS 7.0 Integrated Pipeline and BlueDragon/CFML

Posted At : Monday, June 18, 2007 5:52 PM | Posted By : Vince Bonfanti
Related Categories: BlueDragon.NET, CFUNITED, CFML

The one feature I'm most excited about in Windows Vista and Windows Server 2008 ("Longhorn") is IIS 7.0, the next generation of Microsoft's IIS web server. Starting with this blog entry, I'm going to highlight some of the new features of IIS 7.0 and what they mean for BlueDragon/CFML programmers. To get a good overview of IIS 7.0, you should start by reading the article by Mike Volodarsky in the March 2007 issue of MSDN magazine, entitled, "IIS 7.0: Explore the Web Server for Windows Vista And Beyond." There's also an entire web site devoted to IIS, including extensive information about IIS 7.0, that's well worth checking out.

The first new IIS 7.0 feature I want to focus on in this blog entry is the ASP.NET Integrated Request Pipeline. As a CFML programmer, you're already familiar with the concept of a "request pipeline" as implemented by the onRequestStart, onRequest, and onRequestEnd event handlers within Application.cfc. Both IIS and ASP.NET implement similar mechanisms for programmers to access their request pipelines; however, prior to IIS 7.0, the IIS and ASP.NET request pipelines are separate and independent of each other. Further, the Application.cfc events are independent of both of these; the Application.cfc event handlers are only invoked for requests for CFML pages and CFCs.

In IIS 7.0, the IIS and ASP.NET request pipelines have been integrated into a single unified runtime. This means that it's now possible for ASP.NET programmers to hook into the full IIS 7.0 request pipeline for all requests: static file, images, and any dynamic content (classic ASP, PHP, etc.) in addition to ASP.NET requests. Here's where it gets exciting for BlueDragon/CFML programmers: because BlueDragon.NET is tightly integrated with ASP.NET, we're able to expose the IIS 7.0 integrated pipeline via existing and new Application.cfc event handlers.

With IIS 7.0 and BlueDragon.NET, you'll be able to configure your Application.cfc event handlers to be invoked for any or all requests handled by IIS: static files, images, ASP.NET pages, and any other dynamic content (classic ASP, PHP, etc.). Here's a simplified example that hints as what will be possible. The following onRequestStart event handler is configured to handle all incoming requests for IIS and does two things: (1) it prevents external sites from linking to GIF or JPEG images on this site, returning a "404 Not Found" response instead; and, (2) it prevents external sites from linking anywhere except to the home page ("index.cfm") for this site. 

   <cffunction name="onRequestStart" returnType="boolean" output="false">
      <cfargument name="thePage" type="string" required="true">
		
      <cfif findNoCase( cgi.SERVER_NAME, cgi.HTTP_REFERER ) gt 0>
         <!--- referrer is this server --->
         <cfreturn true>
      </cfif>
		
      <!--- referrer is not this server, don't allow image "leeching"
            or "deep" links --->
		
      <cfset var fileExt = right( arguments.thePage, 3 )>
		
      <cfif ( fileExt eq "gif" ) or ( fileExt eq "jpg" )>
         <!--- don't allow image "leeching" --->	
         <cfheader statuscode="404" statustext="Not Found">
         <cfreturn false>
      </cfif>
		
      <cfif ( arguments.thePage neq "/index.cfm" ) and
               ( arguments.thePage neq "/sorry.htm" )>
         <!--- don't allow "deep" links --->
         <cflocation url="/sorry.htm">
         <cfreturn false>
      </cfif>
		
      <cfreturn true>
   </cffunction>

I'll demonstrate the above Application.cfc and discuss it in detail during my keynote at CFUNITED-07.

In addition to allowing the existing Application.cfc onRequestStart and onRequestEnd event handlers to be invoked for any request handled by IIS, we're adding the following new Application.cfc event handlers to BlueDragon.NET:

  • onRequestAuthenticate
  • onRequestAuthorize
  • onRequestLog
The events map directly to the AuthenticateRequest, AuthorizeRequest, and LogRequest events in the IIS 7.0 integrated pipeline (they are the same events!), and will be invoked for every request processed by IIS. You can imagine being able to use CFLOGIN to implement an authentication scheme that works for all content on your site, not just CFML pages, or being able to implement custom logging for all types of pages.

Our overriding vision is to make CFML a first-class programming language on .NET and Windows--you should be able to do anything in CFML that a C# or Visual Basic programmer can do. Giving CFML programmers access to the IIS 7.0 integrated pipeline is only the first step--I'll talk more about our vision and plans in future blog entries and at CFUNITED-07.

Comments (2) | Print | Send | 2156 Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Vince,

This sounds like a really awesome feature. I know in the past we've really struggled with the best method for securing Crystal Report pages that were generated and used with ASP through another piece of software. The ability to secure the entire set of files beyond just .cfml pages is awesome! Are there plans to expose these kinds of features in some way to the J2EE/JX/Server CF models, or is it only realistic to have them a part of the .Net edition due to the tight integration with Windows on that version?

Thanks,
Nick
# Posted By Nick | 6/19/2007 9:12 AM
Hi Nick,

The integrated pipeline feature will only be available with IIS 7.0 and BlueDragon.NET; it won't be available with the Java/J2EE editions.

Vince
# Posted By vinceb | 6/19/2007 1:12 PM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9.2.001. Contact Blog Owner

company media information terms of use privacy policy contact us
This page was dynamically built on the BlueDragon CFML Engine