Web Application Development for the DICE
Currently the DICE web server supports 2 kinds of web applications; .NET web applications and Perl CGI. In this section, how to write and deploy them is explained.
.NET Web Application
1. .NET Application Container
A .NET web application for the DICE is a source code written in C#/VisualBasic.NET/JScript or a compiled .NET assembly. A source code is compiled into a .NET assembly at its first invocation and cached by the DICE.
Unlike traditional web applications such as CGI, a deployed .NET application in the .NET container of the DICE is persistently on-memory in a server-side virtual machine and outputs results of cumulative executions as a web page just like Java Servlet.
"test.cs" in the web folder of the DICE is a sample script in C# to illustrate how to write such an application.
2. Requirements for .NET Web Applications
1) A .NET application for the DICE must refer to the .NET assembly called "ManagedAppContainer.dll" in the folder where the DICE executable file is located.
2) The entry point to a .NET application for the DICE is a class with the same name as the assembly name without an extension under the namespace of the same name. If your application is a source code "Foo.cs", you must provide a class "Foo" in the namespace "Foo".
3) The entry point class must implement the abstract class "ManagedAppContainer.Proxy". This abstract class is defined in "ManagedAppContainer.dll" as
Your entry point class must inherit from this class and override the method "Execute". The DICE invokes this method when a .NET application is invoked from a web browser, and an invoked .NET application returns its result to the DICE via the third parameter of this method, a byte array "strRequestParameterAndOutput", then the DICE returns this data to a web browser.
4) The on-demand compilation system can refer to all managed Microsoft assemblies (except for Managed DirectX ones) in Global Assembly Cache (GAC) at the startup of the DICE server.
5) A .NET application for the DICE must output all HTTP headers including "HTTP/1.0 200" and "Content-Length".
3. Loading .NET Appilication
A C# source code in the web directory of the DICE is compiled at the first time it is requested from the web. It creates a .NET assembly file with the "hidden" file attribute and .dll extension in the same directory. Since the DICE ignores requests from the web to files with the "hidden" attribute, a compiled assembly is invisible to web users while the original URL is still accessible. The produced .NET assembly is then loaded and executed in a discrete AppDomain for each requested URL.
MIME bindings tell the DICE what kind of files are such executable scripts. In the default configuration, files with the extension ".cs" are associated with C#, ".vb" with VisualBasic.NET, and ".jsx" with JScript. Instead of letting the DICE compile a source code, a pre-compiled .NET assembly can be put too (".dll" files).
Once loaded, an instance of the entry point class that was discussed earlier is created and the overridden method "Execute" is called with parameters that are properties of an HTTP request. An execution error is shown as an error message to the web user who invoked it. Statefull objects such as session are easily implemented as a .NET web application stays in a DICE-hosted CLR unless explicitly unloaded.
4. Unloading .NET Application
To unload your .NET application compiled from a source code by the DICE, the source code of the application has to be removed in the file system from Explorer, then you have to access its URL from the web with a web browser. For a pre-compiled assembly, rename its file name from Explorer then access its URL from the web with a web browser, then delete it with Explorer.
5. Processing Input from Web
When a .NET application is invoked from the web, the "Execute" method is called.
The first parameter, "strEntityBody", is filled with entity body data when it's a POST request. If it's a GET request, its size is 0.
The second parameter, "mapEnvironment", passes environmental data. It currently contains only one value with the key "REMOTE_ADDR", which is the IP address of the user who invoked it.
The third parameter, "strRequestParameterAndOutput", is filled with the HTTP request header lines split with '\n'. You have to parse it by youself. Also, this parameter is used to return the generated page to the user who invoked it. You have to replace this ref parameter with the new byte array that represents the generated page with correct HTTP reply headers.
The sample code "test.cs" shows how to process GET and POST requests.
(Note: Since the current directory of your .NET application is where DICE.exe is located, you must provide an absolute path whenever you need to access the file system)
Currently a .NET application hosted by the DICE is executed with the same privilege as the DICE itself. This means there's no security barrier to protect your system from a malfunctioning .NET application except for your own skill of writing a secure code. Because of this looseness, you can run ANY kind of applications in the DICE .NET container (contrary to the very word container).
You have to sanitize web input to filter any dangerous things that may cause an arbitrary code to run. Also if your .NET application is statefull it has to be thread-safe. To prevent DoS (denial-of-service) attacks, let your application return a result to the DICE as fast as possible by using techniques such as asynchronus operation whenever possible.
Perl CGI Web Application
1. Perl CGI Execution in the DICE
The DICE web server can host a CGI web application written in Perl. As it is executed on-memory once it's loaded in the DICE, it is faster than usual CGI execution. In the default configuration, files with ".pl" and ".cgi" extensions are recognized as Perl CGI.
The Perl embedded in the DICE is the 5.10 development version of which source code is available at the official Perl repository. If you need standard Perl modules for your CGI, download the Perl standard modules pack for the DICE at the download page, then extract it into the "perl_lib" folder in the DICE application folder.
If you don't want the DICE to load a Perl interpreter, remove PerlShim.dll in the DICE application folder.
2. Requirements of Perl CGI for the DICE
The DICE can host a standard Perl CGI application unless they don't omit the STDIN handle name in the <> operator that reads lines one by one. Always use it explicitly like <STDIN>.
You have to make sure that your CGI application is secure enough to prevent security problems as CGI applications are executed in the same privilege as the DICE itself.