| blob | 8ea7235908757a02beab4276ab26498cdbc6abb9 |
1 //------------------------------------------------------------------------------
2 // <copyright file="HttpRuntime.cs" company="Microsoft">
3 // Copyright (c) Microsoft Corporation. All rights reserved.
4 // </copyright>
5 //------------------------------------------------------------------------------
7 /*
8 * The ASP.NET runtime services
9 *
10 * Copyright (c) 1998 Microsoft Corporation
11 */
47 /// <devdoc>
48 /// <para>Provides a set of ASP.NET runtime services.</para>
49 /// </devdoc>
58 //
59 // Names of special ASP.NET directories
60 //
73 private static string DoubleDirectorySeparatorString = new string(Path.DirectorySeparatorChar, 2);
78 #if OLD
79 // For s_forbiddenDirs and s_forbiddenDirsConstant, see
80 // ndll.h, and RestrictIISFolders in regiis.cxx
83 BinDirectoryName,
84 CodeDirectoryName,
85 DataDirectoryName,
86 ResourcesDirectoryName,
87 WebRefDirectoryName,
88 };
96 };
97 #endif
109 }
113 }
115 //
116 // static initialization to get hooked up to the unmanaged code
117 // get installation directory, etc.
118 //
124 // Force the static initialization of this class.
129 // already initialized
131 }
137 // load webengine.dll if it is not loaded already
145 }
147 // Load webengine.dll if not loaded already
155 }
156 }
163 }
164 }
178 }
180 //
181 // Runtime services
182 //
198 //
199 // Counters
200 //
219 //
220 // Header Newlines
221 //
224 //
225 // Callbacks
226 //
233 //
234 // Initialization error (to be reported on subsequent requests)
235 //
242 //
243 // App domain related
244 //
253 //
254 // Debugging support
255 //
259 //
260 // App_Offline.htm support
261 //
267 //
268 // Client script support
269 //
276 //
277 // IIS version and whether we're using the integrated pipeline
278 //
282 //
283 // Prefetch
284 //
287 /////////////////////////////////////////////////////////////////////////
288 // 3 steps of initialization:
289 // Init() is called from HttpRuntime cctor
290 // HostingInit() is called by the Hosting Environment
291 // FirstRequestInit() is called on first HTTP request
292 //
294 /*
295 * Context-less initialization (on app domain creation)
296 */
299 #if !FEATURE_PAL
303 // ROTORTODO
304 // Do nothing: FEATURE_PAL environment will always support ASP.NET hosting
311 _requestNotificationCompletionCallback = new AsyncCallback(this.OnRequestNotificationCompletion);
317 // appdomain values
324 _appDomainAppVPath = VirtualPath.CreateNonRelativeTrailingSlash(GetAppDomainString(".appVPath"));
329 // init perf counters for this appdomain
331 }
334 }
336 // _appDomainAppPath should be set before file change notifications are initialized
337 // DevDiv 248126: Check httpRuntime fcnMode first before we use the registry key
339 }
341 // remember static initalization error
343 }
344 }
348 // Set the DataDirectory (see VSWhidbey 226834) with permission (DevDiv 29614)
352 }
356 if (timer != null && Interlocked.CompareExchange(ref _appDomainShutdownTimer, null, timer) == timer) {
358 }
359 }
365 }
367 }
369 /*
370 * Restart the AppDomain in 10 seconds
371 */
381 }
382 }
383 }
384 }
387 /*
388 * Initialization from HostingEnvironment of HTTP independent features
389 */
390 private void HostingInit(HostingEnvironmentFlags hostingFlags, PolicyLevel policyLevel, Exception appDomainCreationException) {
393 // To ignore FCN during initialization
398 // Throw an exception about lack of access to app directory early on
401 // Monitor renames to directories we are watching, and notifications on the bin directory
402 //
403 // Note that this must be the first monitoring that we do of the application directory.
404 // There is a bug in Windows 2000 Server where notifications on UNC shares do not
405 // happen correctly if:
406 // 1. the directory is monitored for regular notifications
407 // 2. the directory is then monitored for directory renames
408 // 3. the directory is monitored again for regular notifications
411 // Initialize ObjectCacheHost before config is read, since config relies on the cache
414 }
416 //
417 // Get the configuration needed to minimally initialize
418 // the components required for a complete configuration system,
419 // especially SetTrustLevel.
420 //
421 // We want to do this before calling SetUpCodegenDirectory(),
422 // to remove the risk of the config system loading
423 // codegen assemblies in full trust (VSWhidbey 460506)
424 //
425 CacheSection cacheSection;
426 TrustSection trustSection;
427 SecurityPolicySection securityPolicySection;
428 CompilationSection compilationSection;
429 HostingEnvironmentSection hostingEnvironmentSection;
430 Exception configInitException;
440 // Once the configuration system is initialized, we can read
441 // the cache configuration settings.
442 //
443 // Note that we must do this after we start monitoring directory renames,
444 // as reading config will cause file monitoring on the application directory
445 // to occur.
447 // Set up the codegen directory for the app. This needs to be done before we process
448 // the policy file, because it needs to replace the $CodeGen$ token.
455 }
456 }
458 // NOTE: after calling SetUpCodegenDirectory(), and until we call SetTrustLevel(), we are at
459 // risk of codegen assemblies being loaded in full trust. No code that might cause
460 // assembly loading should be added here! This is only valid if the legacyCasModel is set
461 // to true in <trust> section.
463 // Throw the original configuration exception from ApplicationManager if configuration is broken.
466 }
470 }
476 // Set code access policy on the app domain
478 }
480 // throw the original config exception if it exists
484 }
485 }
488 }
491 // Set code access policy properties of the runtime object
493 }
495 // Configure fusion to use directories set in the app config
498 // set the sliding expiration for URL metadata
501 // Complete initialization of configuration.
502 // Note that this needs to be called after SetTrustLevel,
503 // as it indicates that we have the permission set needed
504 // to correctly run configuration section handlers.
505 // As little config should be read before CompleteInit() as possible.
506 // No section that runs before CompleteInit() should demand permissions,
507 // as the permissions set has not yet determined until SetTrustLevel()
508 // is called.
511 //
512 // If an exception occurred loading configuration,
513 // we are now ready to handle exception processing
514 // with the correct trust level set.
