Make your own free website on Tripod.com

Introduction to HTTP Modules

Silan Liu, 2/18/2004

 

HttpModule

ASP.NET provides a series of events such as BeginRequest, AuthenticateRequest, AuthorizeRequest, etc. during request processing that your application can hook into with your own event handlers, in which you can extract information from the request for all sorts of purposes such as authentication, or change the content of the request. The event handler class must be defined in the same namespace of the web service and implement IhttpModule interface, and must have an entry in the web.config file so that ASP.NET knows to load it up at the correct event.

The entry in the web.config file has the following format:

<add name="HttpModuleClassName" type="NameSpacedHttpModuleType, AssemblyName" />

Neither the client nor the web service asmx file need any modification.

For more details about using HTTP modules, see MSDN article Implementing Intercepting Filter in ASP.NET Using HTTP Module.

The HTTP module in following example consumes the AuthenticateRequest event:

The HTTP module:

using System;

using System.Web;

using System.Security.Principal;

using System.Diagnostics;

using System.IO;

 

namespace NsWSHttpModuleTest

{

   public class AuthenticateRequestHttpModule : IHttpModule

   {

       private HttpApplication mHttpApp;

 

       public void Init(HttpApplication httpApp)

       {

          this.mHttpApp = httpApp;

          mHttpApp.AuthenticateRequest += new EventHandler(OnAuthentication);

       }

 

       void OnAuthentication(object sender, EventArgs a)

       {

          HttpApplication application = (HttpApplication)sender;

          HttpRequest request = application.Context.Request;

          WindowsIdentity identity = (WindowsIdentity)application.Context.User.Identity;

 

          StreamWriter sw = new StreamWriter(request.MapPath("Test.txt"), true);

          sw.WriteLine("User=" + identity.Name);

          sw.Flush();

          sw.Close();

       }

 

       public void Dispose()

       {}

   }

}

The web.config file:

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<system.web>

 

<httpModules>

<add name="AuthenticateRequestHttpModule" type="NsWSHttpModuleTest.AuthenticateRequestHttpModule, WSHttpModuleTest" />

   </httpModules>

 

</system.web>

</configuration>

Client:

[STAThread]

static void Main(string[] args)

{

   Client.WSHttpModuleTest.Service1 s = new Client.WSHttpModuleTest.Service1();

   s.Credentials = new System.Net.NetworkCredential("osi_de/fliu", "keepaway", "");

   Console.WriteLine(s.HelloWorld());

   Console.ReadLine();

}

After you have configured the IIS not to use anonymous access, the “test.txt” file will have the following line:

User=OSI_DE\fliu

Handling HttpModule Events

Because HTTP modules are not loaded by your code, if they expose any event, you can not connect them to the event consumers. They have to be connected by the framework. File global.asax is used for this purpose. In this file there are already some standard handler methods which responses to standard ASP.NET events. You can add your own handler methods. The way to connect the event exposed by the HTTP modules and the handler methods in global.asax is by the naming convention: for example, suppose the HTTP module’s class name is MyHttpModule and the event exposed is MyEventExposed, the handler method should be named MyHttpModule_OnMyEventExposed. Of course the method should conform to the event signature.

Again, the client and the web service do not need any modification.

Now let’s modify the sample code in last section:

using System;

using System.Web;

using System.Security.Principal;

using System.Diagnostics;

using System.IO;

 

namespace NsWSHttpModuleTest

{

   public class MyEventArgs : EventArgs

   {

       private string mstrName;

 

       public MyEventArgs(string strName)

       {

          mstrName = strName;

       }

 

       public string Name

       {

          get { return mstrName; }

          set { mstrName = value; }

       }

   }

 

   public delegate void MyEvent(object sender, MyEventArgs e);

 

   /// <summary>

   /// Summary description for AuthenticateRequestHttpModule.

   /// </summary>

   public class AuthenticateRequestHttpModule : IHttpModule

   {

       private HttpApplication mHttpApp;

 

       public event MyEvent MyEventExposed;

 

       public void Init(HttpApplication httpApp)

       {

          this.mHttpApp = httpApp;

          mHttpApp.AuthenticateRequest += new EventHandler(OnAuthentication);

       }

 

       void OnAuthentication(object sender, EventArgs a)

       {

          HttpRequest request = ((HttpApplication)sender).Context.Request;

          MyEventArgs args = new MyEventArgs("Orginal Event");

          MyEventExposed(this, args);

 

          StreamWriter sw = new StreamWriter(request.MapPath("Test.txt"), true);

          sw.WriteLine("EventName = \"" + args.Name + "\"");

          sw.Flush();

          sw.Close();

       }

 

       public void Dispose()

       {}

   }

}

The corresponding handler method in global.asax:

public void AuthenticateRequestHttpModule_OnMyEventExposed(object source, MyEventArgs e)

{

   e.Name = "Event handled";

}