Why a filter?

Aug 10, 2009 at 9:01 PM

Everything I've read about ISAPI applications has said to avoid filters in favor of extensions. Why is IIRF implemented as a filter?

Coordinator
Aug 11, 2009 at 5:10 PM

I don't know what you're reading, but your summary of the recommendations seems off.  The two are alternatives, and are used for different reasons. 

You can read more about the difference on Wikipedia. or on MSDN

Aug 11, 2009 at 6:16 PM

I was referring to this specifically, from the Windows SDK documentation:

"Avoid ISAPI filters - Avoid ISAPI filters unless adding an ISAPI filter is absolutely necessary to your application architecture. You should especially avoid filters that perform processing on raw incoming or outgoing data, or do the main processing on requests. In other words, filters that intercept requests in order to build complex responses should be avoided. In general, the only response that a filter should ever send are error responses. For example, an authentication filter might send a 401 response back to the client. If you determine that a filter is absolutely necessary, be sure to carefully optimize the main code paths through the filter event notification code."

All I know of ISAPI development is what I've learned in the past three days, which isn't much (ISAPI code is a little offputting to me). I just wondered if there was a particular technical reason that IIRF is a filter rather than an extension.

Coordinator
Aug 11, 2009 at 6:47 PM

IIRF is a filter because it needs to be present as part of IIS in order to perform the functions it performs.  It is not an application.  It does not do the main processing on requests.  It does not produce complex responses.  It does maniupate and route requests within the IIS server, and for that purpose, a filter is the right tool.

I disagree with the statement in th Windows SDK documentation that the only response that a filter should ever send is an error response.    That seems artificially limiting.

Aug 11, 2009 at 7:58 PM

The Windows SDK documentation leaves a lot to the imagination anyway (at least to mine), so it's not such a stretch to believe there's something in there that just doesn't make sense.