515 //
518 }
524 // Initialize the build manager
527 if(compilationSection != null && compilationSection.ProfileGuidedOptimizations == ProfileGuidedOptimizationsFlags.All) {
530 }
532 // Determine apartment threading setting
535 // Init debugging
540 // Init AppDomain Resource Perf Counters
545 }
554 }
555 }
556 }
561 }
563 // The exception is "cached" for 10 seconds, then the AppDomain is restarted.
566 // In v2.0, we shutdown immediately if hostingInitFailed...so we don't need the timer
569 }
570 }
571 }
576 }
577 }
579 internal static void InitializeHostingFeatures(HostingEnvironmentFlags hostingFlags, PolicyLevel policyLevel, Exception appDomainCreationException) {
581 }
586 }
587 }
592 }
593 }
598 }
599 }
604 }
605 }
610 }
611 }
613 /*
614 * Initialization on first request (context available)
615 */
620 #if DBG
622 #endif
625 // Is this necessary? See InitHttpConfiguration
630 // Ensure config system is initialized
633 // Check if applicaton is enabled
636 // Check access to temp compilation directory (under hosting identity)
639 // Initialize health monitoring
642 // Init request queue (after reading config)
645 // configure the profiler according to config
648 // Start heatbeat for Web Event Health Monitoring
651 // Remove read and browse access of the bin directory
654 // Preload all assemblies from bin (only if required). ASURT 114486
657 // Decide whether or not to encode headers. VsWhidbey 257154
660 // Force the current encoder + validator to load so that there's a deterministic
661 // place (here) for an exception to occur if there's a load error
666 // Make sure that the <processModel> section has no errors
668 }
669 }
673 }
674 }
675 }
678 }
680 // remember second-phase initialization error
682 }
684 #if DBG
686 #endif
687 }
688 }
691 // throw cached exception. We need to wrap it in a new exception, otherwise
692 // we lose the original stack.
694 }
697 // throw new exception
699 }
702 }
707 }
717 }
718 }
719 }
720 }
724 //
726 // Possible Unicode when not supported
728 }
731 }
732 }
733 }
736 _fcm.StartMonitoringDirectoryRenamesAndBinDirectory(AppDomainAppPathInternal, new FileChangeEventHandler(this.OnCriticalDirectoryChange));
737 }
739 //
740 // Monitor a local resources subdirectory and unload appdomain when it changes
741 //
746 }
748 //
749 // Get the configuration needed to minimally initialize
750 // the components required for a complete configuration system,
751 //
752 // Note that if the application configuration file has an error,
753 // AppLKGConfig will still retreive any valid configuration from
754 // that file, or from location directives that apply to the
755 // application path. This implies that an administrator can
756 // lock down an application's trust level in root web.config,
757 // and it will still take effect if the application's web.config
758 // has errors.
759 //
775 // AppLKGConfig is guaranteed to not throw an exception.
778 // AppConfig may throw an exception.
782 }
785 }
787 // Cache section
791 }
795 }
796 }
797 }
801 }
803 // Trust section
807 }
811 }
812 }
813 }
817 }
819 // SecurityPolicy section
823 }
827 }
828 }
829 }
833 }
835 // Compilation section
839 }
843 }
844 }
845 }
849 }
851 // HostingEnvironment section
855 }
859 }
860 }
861 }
865 }
866 }
868 // Set up the codegen directory for the app
869 [SuppressMessage("Microsoft.Security", "CA2122:DoNotIndirectlyExposeMethodsWithLinkDemands", Justification = "This call site is trusted.")]
875 // devdiv 1038337. Passing the corresponding IsDevelopmentEnvironment flag to ConstructSimpleAppName
881 // These variables are used for error handling
891 }
897 // Make sure the path is not relative (VSWhidbey 260075)
899 }
902 // Canonicalize it to avoid problems with spaces (VSWhidbey 229873)
904 }
907 }
908 }
914 }
915 #if FEATURE_PAL
921 // Get the required length
927 // now, allocate the string
930 // call again to get the value
934 }
939 }
942 }
944 // Always try to create the ASP.Net temp directory for FEATURE_PAL
947 // Create the config-specified directory if needed
950 }
954 e,
956 }
957 #if !FEATURE_PAL
958 }
961 }
964 // If we don't have write access to the codegen dir, use the TEMP dir instead.
965 // This will allow non-admin users to work in hosting scenarios (e.g. Venus, aspnet_compiler)
968 // Don't do this if we are not in a CBM scenario and we're in a service (!UserInteractive),
969 // as TEMP could point to unwanted places.
974 {
977 }
982 }
990 #pragma warning restore 0618
994 // Create the codegen directory if needed
996 }
1002 // If there is a double backslash in the string, get rid of it (ASURT 122191)
1003 // Make sure to skip the first char, to avoid breaking the UNC case
1005 if (appDomainAppPath.IndexOf(DoubleDirectorySeparatorString, 1, StringComparison.Ordinal) >= 1) {
1006 appDomainAppPath = appDomainAppPath[0] + appDomainAppPath.Substring(1).Replace(DoubleDirectorySeparatorString,
1007 DirectorySeparatorString);
1008 }
1011 // Allow assemblies from 'bin' to be loaded
1013 #pragma warning restore 0618
1015 // If shadow copying was disabled via config, turn it off (DevDiv 30864)
1019 #pragma warning restore 0618
1020 }
1022 // enable shadow-copying from bin
1025 #pragma warning restore 0618
1026 }
1028 // Get rid of the last part of the directory (the app name), since it will
1029 // be re-appended.
1033 #pragma warning restore 0618
1036 }
1049 }
1052 // Configuration section handlers cannot validate values based on values
1053 // in other configuration sections, so we validate minFreeThreads and
1054 // minLocalRequestFreeThreads here.
