Figure 2 Custom HttpModule
// This module, named HttpModules.CS will be compiled
// into an assembly named HttpModules.dll
using System;
using System.Web;
namespace HttpModuleExamples {
public class CustomHttpModule : IHttpModule {
// IHttpModule members
public void Init(HttpApplication httpApp) {
httpApp.BeginRequest +=
new EventHandler(this.OnBeginRequest);
httpApp.EndRequest +=
new EventHandler(this.OnEndRequest);
}
public void Dispose() {
// Usually, nothing has to happen here...
}
// event handlers
public void OnBeginRequest(object o, EventArgs ea) {
HttpApplication httpApp = (HttpApplication) o;
HttpContext ctx = HttpContext.Current;
ctx.Response.Write("Beginning Request <br>");
}
public void OnEndRequest(object o, EventArgs ea) {
HttpApplication httpApp = (HttpApplication) o;
HttpContext ctx = HttpContext.Current;
ctx.Response.Write("Ending Request <br>");
}
}
}
Figure 4 Events Available on an HttpApplication
Event
|
Occurs
|
AcquireRequestState
|
When ASP.NET acquires the current state (for example, session state) associated with the current request
|
AuthenticateRequest
|
When a security module has established the identity of the user
|
AuthorizeRequest
|
When a security module has verified user authorization
|
BeginRequest
|
When the first event in the HTTP pipeline chain of execution responds to a request
|
Disposed
|
When ASP.NET completes the chain of execution when responding to a request
|
EndRequest
|
When the last event in the HTTP pipeline chain of execution responds to a request
|
Error
|
When an unhandled exception is thrown
|
PostRequestHandlerExecute
|
When the ASP.NET handler (page, XML Web Service) finishes execution
|
PreRequestHandlerExecute
|
Just before ASP.NET begins executing a handler such as a page or XML Web Service
|
PreSendRequestContent
|
Just before ASP.NET sends content to the client
|
PreSendRequestHeaders
|
Just before ASP.NET sends HTTP headers to the client
|
ReleaseRequestState
|
After ASP.NET finishes executing all request handlers; also causes state modules to save the current state data
|
ResolveRequestCache
|
When ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the handler (the page or XML Web Service, for example)
|
UpdateRequestCache
|
When ASP.NET finishes executing a handler in order to let caching modules store responses that will be used to serve subsequent requests from the cache
|
Figure 5 Intercepting the AuthenticateRequest Event
using System;
using System.Web;
namespace HttpModuleExamples {
public class CustomAuthentication : IHttpModule {
// IHttpModule members
public void Init(HttpApplication httpApp) {
httpApp.BeginRequest +=
new EventHandler(this.OnAuthenticateRequest);
}
public void Dispose() {
// Usually, nothing has to happen here...
}
// event handlers
public void OnAuthenticateRequest(object o, EventArgs ea) {
// Do any custom authentication hereĀperhaps manage
// custom credentials.
}
}
}
Figure 6 Terminating an HttpRequest Early
public class TestSecureConnection : IHttpModule
{
// IHttpMoule members
public string ModuleName { ... }
public void Init(HttpApplication httpApp)
{
httpApp.BeginRequest +=
new EventHandler(this.OnBeginRequest);
}
public void Dispose() { ... }
public void OnBeginRequest(object o, EventArgs ea)
{
HttpApplication httpApp = (HttpApplication) o;
HttpContext ctx = (HttpContext) ea.ExtendedInfo;
if(!ctx.Request.IsSecureConnection)
{
httpApp.CompleteRequest();
ctx.Response.StatusCode = 403;
ctx.Response.StatusDescription =
"Use SSL, please.";
}
}
}
Figure 7 System-provided HttpModules
Class
|
Description
|
DefaultAuthenticationModule
|
Insures the presence of an Authentication object in the context
|
FileAuthorizationModule
|
Verifies that the remote user has permissions in Windows NT to access the file requested
|
FormsAuthenticationModule
|
Turns on ASP.NET forms authentication
|
PassportAuthenticationModule
|
Provides a wrapper around Passport authentication services
|
SessionStateModule
|
Provides session state services for an application
|
UrlAuthorizationModule
|
Provides URL-based authorization services for allowing or denying access to specified resources
|
WindowsAuthenticationModule
|
Turns on Windows/IIS authentication for the application
|
Figure 8 Predefined HttpModules Registered
<httpModules>
<add name="OutputCache"
type="System.Web.Caching.OutputCacheModule"/>
<add name="Session"
type="System.Web.SessionState.SessionStateModule"/>
<add name="WindowsAuthentication"
type="System.Web.Security.WindowsAuthenticationModule"/>
<add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModule"/>
<add name="PassportAuthentication"
type="System.Web.Security.PassportAuthenticationModule"/>
<add name="UrlAuthorization"
type="System.Web.Security.UrlAuthorizationModule"/>
<add name="FileAuthorization"
type="System.Web.Security.FileAuthorizationModule"/>
</httpModules>
Figure 9 Determining Which Modules Are Attached
public void ShowModules(Object o, EventArgs E) {
HttpApplication httpApp =
HttpContext.Current.ApplicationInstance;
HttpModuleCollection httpModuleColl =
httpApp.Modules;
Response.Write("<br>");
String[] rgstrModuleNames;
rgstrModuleNames = httpModuleColl.AllKeys;
foreach(String strModuleName in rgstrModuleNames) {
Response.Write(strModuleName);
Response.Write("<br>");
}
Response.Write("<br>");
}
<%@ Page Language="C#"
src="UseHttpModules.cs"
Inherits="UseHttpModulesPage"
trace='true'%>
<html><body><head><form runat=server>
<br>
<asp:Button Text="Show Modules"
OnClick=ShowModules runat=server />
<br>
</form></head></body> </html>
|