Figures
Figure 2 Custom HttpModule
// This module, named HttpModules.CS will be compiled
//  into an assembly named HttpModules.dll
using System;
using System.Web;

namespace HttpModuleExamples { 
   public class CustomHttpModule : IHttpModule { 
      // IHttpModule members
      public void Init(HttpApplication httpApp) {
         httpApp.BeginRequest +=    
           new EventHandler(this.OnBeginRequest);   

         httpApp.EndRequest +=
           new EventHandler(this.OnEndRequest);
      }

      public void Dispose() {
         // Usually, nothing has to happen here...
      }

      // event handlers   
      public void OnBeginRequest(object o, EventArgs ea) {
         HttpApplication httpApp = (HttpApplication) o;   
         HttpContext ctx = HttpContext.Current;
         ctx.Response.Write("Beginning Request <br>");
      }

      public void OnEndRequest(object o, EventArgs ea) {
         HttpApplication httpApp = (HttpApplication) o;   
         HttpContext ctx = HttpContext.Current;

         ctx.Response.Write("Ending Request <br>");
      }
   }
}
Figure 4 Events Available on an HttpApplication

Event
Occurs
AcquireRequestState
When ASP.NET acquires the current state (for example, session state) associated with the current request
AuthenticateRequest
When a security module has established the identity of the user
AuthorizeRequest
When a security module has verified user authorization
BeginRequest
When the first event in the HTTP pipeline chain of execution responds to a request
Disposed
When ASP.NET completes the chain of execution when responding to a request
EndRequest
When the last event in the HTTP pipeline chain of execution responds to a request
Error
When an unhandled exception is thrown
PostRequestHandlerExecute
When the ASP.NET handler (page, XML Web Service) finishes execution
PreRequestHandlerExecute
Just before ASP.NET begins executing a handler such as a page or XML Web Service
PreSendRequestContent
Just before ASP.NET sends content to the client
PreSendRequestHeaders
Just before ASP.NET sends HTTP headers to the client
ReleaseRequestState
After ASP.NET finishes executing all request handlers; also causes state modules to save the current state data
ResolveRequestCache
When ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the handler (the page or XML Web Service, for example)
UpdateRequestCache
When ASP.NET finishes executing a handler in order to let caching modules store responses that will be used to serve subsequent requests from the cache
Figure 5 Intercepting the AuthenticateRequest Event
using System;
using System.Web;

namespace HttpModuleExamples { 
   public class CustomAuthentication : IHttpModule { 
      // IHttpModule members
      public void Init(HttpApplication httpApp) {
         httpApp.BeginRequest +=    
           new EventHandler(this.OnAuthenticateRequest);   
      }

      public void Dispose() {
         // Usually, nothing has to happen here...
      }

      // event handlers   
      public void OnAuthenticateRequest(object o, EventArgs ea) {
         // Do any custom authentication here—perhaps manage 
         //  custom credentials. 
      }
   }
}
Figure 6 Terminating an HttpRequest Early
public class TestSecureConnection : IHttpModule
{
  // IHttpMoule members
  public string ModuleName { ... }
  public void Init(HttpApplication httpApp)
  {
    httpApp.BeginRequest +=
        new EventHandler(this.OnBeginRequest);
  }
  public void Dispose() { ... }

  public void OnBeginRequest(object o, EventArgs ea)
  {
    HttpApplication httpApp = (HttpApplication) o;
    HttpContext ctx = (HttpContext) ea.ExtendedInfo;
    if(!ctx.Request.IsSecureConnection) 
    {
      httpApp.CompleteRequest();
      ctx.Response.StatusCode = 403;
      ctx.Response.StatusDescription =
                   "Use SSL, please.";
    }
  }
}
Figure 7 System-provided HttpModules

Class
Description
DefaultAuthenticationModule
Insures the presence of an Authentication object in the context
FileAuthorizationModule
Verifies that the remote user has permissions in Windows NT to access the file requested
FormsAuthenticationModule
Turns on ASP.NET forms authentication
PassportAuthenticationModule
Provides a wrapper around Passport authentication services
SessionStateModule
Provides session state services for an application
UrlAuthorizationModule
Provides URL-based authorization services for allowing or denying access to specified resources
WindowsAuthenticationModule
Turns on Windows/IIS authentication for the application
Figure 8 Predefined HttpModules Registered
<httpModules>
 <add name="OutputCache" 
  type="System.Web.Caching.OutputCacheModule"/>
 <add name="Session"
  type="System.Web.SessionState.SessionStateModule"/>
 <add name="WindowsAuthentication"
  type="System.Web.Security.WindowsAuthenticationModule"/>
 <add name="FormsAuthentication" 
  type="System.Web.Security.FormsAuthenticationModule"/>
 <add name="PassportAuthentication"
  type="System.Web.Security.PassportAuthenticationModule"/>
 <add name="UrlAuthorization"
  type="System.Web.Security.UrlAuthorizationModule"/>
 <add name="FileAuthorization"
  type="System.Web.Security.FileAuthorizationModule"/>
</httpModules>
Figure 9 Determining Which Modules Are Attached
public void ShowModules(Object o, EventArgs E) {
  HttpApplication httpApp = 
   HttpContext.Current.ApplicationInstance;
  HttpModuleCollection httpModuleColl = 
   httpApp.Modules;

  Response.Write("<br>");
  String[] rgstrModuleNames;
  rgstrModuleNames = httpModuleColl.AllKeys;

  foreach(String strModuleName in rgstrModuleNames) {
    Response.Write(strModuleName);
    Response.Write("<br>");
  }
  Response.Write("<br>");
}

<%@ Page Language="C#" 
    src="UseHttpModules.cs"
    Inherits="UseHttpModulesPage" 
    trace='true'%>

<html><body><head><form runat=server>
   <br>
   <asp:Button Text="Show Modules" 
    OnClick=ShowModules runat=server />
   <br>

</form></head></body> </html>

MSDN Magazine Blog

MSDN Magazine Right Rail

14 Top Features of Visual Basic 14: The Q&A
Leading off the feature in the January issue of MSDN Magazine is Lucian Wischik’s fantastic look at Visual Basic .NET 14. As Wischik writes, the newes... More...
Wednesday, Jan 7
Big Start to the New Year at MSDN Magazine
Folks, things are hopping over here at MSDN Magazine. We are kicking off the new year with a pair of issues: Our regularly scheduled January issue and... More...
Friday, Jan 2

More MSDN Magazine Blog entries >


Receive the MSDN Flash e-mail newsletter every other week, with news and information personalized to your interests and areas of focus.