1055 int maxThreads = (processConfig.MaxWorkerThreadsTimesCpuCount < processConfig.MaxIoThreadsTimesCpuCount) ? processConfig.MaxWorkerThreadsTimesCpuCount : processConfig.MaxIoThreadsTimesCpuCount;
1056 // validate minFreeThreads
1060 throw new ConfigurationErrorsException(SR.GetString(SR.Thread_pool_limit_must_be_greater_than_minFreeThreads, runtimeConfig.MinFreeThreads.ToString(CultureInfo.InvariantCulture)),
1063 }
1065 throw new ConfigurationErrorsException(SR.GetString(SR.Thread_pool_limit_must_be_greater_than_minFreeThreads, runtimeConfig.MinFreeThreads.ToString(CultureInfo.InvariantCulture)),
1068 }
1069 }
1071 throw new ConfigurationErrorsException(SR.GetString(SR.Min_free_threads_must_be_under_thread_pool_limits, maxThreads.ToString(CultureInfo.InvariantCulture)),
1074 }
1075 }
1076 // validate minLocalRequestFreeThreads
1078 if (runtimeConfig.ElementInformation.Properties["minLocalRequestFreeThreads"].LineNumber == 0) {
1079 throw new ConfigurationErrorsException(SR.GetString(SR.Local_free_threads_cannot_exceed_free_threads),
1082 }
1084 throw new ConfigurationErrorsException(SR.GetString(SR.Local_free_threads_cannot_exceed_free_threads),
1087 }
1088 }
1095 }
1096 }
1103 }
1106 }
1107 }
1123 // the first request's context is created before InitTrace, so
1124 // we need to set this manually. (ASURT 93730)
1127 }
1132 }
1134 /*
1135 * Pre-load all the bin assemblies if we're impersonated. This way, if user code
1136 * calls Assembly.Load while impersonated, the assembly will already be loaded, and
1137 * we won't fail due to lack of permissions on the codegen dir (see ASURT 114486)
1138 */
1144 // if not on UNC share check if config has impersonation enabled (without userName)
1148 }
1153 // Get the path to the bin directory
1162 }
1168 // Pre-load all the assemblies, ignoring all exceptions
1170 try { Assembly.Load(System.Web.UI.Util.GetAssemblyNameFromFileName(fi.Name)); }
1172 // If Load failed, try LoadFrom (VSWhidbey 493725)
1173 try { Assembly.LoadFrom(fi.FullName); }
1174 catch { }
1175 }
1176 catch { }
1177 }
1179 // Recurse on the subdirectories
1183 }
1184 }
1187 // check if the current limits are ok
1191 // only set if different
1192 if (pmConfig.DefaultMaxWorkerThreadsForAutoConfig != workerMax || pmConfig.DefaultMaxIoThreadsForAutoConfig != ioMax) {
1193 Debug.Trace("ThreadPool", "SetThreadLimit: from " + workerMax + "," + ioMax + " to " + pmConfig.DefaultMaxWorkerThreadsForAutoConfig + "," + pmConfig.DefaultMaxIoThreadsForAutoConfig);
1194 UnsafeNativeMethods.SetClrThreadPoolLimits(pmConfig.DefaultMaxWorkerThreadsForAutoConfig, pmConfig.DefaultMaxIoThreadsForAutoConfig, true);
1195 }
1197 // this is the code equivalent of setting maxconnection
1198 // Dev11 141729: Make autoConfig scale by default
1199 // Dev11 144842: PERF: Consider removing Max connection limit or changing the default value
1202 // we call InitRequestQueue later, from FirstRequestInit, and set minFreeThreads and minLocalRequestFreeThreads
1203 }
1210 // use recommendation in http://support.microsoft.com/?id=821268
1212 }
1213 else if (pmConfig.MaxWorkerThreadsTimesCpuCount > 0 && pmConfig.MaxIoThreadsTimesCpuCount > 0) {
1214 // check if the current limits are ok
1218 // only set if different
1219 if (pmConfig.MaxWorkerThreadsTimesCpuCount != workerMax || pmConfig.MaxIoThreadsTimesCpuCount != ioMax) {
1220 Debug.Trace("ThreadPool", "SetThreadLimit: from " + workerMax + "," + ioMax + " to " + pmConfig.MaxWorkerThreadsTimesCpuCount + "," + pmConfig.MaxIoThreadsTimesCpuCount);
1221 UnsafeNativeMethods.SetClrThreadPoolLimits(pmConfig.MaxWorkerThreadsTimesCpuCount, pmConfig.MaxIoThreadsTimesCpuCount, false);
1222 }
1223 }
1229 int newMinWorkerThreads = pmConfig.MinWorkerThreadsTimesCpuCount > 0 ? pmConfig.MinWorkerThreadsTimesCpuCount : currentMinWorkerThreads;
1230 int newMinIoThreads = pmConfig.MinIoThreadsTimesCpuCount > 0 ? pmConfig.MinIoThreadsTimesCpuCount : currentMinIoThreads;
1235 }
1236 }
1238 }
1239 }
1242 // process App_Offline.htm file
1246 // monitor even if doesn't exist
1247 _theRuntime._fcm.StartMonitoringFile(appOfflineFile, new FileChangeEventHandler(_theRuntime.OnAppOfflineFileChange));
1249 // read the file into memory
1254 using (FileStream fs = new FileStream(appOfflineFile, FileMode.Open, FileAccess.Read, FileShare.Read)) {
1262 // remember the message
1265 }
1266 }
1268 // empty file
1271 }
1272 }
1273 }
1274 }
1275 }
1277 // ignore any IO errors reading the file
1278 }
1280 // throw if there is a valid App_Offline file
1283 }
1285 // process the config setting
1288 // throw 404 on first request init -- this will get cached until config changes
1290 }
1291 }
1295 // The original check (in HostingInit) was done under process identity
1296 // this time we do it under hosting identity
1302 }
1303 }
1304 }
1305 }
1315 }
1323 // whenever possible report errors in the user's culture (from machine.config)
1324 // Note: this thread's culture is saved/restored during FirstRequestInit, so this is safe
1325 // see ASURT 81655
1331 SetCurrentThreadCultureWithAssert(HttpServerUtility.CreateReadOnlyCultureInfo(globConfig.Culture));
1335 Thread.CurrentThread.CurrentUICulture = HttpServerUtility.CreateReadOnlyCultureInfo(globConfig.UICulture);
1336 }
1338 // check for errors in <processModel> section
1341 // check for errors in <hostingEnvironment> section
1343 }
1344 }
1349 }
1358 // Gernerate random keys
1361 // If getting stored keys via WorkerRequest object failed, get it directly
1363 fGetStoredKeys = (UnsafeNativeMethods.EcbCallISAPI(IntPtr.Zero, UnsafeNativeMethods.CallISAPIFunc.GetAutogenKeys,
1366 // If we managed to get stored keys, copy them in; else use random keys
1369 else
1372 }
1377 }
1382 }
1391 // High word is the major version; low word is the minor version (this is MAKELONG format)
1394 }
1395 }
1396 }
1398 // Gets the version of IIS (7.0, 7.5, 8.0, etc.) that is hosting this application, or null if this application isn't IIS-hosted.
