Changes in ISAPI Extension Features

  • Article

The following changes or new features are available to ISAPI extensions in IIS 6.0.

  • ISAPI Extensions Disabled by Default: All ISAPI Extensions (including ASP, ASP.NET and other methods of producing dynamic content) are disabled by default so that IIS 6.0 is installed in a highly secure state. To configure your server to enable ISAPI extensions, open the IIS Manager and click the Web Service Extensions node.

  • Unicode Server Variables: New unicode versions of existing server variables are available to ISAPI extensions in IIS 6.0. They are accessed by prepending UNICODE_ to an existing ANSI server variable, for example, UNICODE_REMOTE_USER, UNICODE_URL, UNICODE_PATH_INFO.

  • GetServerVariable Server Support Function: ISAPI extensions can now use the "HEADER_" prefix to access any header, including those that contain dashes in their names. Using the "HTTP_" prefix is still supported.

  • Unicode Versions of selected Server Support Functions: HSE_REQ_MAP_UNICODE_URL_TO_PATH, HSE_REQ_MAP_UNICODE_URL_TO_PATH_EX, and HSE_REQ_EXEC_UNICODE_URL have been added to IIS 6.0 which take extra parameters that are expected in unicode programming.

  • Wildcard Application Mappings: This feature is an improvement of existing IIS functionality. A wildcard application mapping maps an ISAPI extensions to an entire application, running the ISAPI extension regardless of the file name extension of the requested file. Wildcard application mappings are an ordered chain of ISAPI extensions which cooperate by using HSE_REQ_EXEC_URL to enable multiple executables to sequentially process a given request. For more information, see Multiple Requests Mapped to an ISAPI Extension.

  • ISAPI Extension ServerSupportFunction: In IIS 6.0, the following parameter names of the ISAPI extension ServerSupportFunction were added or changed:

    HSE_REQ_GET_EXECUTE_FLAGS has been changed to HSE_REQ_GET_EXEC_URL_STATUS

    HSE_REQ_EXECUTE_CHILD has been changed to HSE_REQ_EXEC_URL

    HSE_REQ_IS_IN_PROCESS, HSE_REQ_REPORT_UNHEALTHY, HSE_REQ_REPORT_UNHEALTHY, HSE_REQ_VECTOR_SEND, and HSE_REQ_SEND_CUSTOM_ERROR are all new features to IIS 6.0.

    HSE_REQ_NORMALIZE_URL has been added which mirrors the existing ISAPI Filter ServerSupportFunction SF_REQ_NORMALIZE_URL. Primarily, HSE_REQ_NORMALIZE_URL is used with HSE_REQ_EXEC_URL to allow ISAPI Extensions to protect themselves from malicious URL canonicalization attacks.

  • New Server Variable: A new server variable called SCRIPT_TRANSLATED can be called from ISAPI extensions in IIS 6.0.