Blog Post

IIS Support Blog
5 MIN READ

Manged Modules and Custom Modules in IIS

meenakshiBalekar's avatar
Aug 30, 2024

 

Table of Contents:

  1. Modules in IIS
  2. Types of Modules
  3. Integration within IIS Architecture and Pipeline
  4. Custom Module and it's creation 
  5. Interference with Incoming Requests
  6. Capabilities of Custom Modules
  7. Advantages of Using Custom Modules
  8. Summary

 

Modules in IIS


Modules in Internet Information Services (IIS) are individual features that the server uses to process requests. Module
 is a component that handles specific tasks during the processing of web requests. These tasks can range from authentication and logging to compression and caching. Modules are integral to how IIS manages and processes requests, allowing for a modular and customizable approach to web server functionality. They are designed to handle specific tasks, such as authentication, caching, logging, and more. 

 

There are two types of Modules available :
 

  • Native Modules: Built into IIS and handle core functionalities like authentication, compression, and logging.
  • Managed Modules: Written in managed code (e.g., .NET) and provide additional features like session state management and URL authorization.

 

Modules can inspect, modify, or act on requests and responses. They participate in the request processing pipeline, ensuring tasks like user authentication, data compression, and request filtering are handled efficiently

 

Integration within IIS Architecture and Pipeline

 

Let's take a look into the IIS pipeline mode :

 

Integration within IIS Architecture and Pipeline

Custom modules are integrated into the IIS request-processing pipeline, which follows these stages. By subscribing to events such as `BeginRequest`, custom modules can intercept and process requests at different points in this pipeline.


 

 

 

On the left side we have stages that will be part of request lifecycle. We have different stages like authentication, authorization, execute handler, compression and on the right side we have modules like basic and windows which will be subscribed to different stages.

 

Modules will be subscribing to different stages

 

Modules are loaded into the IIS pipeline and participate in the request processing. They can inspect, modify, or act on requests and responses. For example, an authentication module might verify user credentials before allowing access to a resource, while a compression module might compress the response data before sending it to the client.

 

 

So how does this works ?

 

Consider I have an ASP.NET framework application hosted on IIS. On this website I have enabled Windows authentication

 

 

 

So here the request to my website will go via standard IIS pipeline, however as we have windows authentication enabled you will be able to see that when authentication stage is reached in the pipeline, it will check if there is any module subscribed for this stage. Once it identifies that the windows authentication is enabled it will intercept the request and will perform Windows authentication and then process the request.

 

If you want to see how does this looks, you can take a FREB trace and see the Windows authentication module getting kicked in under the authentication stage

 

 

There are other modules that are not yet subscribed and not performing any activity.

 

This is how the Modules make IIS a flexible and powerful web server, allowing administrators and developers to tailor its behaviour to meet specific application requirements. But how is the flexibility going to be achieved ?

 

For that we can customize the modules as per our need.

 

Custom Modules

 

You can create your own custom modules to extend IIS functionality. These modules can be written in native code (C/C++) or managed code (C#, VB.NET). Custom modules allow for tailored solutions to specific needs, such as custom logging, authentication, or request handling.

 

Writing and Adding Custom Modules in IIS

 

Creating a custom module for IIS involves writing managed or native code that hooks into the IIS request processing pipeline. Here's a step-by-step guide:

 

Step 1: Create a New Class Library Project

Open Visual Studio and create a new Class Library project.

Name your project, for example, RemoveHeadersModule.

 

Step 2: Implement the IHttpModule Interface

Add a new class to your project, e.g., RemoveHeadersModule.cs.

Implement the IHttpModule interface in this class.

 

public class CustomModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(OnBeginRequest);
//this is where you can add your logic to modify the request
}
private void OnBeginRequest(object sender, EventArgs e)
{
HttpContext context = ((HttpApplication)sender).Context;
context.Response.Write("Custom Module Executed!");
}
public void Dispose() 
{ }
}

 

 

For native code, use C++ to create an ISAPI extension or filter.

 

Step 3: Register the Module

  1. Open your web.config file.
  2. Add the following configuration to register your custom module:

 

<configuration>
  <system.webServer>
    <modules>
      <add name="<AssemblyName>" type="<namespace.classname>" />
    </modules>
  </system.webServer>
</configuration>

 


Step 4: Deploy the Module

Build your project to generate the DLL.

Copy the DLL to the bin directory of your web application.

Ensure your web.config is updated with the module registration.

 

Interference with Incoming Requests

Custom modules can modify the behavior of incoming requests by inspecting and altering request headers, redirecting requests, or even generating responses. For example, a module can be designed to:

  • Log request details.
  • Apply custom authentication or authorization logic.
  • Modify response headers.

 

This can also be seen from the FREB logs

I have created a class library name :
RemoveHeadersModule and integrated it with IIS hosted application. When a FREB trace is taken, I am able to see the same request getting kicked in as :

 

This is how the request can be modified as per requirement.

 

Capabilities of Custom Modules

Custom modules can be used for various purposes:

  • Authentication and Authorization
  • Request and Response Filtering
  • URL Rewriting
  • Custom Logging
  • Load Balancing

Advantages of Using Custom Modules

Custom modules offer several benefits:

  • Flexibility: Tailor request handling to specific needs.
  • Extensibility: Enhance IIS functionality without modifying core server code.
  • Performance: Improve request processing efficiency through specialized logic.

Summary


In conclusion, the flexibility and power of IIS as a web server are significantly enhanced by the use of modules, both native and custom. These modules allow for a highly customizable and efficient way to handle web requests, providing the ability to tailor the server's behavior to meet the specific needs of applications. Custom modules, in particular, offer the opportunity to extend IIS functionality in targeted ways, such as improving authentication processes, filtering requests and responses, and even rewriting URLs.

 

By leveraging the capabilities of custom modules, administrators and developers can ensure that their web server is optimized for performance, security, and reliability.

 

Updated Aug 30, 2024
Version 1.0
  • pspit865's avatar
    pspit865
    Copper Contributor

    I completely agree with the flexibility and power that IIS offers through its use of both native and custom modules. At Reinvent IT, we've seen firsthand how leveraging custom modules can make a huge difference, especially when it comes to tailoring specific solutions for clients’ unique needs. Whether it's optimizing authentication processes or improving performance through custom request handling, these modules really allow for a fine-tuned approach.

     

    It's also worth noting how important it is to regularly review and update these modules to maintain security and reliability, especially with how rapidly web technologies evolve. Has anyone here found particular modules that were game-changers in your setup?

    Please feel free to reach out https://reinventit.nl/contact/