1399 // Should also return the correct version for IIS Express.
1403 }
1404 }
1406 // DevDivBugs 190952: public method for querying runtime pipeline mode
1410 }
1411 }
1416 }
1417 }
1422 }
1423 }
1425 /*
1426 * Process one step of the integrated pipeline
1427 *
1428 */
1430 internal static RequestNotificationStatus ProcessRequestNotification(IIS7WorkerRequest wr, HttpContext context)
1431 {
1433 }
1435 private RequestNotificationStatus ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) {
1442 // setup the HttpContext for this event/module combo
1443 UnsafeIISMethods.MgdGetCurrentNotificationInfo(wr.RequestContext, out currentModuleIndex, out isPostNotification, out currentNotification);
1448 #if DBG
1449 Debug.Trace("PipelineRuntime", "HttpRuntime::ProcessRequestNotificationPrivate: notification=" + context.CurrentNotification.ToString()
1452 #endif
1456 #if DBG
1460 #endif
1461 // First request initialization
1464 }
1466 // If we are handling a DEBUG request, ignore the FirstRequestInit exception.
1467 // This allows the HttpDebugHandler to execute, and lets the debugger attach to
1468 // the process (VSWhidbey 358135)
1471 }
1472 }
1479 if (EtwTrace.IsTraceEnabled(EtwTraceLevel.Verbose, EtwTraceFlags.Infrastructure)) EtwTrace.Trace(EtwTraceType.ETW_TYPE_START_HANDLER, context.WorkerRequest, handler.GetType().FullName, "Start");
1483 // associate the context with an application instance
1485 }
1486 }
1488 // this may throw, and should be called after app initialization
1492 // process request
1493 IAsyncResult ar = context.ApplicationInstance.BeginProcessRequestNotification(context, _requestNotificationCompletionCallback);
1497 }
1498 }
1500 // HttpDebugHandler is processed here
1503 }
1506 }
1507 }
1511 // errors are handled in HttpRuntime::FinishRequestNotification
1513 }
1516 // we completed synchronously
1518 }
1520 #if DBG
1521 Debug.Trace("PipelineRuntime", "HttpRuntime::ProcessRequestNotificationPrivate: status=" + status.ToString());
1522 #endif
1525 }
1527 private void FinishRequestNotification(IIS7WorkerRequest wr, HttpContext context, ref RequestNotificationStatus status) {
1529 Debug.Assert(status != RequestNotificationStatus.Pending, "status != RequestNotificationStatus.Pending");
1535 }
1537 // check if the app offline or whether an error has occurred, and report the condition
1540 // we do not return FinishRequest for LogRequest or EndRequest
1545 }
1551 }
1553 // if we catch an exception here then
1554 // i) clear cached response body bytes on the worker request
1555 // ii) clear the managed headers, the IIS native headers, the mangaged httpwriter response buffers, and the native IIS response buffers
1556 // iii) attempt to format the exception and write it to the response
1562 }
1564 }
1565 }
1569 }
1571 // Perf optimization: dispose managed context if possible (no need to try if status is pending)
1574 }
1575 }
1578 // Remember that first request is done
1581 // need to raise OnRequestCompleted while within the ThreadContext so that things like User, CurrentCulture, etc. are available
1596 }
1597 }
1598 }
1599 }
1601 }
1605 if (EtwTrace.IsTraceEnabled(EtwTraceLevel.Verbose, EtwTraceFlags.Infrastructure)) EtwTrace.Trace(EtwTraceType.ETW_TYPE_END_HANDLER, context.WorkerRequest);
1607 // In case of a HostingInit() error, app domain should not stick around
1611 }
1612 }
1615 /*
1616 * Process one request
1617 */
1619 // Count active requests
1623 // Dev11 333176: An appdomain is unloaded before all requests are served, resulting in System.AppDomainUnloadedException during isapi completion callback
1624 //
1625 // HttpRuntim.Dispose could have already finished on a different thread when we had no active requests
1626 // In this case we are about to start or already started unloading the appdomain so we will reject the request the safest way possible
1632 // this will flush synchronously because of HttpRuntime.ShutdownInProgress
1637 }
1639 }
1641 // Construct the Context on HttpWorkerRequest, hook everything together
1642 HttpContext context;
1646 }
1649 // If we fail to create the context for any reason, send back a 400 to make sure
1650 // the request is correctly closed (relates to VSUQFE3962)
1660 }
1661 }
1668 // First request initialization
1671 }
1673 // If we are handling a DEBUG request, ignore the FirstRequestInit exception.
