HTTP Handlers and HTTP Modules in ASP.NET<%@ Page language="c#" Codebehind="Index.aspx.cs" AutoEventWireup="True" Inherits="AspnetHttp.ModuleExample.Index" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>Index</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
<form id="Index" method="post" runat="server">
<asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 178px; POSITION: absolute; TOP: 236px" runat="server" Width="329px" Height="132px" Font-Size="XX-Large">Test Page!</asp:Label>
</form>
</body>
</HTML>
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace AspnetHttp.ModuleExample
{
public partial class Index : System.Web.UI.Page
{
protected void Page_Load(object sender, System.EventArgs e)
{
//Response.Write(Application["Timer"].ToString());
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
InitializeComponent();
base.OnInit(e);
}
private void InitializeComponent()
{
}
#endregion
}
}
using System;
using System.Web;
using System.Security.Principal;
namespace ModuleExample
{
public class CustomAuthenticationModule : IHttpModule
{
public CustomAuthenticationModule()
{
}
public void Init(HttpApplication r_objApplication)
{
// Register our event handler with Application object.
r_objApplication.AuthenticateRequest += new EventHandler(this.AuthenticateRequest);
}
public void Dispose()
{
}
private void AuthenticateRequest(object r_objSender, EventArgs r_objEventArgs)
{
// