Since SharePoint web application is a .NET web application, the fundamentals remains same. Though there are some differences.
When SharePoint is installed on a web server, the installation process updates the IIS metabase to introduce it to the new mechanism for getting pages from content database rather then getting it from file system as it does naively.
So after SharePoint installation, IIS is armed to understand the SharePoint requests. We all know that SharePoint stores everything in database. However IIS still needs to be told whether the request that it has received it for SharePoint site or classic ASP.NET web site. Therefore a basic web application existence is required on each web server for each web application. And that web application has the web.config file that has the mapping of HTTP handler and SPRequest (HTTPModule) that worker process needs to use to get pages out of content database.
So when any browser sends the request for a SharePoint site, IIS either has the application instance in application domain (memory assigned for .NET application and owned by .NET framework) or it creates a new instance and loads the web.config settings. And if it is a SharePoint web app, the conifig settings would instruct worker process to get data from content database using SharePoint HTTP Handler.
Now since the SharePoint pages are stored in database, SharePoint provides safety mechanism as what would come from where and it will also enforce the safety rules.
The SPModule is a special HTTPModule that filters through the requests that comes to it. It also registers the SPVirtualPathProvider on Init method. SPVirtualPathProvider helps identify if the page should come from content database or SharePoint root as there are application pages, core list definition and other things that would come from SharePoint root folder.
SPPageParserFilter would help handler decide on the basis of the Web.Config settings if the code blocks are allowed from the location that request is trying to get page from.This is when the page contains server side code.The Safe Mode Processing allows various rules to enforce what would come and what not.
Finally when the request has been filtered through SPModule, it reaches to SPHTTPHandler and it gets page from content database, processes it and send the processed HTML back to the requester.