1674 // This allows the HttpDebugHandler to execute, and lets the debugger attach to
1675 // the process (VSWhidbey 358135)
1678 }
1679 }
1681 // Init response writer (after we have config in first request init)
1682 // no need for impersonation as it is handled in config system
1685 // Get application instance
1691 if (EtwTrace.IsTraceEnabled(EtwTraceLevel.Verbose, EtwTraceFlags.Infrastructure)) EtwTrace.Trace(EtwTraceType.ETW_TYPE_START_HANDLER, context.WorkerRequest, app.GetType().FullName, "Start");
1694 // asynchronous handler
1698 }
1700 // synchronous handler
1703 }
1704 }
1708 }
1709 }
1712 // Construct the Context on HttpWorkerRequest, hook everything together
1716 // Count active requests
1723 }
1729 }
1733 }
1734 }
1735 }
1737 internal static void ReportAppOfflineErrorMessage(HttpResponse response, byte[] appOfflineMessage) {
1742 }
1744 /*
1745 * Finish processing request, sync or async
1746 */
1750 if (EtwTrace.IsTraceEnabled(EtwTraceLevel.Verbose, EtwTraceFlags.Infrastructure)) EtwTrace.Trace(EtwTraceType.ETW_TYPE_END_HANDLER, context.WorkerRequest);
1754 // Flush in case of no error
1756 // impersonate around PreSendHeaders / PreSendContent
1759 // this sends the actual content in most cases
1761 }
1764 }
1765 }
1766 }
1768 // Report error if any
1772 // if the custom encoder throws, it might interfere with returning error information
1773 // to the client, so we force use of the default encoder
1780 }
1782 }
1783 }
1785 // when application is on UNC share the code below must
1786 // be run while impersonating the token given by IIS
1790 // try to report error in a way that could possibly throw (a config exception)
1792 }
1794 // report the config error in a way that would not throw
1796 }
1799 }
1801 }
1802 }
1803 }
1804 }
1805 }
1807 // Remember that first request is done
1811 // In case we reporting HostingInit() error, app domain should not stick around
1815 }
1817 // Check status code and increment proper counter
1818 // If it's an error status code (i.e. 400 or higher), increment the proper perf counters
1824 // ---- exceptions from EndOfRequest as they will prevent proper request cleanup
1825 // Since the exceptions are not expected here we want to log them
1828 }
1831 }
1833 // Count active requests
1837 // Schedule more work if some requests are queued
1840 }
1842 //
1843 // Make sure shutdown happens only once
1844 //
1854 }
1857 }
1859 //
1860 // Shutdown this and restart new app domain
1861 //
1864 #if DBG
1866 "*** ReleaseResourcesAndUnloadAppDomain " + DateTime.Now.ToString("hh:mm:ss.fff", CultureInfo.InvariantCulture)
1868 #endif
1875 }
1877 }
1879 // Release all resources
1882 }
1884 }
1893 }
1896 }
1898 Debug.Trace("AppDomainFactory", "AppDomain.Unload exception: " + e + "; Id=" + _appDomainAppId);
1900 // Avoid calling Exception.ToString if we are in the ClientBuildManager (Dev10 bug 824659)
1902 }
1904 }
1905 }
1906 }
1909 // Set the Request Execution time perf counter
1918 }
1931 }
1932 }
1934 // If status code is not in the 400-599 range (i.e. 200-299 success or 300-399 redirection),
1935 // count it as a successful request.
1937 }
1938 }
1949 // only apply timeout if a managed debugger is not attached
1952 }
1953 }
1954 }
1956 /*
1957 * Cleanup of all unmananged state
1958 */
1960 // get shutdown timeout from config
1966 }
1968 // before aborting compilation give time to drain (new requests are no longer coming at this point)
1971 // reject remaining queued requests
1975 // By this time all new requests should be directed to a newly created app domain
1976 // But there might be requests that got dispatched to this old app domain but have not reached ProcessRequestInternal yet
1977 // Signal ProcessRequestInternal to reject them immediately without initiating async operations
1979 }
1981 // give it a little more time to drain
1985 // wait for pending async io to complete, prior to aborting requests
1986 // this isn't necessary for IIS 7, where the async sends are always done
1987 // from native code with native buffers
1990 // For IIS7 integrated pipeline, wait until GL_APPLICATION_STOP fires and
1991 // there are no active calls to IndicateCompletion before unloading the AppDomain
1994 }
1996 // wait for all active requests to complete
1999 }
2000 }
2003 // Dispose AppDomainShutdownTimer
2006 // kill all remaining requests (and the timeout timer)
2011 // double check for pending async io
2014 // stop sqlcachedependency polling
2017 // cleanup cache (this ends all sessions)
2018 HealthMonitoringManager.IsCacheDisposed = true; // HMM is the only place internally where we care if the Cache is disposed or not.
2024 }
2027 }
2028 }
2030 // app on end, cleanup app instances
2033 // stop file changes monitor
2036 // stop health monitoring timer
2038 }
2040 /*
2041 * Async completion of IIS7 pipeline (unlike OnHandlerCompletion, this may fire more than once).
2042 */
2046 }
2050 }
2051 }
2057 }
2067 }
2071 }
2073 // RequestContext is set to null if this is the last notification, so we need to save it
2074 // for the call to PostCompletion
2079 // set the notification context to null since we are exiting this notification
2082 // Indicate completion to IIS, so that it can resume
2083 // request processing on an IIS thread
2087 }
2089 /*
2090 * Async completion of managed pipeline (called at most one time).
2091 */
2097 }
2100 }
2102 // no longer keep AsyncAppHandler poiting to the application
2103 // is only needed to call EndProcessRequest
2105 }
2108 }
2110 /*
2111 * Notification from worker request that it is done writing from buffer
2112 * so that the buffers can be recycled
2113 */
2119 }
2121 /*
2122 * Notification when something in the bin directory changed
2123 */
2125 // shutdown the app domain
2126 Debug.Trace("AppDomainFactory", "Shutting down appdomain because of bin dir change or directory rename." +
2133 message = (message != null) ? message + directoryName : directoryName + " dir change or directory rename";
2137 }
2140 }
2143 }
2146 }
2149 // Make sure HttpRuntime does not ignore the appdomain shutdown if a file is added (VSWhidbey 363481)
2152 Debug.Trace("AppDomainFactorySpecial", "Call SetUserForcedShutdown: FileName=" + e.FileName + "; now=" + DateTime.Now);
2153 }
2156 }
2158 /**
2159 * Coalesce file change notifications to minimize sharing violations and AppDomain restarts (ASURT 147492)
2160 */
2169 }
2170 }
2172 }
2178 // Coalesce file change notifications
2185 }
2186 }
2188 }
2189 }
2191 // appdomain shutdown eventhandler
2197 }
2198 }
2202 }
2204 /*
2205 * Shutdown the current app domain
2206 */
2209 }
2211 /*
2212 * Shutdown the current app domain with a stack trace. This is useful for callers that are running
2213 * on a QUWI callback, and wouldn't provide a meaningful stack trace by default.
2214 */
2215 internal static bool ShutdownAppDomainWithStackTrace(ApplicationShutdownReason reason, string message, string stackTrace) {
2218 }
2221 #if DBG
2225 #endif
2226 // Ignore notifications during the processing of the first request (ASURT 100335)
2227 // skip this if LastShutdownAttemptTime has been set
2228 if (_theRuntime.LastShutdownAttemptTime == DateTime.MinValue && !_theRuntime._firstRequestCompleted && !_theRuntime._userForcedShutdown) {
2229 // check the timeout (don't disable notifications forever
2240 Debug.Trace("AppDomainFactory", "ShutdownAppDomain IGNORED (1st request is not done yet), Id = " + AppDomainAppId);
2242 }
2243 }
2244 }
2245 }
2247 }
2248 }
2252 }
2254 // VSWhidbey 444472: if an exception is thrown, we consume it and continue executing the following code.
