Abstract: A method, system, and article of manufacture for providing an authentication and authorization pipeline for use in a web server to grant access to web resources to users. The server creates an entry within an userID to roles database for each user who may access resources present on the web server and creates an entry within the roles to resource database for each resource that may be accessed on the web server. The server then authenticates the identify of each user accessing a resource on the web server using a userID, one or more authentication parameters, and a resource access request, creates a data object having an authenticated userID and one or more roles corresponding to the authenticated userID obtained from the userID to roles database, and authorizes access to a resource identified within the resource access request if one or more roles within the data object correspond to an access role corresponding to the roles listed within the roles to resource database for the identified resource.

Abstract: Methods and apparatuses are provided for use in servers or other like devices that output content data based on requests. Activity and/or other like information, e.g., in the form of Metadata, is gathered/maintained for each handled request and used to determine if the corresponding content data should be cached in memory to speed up subsequent similar requests for the content data, or conversely removed from the memory cache. The activity and/or other like information can be considered in light of one or more activity or other useful parameters that define the operation of the resulting content data cache(s).

Abstract: Methods and apparatuses are provided for use in servers or other like devices that output content data based on requests. Activity and/or other like information, e.g., in the form of Metadata, is gathered/maintained for each handled request and used to determine if the corresponding content data should be cached in memory to speed up subsequent similar requests for the content data, or conversely removed from the memory cache. The activity and/or other like information can be considered in light of one or more activity or other useful parameters that define the operation of the resulting content data cache(s).

Abstract: Methods are provided for utilizing a modular server architecture for processing requests for services, such as authorization and authentication, in a web server. The modular server architecture includes self-contained modular components that can be plugged in and out of the web server, as needed, to provide requested web services. The modular server architecture is also extensible in that it provides set of server APIs for processing requests for supporting built-in server functionality as well as functionality provided by third party modular components. The modular server architecture also supports the integration of request processing tasks for both native and managed modular components, such as ASP.NET modules, by virtue of a managed module host component. The modular server architecture also optimizes server performance by only providing modular component functionality when needed.

Abstract: A way of reducing the impact of denial of service attacks is presented. For each connection request received by a server, the server attempts to establish a connection to accommodate the corresponding request. For each connection request that the server cannot currently handle, the connection request is placed in a backlog queue for future handling. If one or more of the backlog queues have entries, connection sockets that have connections but no received request data are identified and disconnected. Such connection sockets would be highly suspect of being generated as a result of denial of service attacks. Upon disconnection, resources are freed for legitimate requests thereby improving server performance even during denial of service attacks.

Abstract: A method, system, and article of manufacture for providing an authentication and authorization pipeline for use in a web server to grant access to web resources to users. The server creates an entry within an userID to roles database for each user who may access resources present on the web server and creates an entry within the roles to resource database for each resource that may be accessed on the web server. The server then authenticates the identify of each user accessing a resource on the web server using a userID, one or more authentication parameters, and a resource access request, creates a data object having an authenticated userID and one or more roles corresponding to the authenticated userID obtained from the userID to roles database, and authorizes access to a resource identified within the resource access request if one or more roles within the data object correspond to an access role corresponding to the roles listed within the roles to resource database for the identified resource.

Abstract: A method, system, and article of manufacture for providing an authentication and authorization pipeline for use in a web server to grant access to web resources to users. The server creates an entry within an userID to roles database for each user who may access resources present on the web server and creates an entry within the roles to resource database for each resource that may be accessed on the web server. The server then authenticates the identify of each user accessing a resource on the web server using a userID, one or more authentication parameters, and a resource access request, creates a data object having an authenticated userID and one or more roles corresponding to the authenticated userID obtained from the userID to roles database, and authorizes access to a resource identified within the resource access request if one or more roles within the data object correspond to an access role corresponding to the roles listed within the roles to resource database for the identified resource.

Abstract: A way of reducing the impact of denial of service attacks is presented. For each connection request received by a server, the server attempts to establish a connection to accommodate the corresponding request. For each connection request that the server cannot currently handle, the connection request is placed in a backlog queue for future handling. If one or more of the backlog queues have entries, connection sockets that have connections but no received request data are identified and disconnected. Such connection sockets would be highly suspect of being generated as a result of denial of service attacks. Upon disconnection, resources are freed for legitimate requests thereby improving server performance even during denial of service attacks.

Abstract: A way of reducing the impact of denial of service attacks is presented. For each connection request received by a server, the server attempts to establish a connection to accommodate the corresponding request. For each connection request that the server cannot currently handle, the connection request is placed in a backlog queue for future handling. If one or more of the backlog queues have entries, connection sockets that have connections but no received request data are identified and disconnected. Such connection sockets would be highly suspect of being generated as a result of denial of service attacks. Upon disconnection, resources are freed for legitimate requests thereby improving server performance even during denial of service attacks.

Abstract: Methods and apparatuses are provided for use in servers or other like devices that output content data based on requests. Activity and/or other like information, e.g., in the form of Metadata, is gathered/maintained for each handled request and used to determine if the corresponding content data should be cached in memory to speed up subsequent similar requests for the content data, or conversely removed from the memory cache. The activity and/or other like information can be considered in light of one or more activity or other useful parameters that define the operation of the resulting content data cache(s).

Abstract: A web server arrangement includes user-mode web application logic that is configured to receive a web request and process the web request and generate a web request response. Vector send logic is then employed to identify a location of content of the web request response using a vector array. Kernel-mode vector receive logic then assembles the web request response in a contiguous section of kernel-mode or other like memory based on the vector array. Kernel mode universal listener logic then sends the assembled web request response to the requesting client application logic.

Abstract: A bandwidth throttling system is implemented on a server network connected to a computer network system to serve one or more clients over a network. The network server supports a service that presents multiple virtual services that can be individually requested by the clients. The bandwidth throttling system controls bandwidth on a per virtual service basis. The bandwidth throttling system has a measuring subsystem to measure the amount of bandwidth being used by each virtual service supported by the network server. The bandwidth throttling system also has a control subsystem to selectively throttle requests for a particular virtual service independently of others based upon the bandwidth used by the particular virtual service. The bandwidth throttling system utilizes an adaptive, hierarchical throttling strategy that is applied to each virtual service independently.

Abstract: A bandwidth throttling system is implemented on a server network connected to a computer network system to serve one or more clients over a network. The network server supports a service that presents multiple virtual services that can be individually requested by the clients. The bandwidth throttling system controls bandwidth on a per virtual service basis. The bandwidth throttling system has a measuring subsystem to measure the amount of bandwidth being used by each virtual service supported by the network server. The bandwidth throttling system also has a control subsystem to selectively throttle requests for a particular virtual service independently of others based upon the bandwidth used by the particular virtual service. The bandwidth throttling system utilizes an adaptive, hierarchical throttling strategy that is applied to each virtual service independently.