The SF_NOTIFY_READ_RAW_DATA event and IIS 6.0Http.sys only supports routing raw request data to a single user mode process. This behavior prevents IIS 6.0 from supporting the SF_NOTIFY_READ_RAW_DATA event in worker process isolation mode. This behavior occurs because global filters that register for the SF_NOTIFY_READ_RAW_DATA event can be loaded in multiple worker processes. However, Http.sys cannot route raw data to all the multiple worker processes. Therefore, Secure Sockets Layer (SSL) processing remains the only raw data operation. SSL occurs in a single user mode process that is named lsass.exe.
In IIS 5.0 isolation mode, global filters that register for the SF_NOTIFY_READ_RAW_DATA event are all loaded in a singleton process that is named Inetinfo.exe. SSL processing also occurs in the same process. Therefore, Http.sys can route all raw request data to that process.
ISAPI filter behavior in IIS 5.1 and earlier versionsA global filter is an ISAPI filter that is installed for the whole IIS service. The global filter recognizes requests and responses for all Web sites. A site filter is an ISAPI filter that is installed at the site level. The site filter only recognizes requests and responses for the site where the site filter is installed. An ISAPI filter that registers for the SF_NOTIFY_READ_RAW_DATA event must be installed as a global filter. However, an ISAPI filter that registers for the SF_NOTIFY_SEND_RAW_DATA event has no such restriction. Before IIS 6.0, all ISAPI filters run in the Inetinfo.exe process. The Inetinfo.exe process is guaranteed to run as the LocalSystem account and is single-instanced.
IIS 6 configurable-process architecture modelStarting in IIS 6.0, IIS supports two isolation modes:
- Worker process isolation mode that is the default
- IIS 5.0 isolation mode
IIS 6.0 running in IIS 5.0 isolation modeIIS 6.0 behaves like earlier versions when IIS 6.0 is set to run in IIS 5.0 isolation mode with the following exceptions:
- Site filters do not load on IIS startup. Site filters load on first request to their associated Web site.
- Any ISAPI filter load failures cause IIS not to start. Previous IIS versions continue running.
IIS 6.0 running in worker process isolation modeWhen IIS 6.0 runs in worker process isolation mode, ISAPI filters run in the worker processes. This lets multiple filters register for the SF_NOTIFY_READ_RAW_DATA ISAPI event. This creates the risk of more than one process accessing the read raw data at the same time. Additionally, Http.sys can only route raw request data to a single process. Therefore, IIS 6.0 does not support the SF_NOTIFY_READ_RAW_DATA ISAPI filter notification when IIS runs in worker process isolation mode. In IIS 5.0 isolation mode, Inetinfo.exe is the only process. Therefore, Inetinfo.exe can access the read raw data without a risk of other processes accessing the read raw data at the same time.
In IIS 6.0, we recommend that you replace filters that use the SF_NOTIFY_READ_RAW_DATA event with ISAPI extensions. The ISAPI extensions should use the HSE_REQ_EXEC_URL function. The ISAPI extensions should be configured with wildcard application mapping. This method enables manipulation of the whole request, including the following:
- Entity body
- Impersonation token
SSL in IIS 6.0In IIS 6.0, SSL is handled in a single process. This is because Http.sys can only provide the raw encrypted request data to one user mode process. In IIS 5.0 isolation mode, this process is Inetinfo.exe. In IIS 6.0 worker process isolation mode, this process is lsass.exe.
Note Not all raw data filters are the same. The only raw data filter that causes issues is the SF_NOTIFY_READ_RAW_DATA ISAPI filter. The SF_NOTIFY_READ_RAW_DATA ISAPI filter is supported in IIS 5.0 isolation mode only. The SF_NOTIFY_SEND_RAW_DATA ISAPI filter does not cause issues. The SF_NOTIFY_SEND_RAW_DATA ISAPI filter is supported in all modes.
For more information about the architectural model of IIS 6.0, see the "Internet Information Services Architecture" topic in the Server Administration Guide.
For more information about ISAPI extensions, visit the following Microsoft Developer Network (MSDN) Web site:
Article ID: 311852 - Last Review: Dec 10, 2008 - Revision: 1