2255 }
2257 // Update last time ShutdownAppDomain was called
2261 // This shutdown is not triggered by hosting environment - let it do the job
2264 }
2266 //WOS 1400290: CantUnloadAppDomainException in ISAPI mode, wait until HostingEnvironment.ShutdownThisAppDomainOnce completes
2269 }
2271 // Make sure we don't go through shutdown logic many times
2275 Debug.Trace("AppDomainFactory", "ShutdownAppDomain, Id = " + AppDomainAppId + ", ShutdownInProgress=" + ShutdownInProgress
2279 // Avoid calling Environment.StackTrace if we are in the ClientBuildManager (Dev10 bug 824659)
2281 // Instrument to be able to see what's causing a shutdown
2285 }
2288 }
2289 }
2292 }
2294 // Notify when appdomain is about to shutdown.
2297 // unload app domain from another CLR thread
2301 }
2307 // someone unloaded app domain directly - tell unmanaged code
2311 // tell unmanaged code not to dispatch requests to this app domain
2316 }
2318 // release all resources
2320 }
2321 }
2323 /*
2324 * Notification when app-level Config changed
2325 */
2328 ShutdownAppDomain(ApplicationShutdownReason.ConfigurationChange, (message != null) ? message : "CONFIG change");
2329 }
2331 // Intrumentation to remember the overwhelming file change
2335 }
2338 }
2344 else
2346 }
2347 }
2350 // public method is on HostingEnvironment
2352 get { return _theRuntime._shutdownReason; }
2353 }
2355 //
2356 // public static APIs
2357 //
2359 /*
2360 * Process one request
2361 */
2363 /// <devdoc>
2364 /// <para><SPAN>The method that drives
2365 /// all ASP.NET web processing execution.</SPAN></para>
2366 /// </devdoc>
2373 throw new PlatformNotSupportedException(SR.GetString(SR.Method_Not_Supported_By_Iis_Integrated_Mode, "HttpRuntime.ProcessRequest"));
2374 }
2377 }
2392 }
2393 }
2407 }
2411 }
2415 }
2418 /// <devdoc>
2419 /// <para>Removes all items from the cache and shuts down the runtime.</para>
2420 /// </devdoc>
2423 Debug.Trace("AppDomainFactory", "HttpRuntime.Close, ShutdownInProgress=" + ShutdownInProgress);
2428 // go throw initiate shutdown for hosted scenarios
2430 }
2433 }
2434 }
2435 }
2438 /// <devdoc>
2439 /// <para>Unloads the current app domain.</para>
2440 /// </devdoc>
2443 ShutdownAppDomain(ApplicationShutdownReason.UnloadAppDomainCalled, "User code called UnloadAppDomain");
2444 }
2448 DateTime dt;
2451 }
2453 }
2457 }
2458 }
2459 }
2464 }
2465 }
2470 }
2471 }
2475 // Make sure we have already initialized the trust level
2476 //
2480 }
2481 }
2486 }
2487 }
2492 }
2493 }
2495 [AspNetHostingPermission(SecurityAction.Demand, Level = AspNetHostingPermissionLevel.Unrestricted)]
2500 }
2503 }
2504 }
2508 // Make sure we have already initialized the trust level
2512 }
2513 }
2515 /*
2516 * Check that the current trust level allows access to a virtual path. Throw if it doesn't,
2517 */
2521 }
2523 /*
2524 * Check that the current trust level allows access to a path. Throw if it doesn't,
2525 */
2528 }
2533 }
2534 }
2538 }
2541 // WOS #1523618: need to skip this check for HttpResponse.ReportRuntimeError when reporting an
2542 // InitializationException (e.g., necessary to display line info for ConfigurationException).
2546 }
2548 // Make sure we have already initialized the trust level
2549 Debug.Assert(TrustLevel != null || !HostingEnvironment.IsHosted, "TrustLevel != null || !HostingEnvironment.IsHosted");
2551 // If we don't have a NamedPermissionSet, we're in full trust
2557 // Check that the user has permission to the path
2564 else
2566 }
2568 // This could happen if the path is not absolute
2570 }
2572 }
2575 }
2579 // Make sure we have already initialized the trust level
2582 // If we don't have a NamedPermissionSet, we're in full trust
2588 // Check that the user has permission to the URI
2594 }
2597 }
2599 }
2602 }
2606 // Make sure we have already initialized the trust level
2609 // If we don't have a NamedPermissionSet, we're in full trust
2615 // Check that the user has permission to the provider
2621 }
2622 }
2625 }
2628 // WOS #1523618: need to skip this check for HttpResponse.ReportRuntimeError when reporting an
2629 // InitializationException (e.g., necessary to display line info for ConfigurationException).
2633 }
2635 // Make sure we have already initialized the trust level
2638 // If we don't have a NamedPermissionSet, we're in full trust
2644 // Check that the user has permission to the path
2647 IPermission askedPermission = new FileIOPermission(FileIOPermissionAccess.PathDiscovery, path);
2649 }
2653 }
2657 }
2666 }
2668 }
2671 }
2673 /*
2674 * Check that the current trust level allows Unmanaged access
2675 */
2678 // Make sure we have already initialized the trust level
2681 // If we don't have a NamedPermissionSet, we're in full trust
2691 }
2695 // Make sure we have already initialized the trust level
2696 //
2700 // If we don't have a NamedPermissionSet, we're in full trust
2704 AspNetHostingPermission permission = (AspNetHostingPermission)NamedPermissionSet.GetPermission(
2710 }
2712 internal static void CheckAspNetHostingPermission(AspNetHostingPermissionLevel level, String errorMessageId) {
2715 }
2716 }
2718 // If we're not in full trust, fail if the passed in type doesn't have the APTCA bit
2719 internal static void FailIfNoAPTCABit(Type t, ElementInformation elemInfo, string propertyName) {
2725 throw new ConfigurationErrorsException(SR.GetString(SR.Type_from_untrusted_assembly, t.FullName),
2727 }
2729 throw new ConfigurationErrorsException(SR.GetString(SR.Type_from_untrusted_assembly, t.FullName));
2730 }
2731 }
2732 }
2734 // If we're not in full trust, fail if the passed in type doesn't have the APTCA bit
2738 throw new ConfigurationErrorsException(SR.GetString(SR.Type_from_untrusted_assembly, t.FullName),
2739 node);
2740 }
2741 }
2745 }
2747 // Check if the type is allowed to be used in config by checking the APTCA bit
2750 // Allow everything in full trust
2755 }
2761 // Level 1 CAS uses transparency as an auditing mechanism rather than an enforcement mechanism, so we can't
2762 // perform a transparency check. Instead, allow the call to go through if:
2763 // (a) the referenced assembly is partially trusted, hence it cannot do anything dangerous; or
2764 // (b) the assembly is fully trusted and has APTCA.
2766 }
2768 // ** TEMPORARY **
2769 // Some GACed assemblies register critical modules / handlers. We can't break these scenarios for .NET 4.5, but we should
2770 // remove this APTCA check when we fix DevDiv #85358 and use only the transparency check defined below.
2773 }
2774 // ** END TEMPORARY **
2776 // Level 2 CAS uses transparency as an enforcement mechanism, so we can perform a transparency check.
2777 // Transparent and SafeCritical types are safe to use from partial trust code.
2779 }
2780 }
2783 get { return _theRuntime._fcm; }
2784 }
2787 get { return _theRuntime._timeoutManager; }
2788 }
2791 /// <devdoc>
2792 /// <para>Provides access to the cache.</para>
2793 /// </devdoc>
2799 }
2806 // Create the CACHE object
2809 }
2810 }
2811 }
2814 }
2815 }
2817 /// <devdoc>
2818 /// <para>[To be supplied.]</para>
2819 /// </devdoc>
2826 }
2830 }
2831 }
2834 get { return s_installDirectory; }
2835 }
2837 //
2838 // Return the client script virtual path, e.g. "/aspnet_client/system_web/2_0_50217"
2839 //
2844 string clientScriptVirtualPath = AspNetClientFilesParentVirtualPath + aspNetVersion.Substring(0, aspNetVersion.LastIndexOf('.')).Replace('.', '_');
2847 }
2850 }
2851 }
2859 }
2862 }
2863 }
2865 //
2866 // Return the client script physical path, e.g. @"c:\windows\microsoft.net\framework\v2.0.50217.0\asp.netclientfiles"
2867 //
2871 string clientScriptPhysicalPath = System.IO.Path.Combine(AspInstallDirectoryInternal, AspNetClientFilesSubDirectory);
2874 }
2877 }
2878 }
2881 /// <devdoc>
2882 /// <para>[To be supplied.]</para>
2883 /// </devdoc>
2889 }
2890 }
2893 get { return HttpConfigurationSystem.MsCorLibDirectory; }
2894 }
2898 /// <devdoc>
2899 /// <para>[To be supplied.]</para>
2900 /// </devdoc>
2906 }
2907 }
2910 get { return HttpConfigurationSystem.MachineConfigurationDirectory; }
2911 }
2914 get { return s_isEngineLoaded; }
2915 }
2918 //
2919 // Static app domain related properties
2920 //
2923 /// <devdoc>
2924 /// <para>[To be supplied.]</para>
2925 /// </devdoc>
2931 }
2932 }
2935 get { return _theRuntime._codegenDir; }
2936 }
2939 get { return _theRuntime._tempDir; }
2940 }
2943 /// <devdoc>
2944 /// <para>[To be supplied.]</para>
2945 /// </devdoc>
2949 }
2950 }
2953 get { return AppDomainAppId != null; }
2954 }
2958 /// <devdoc>
2959 /// <para>[To be supplied.]</para>
2960 /// </devdoc>
2965 }
2966 }
2969 get { return _theRuntime._appDomainAppPath; }
2970 }
2973 /// <devdoc>
2974 /// <para>[To be supplied.]</para>
2975 /// </devdoc>
2979 }
2980 }
2982 // Save as AppDomainAppVirtualPath, but includes the trailng slash. We can't change
2983 // AppDomainAppVirtualPath since it's public.
2987 }
2988 }
2993 }
2994 }
3001 }
3004 /// <devdoc>
3005 /// <para>[To be supplied.]</para>
3006 /// </devdoc>
3011 }
3012 }
3015 get { return _theRuntime._appDomainId; }
3016 }
3020 /// <devdoc>
3021 /// <para>[To be supplied.]</para>
3022 /// </devdoc>
3028 }
3029 }
3032 get { return Path.Combine(_theRuntime._appDomainAppPath, BinDirectoryName) + Path.DirectorySeparatorChar; }
3034 }
3037 get { return _theRuntime._appDomainAppVPath.SimpleCombineWithDir(CodeDirectoryName); }
3038 }
3041 get { return _theRuntime._appDomainAppVPath.SimpleCombineWithDir(ResourcesDirectoryName); }
3042 }
3045 get { return _theRuntime._appDomainAppVPath.SimpleCombineWithDir(WebRefDirectoryName); }
3046 }
3049 /// <devdoc>
3050 /// <para>[To be supplied.]</para>
3051 /// </devdoc>
3056 }
3057 }
3060 get { return _theRuntime._isOnUNCShare; }
3061 }
3064 //
3065 // Static helper to retrieve app domain values
3066 //
3072 }
3079 }
3081 // Gets the version of the ASP.NET framework the current web applications is targeting.
3082 // This property is normally set via the <httpRuntime> element's "targetFramework"
3083 // attribute. The property is not guaranteed to return a correct value if the current
3084 // AppDomain is not an ASP.NET web application AppDomain.
3088 }
3089 }
3092 //
3093 // Flags
3094 //
3097 get { return _theRuntime._debuggingEnabled; }
3098 }
3101 get { return _theRuntime._configInited; }
3102 }
3105 get { return _theRuntime._fusionInited; }
3106 }
3109 get { return _theRuntime._apartmentThreading; }
3110 }
3113 get { return _theRuntime._shutdownInProgress; }
3114 }
3117 get { return _theRuntime._trustLevel; }
3118 }
3121 get { return _theRuntime._wpUserId; }
3122 }
3125 private void SetTrustLevel(TrustSection trustSection, SecurityPolicySection securityPolicySection) {
3126 // Use a temporary variable, since we use the field as a signal that the trust has really
3127 // been set, which is not the case until later in this method.
3133 }
3135 if (securityPolicySection == null || securityPolicySection.TrustLevels[trustSection.Level] == null) {
3136 throw new ConfigurationErrorsException(SR.GetString(SR.Unable_to_get_policy_file, trustSection.Level), String.Empty, 0);
3137 // Do not give out configuration information since we don't know what trust level we are
3138 // supposed to be running at. If the information below is added to the error it might expose
3139 // part of the config file that the users does not have permissions to see. VS261145
3140 // ,trustSection.ElementInformation.Properties["level"].Source,
3141 // trustSection.ElementInformation.Properties["level"].LineNumber);
3142 }
3147 }
3150 }
3152 //if HttpContext.Current.IsCustomErrorEnabled
3154 //else
3155 // throw new ConfigurationErrorsException(SR.GetString(SR.Unable_to_get_policy_file, trustSection.Level),
3156 // trustSection.Filename, trustSection.LineNumber);
3157 }
3160 #pragma warning disable 618
3161 PolicyLevel policyLevel = CreatePolicyLevel(file, AppDomainAppPathInternal, CodegenDirInternal, trustSection.OriginUrl, out foundGacToken);
3163 // see if the policy file contained a v1.x UrlMembershipCondition containing
3164 // a GAC token. If so, let's upgrade it by adding a code group granting
3165 // full trust to code from the GAC
3167 // walk the code groups at the app domain level and look for one that grants
3168 // access to the GAC with an UrlMembershipCondition.
3175 // if we found the GAC token and also have the GacMembershipCondition
3176 // the policy file needs to be upgraded to just include the GacMembershipCondition
3179 }
3180 }
3182 // add one as a child of the toplevel group after
3183 // some sanity checking to make sure it's an ASP.NET policy file
3184 // which always begins with a FirstMatchCodeGroup granting nothing
3185 // this might not upgrade some custom policy files
3197 // now, walk the current groups and insert our new group
3198 // immediately before the old Gac group
3199 // we'll need to use heuristics for this:
3200 // it will be an UrlMembershipCondition group with full trust
3201 CodeGroup newRoot = new FirstMatchCodeGroup(rootGroup.MembershipCondition, rootGroup.PolicyStatement);
3204 // is this the target old $Gac$ group?
3205 // insert our new GacMembershipCondition group ahead of it
3212 }
3213 }
3215 // append this group to the root group
3216 // AddChild itself does a deep Copy to get any
3217 // child groups so we don't need one here
3219 }
3222 //Debug.Trace("internal", "PolicyLevel: " + policyLevel.ToXml());
3223 }
3224 }
3225 }
3226 #pragma warning restore 618
3227 }
3230 #pragma warning disable 618
3233 #pragma warning restore 618
3238 }
3240 #pragma warning disable 618
3241 private static PolicyLevel CreatePolicyLevel(String configFile, String appDir, String binDir, String strOriginUrl, out bool foundGacToken) {
3242 // Read in the config file to a string.
3259 // see if the file contains a GAC token
3260 // if so, do the replacement and record the
3261 // fact so that we later add a GacMembershipCondition
3262 // codegroup to the PolicyLevel
3273 }
3276 }
3279 }
3280 #pragma warning restore 618
3282 private void SetTrustParameters(TrustSection trustSection, SecurityPolicySection securityPolicySection, PolicyLevel policyLevel) {
3285 // if we are in partial trust, HostingEnvironment should init HttpRuntime with a non-null PolicyLevel object
3291 String file = (String)securityPolicySection.TrustLevels[trustSection.Level].PolicyFileExpanded;
3293 }
3294 }
3296 /*
3297 * Notification when something in the code-access security policy file changed
3298 */
3300 // shutdown the app domain
3301 Debug.Trace("AppDomainFactory", "Shutting down appdomain because code-access security policy file changed");
3305 }
3307 message);
3308 }
3311 // notification when app_offline.htm file changed or created
3313 // shutdown the app domain
3315 Debug.Trace("AppDomainFactory", "Shutting down appdomain because " + AppOfflineFileName + " file changed");
3316 // WOS 1948399: set _userForcedShutdown to avoid DelayNotificationTimeout, since first request has not completed yet in integrated mode;
3321 }
3323 }
3328 }
3335 //
3340 }
3343 /*
3344 * Remove from metabase all read/write/browse permission from certain subdirs
3345 *
3346 */
3354 // Don't do it if we are not running on IIS
3357 }
3359 // Do it only for IIS 5
3363 {
3370 // Cannot pass back any HR from inetinfo.exe because CSyncPipeManager::GetDataFromIIS
3371 // does not support passing back any value when there is an error.
3372 Debug.Trace("RestrictIISFolders", "Cannot restrict folder access for '" + AppDomainAppId + "'.");
3373 }
3374 }
3375 }
3377 //
3378 // Helper to create instances (public vs. internal/private ctors, see 89781)
3379 //
3383 }
3388 type,
3389 BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.CreateInstance,
3391 args,
3393 }
3397 }
3399 #if !DONTUSEFACTORYGENERATOR
3400 // Cache instances of IWebObjectFactory for each Type, which allow us
3401 // to instantiate the objects very efficiently, compared to calling
3402 // Activator.CreateInstance on every call.
3410 /*
3411 * Faster implementation of CreatePublicInstance. It generates bits of IL
3412 * on the fly to achieve the improve performance. this should only be used
3413 * in cases where the number of different types to be created is well bounded.
3414 * Otherwise, we would create too much IL, which can bloat the process.
3415 */
3418 #if DONTUSEFACTORYGENERATOR
3420 #else
3422 // Only use the factory logic if the assembly is in the GAC, to avoid getting
3423 // assembly conflicts (VSWhidbey 405086)
3426 }
3428 // Create the factory generator on demand
3431 // Devdiv 90810 - Synchronize to avoid race condition
3436 // Create the factory cache
3440 }
3441 }
3442 }
3444 // First, check if it's cached
3451 // Create the object factory
3454 // Cache the factory
3456 }
3460 }
3467 }
3472 }
3475 }
3476 }
3482 // Raise Web Event
3487 }
3488 }
3489 }
3490 }
3496 if (config != null && config.HttpRuntime != null && config.HttpRuntime.RelaxedUrlToFileSystemMapping) {
3497 _DefaultPhysicalPathOnMapPathFailure = Path.Combine(_appDomainAppPath, "NOT_A_VALID_FILESYSTEM_PATH");
3498 }
3500 }
3504 }
3505 }
3510 if (originalResult == null) // null is never valid: Return the hard coded default physical path
3513 // Does it contain an invalid file-path char?
3517 // Final check: do the full check to ensure it is valid
3524 }
3526 // it is valid
3528 }
3529 }
3565 };
3568 }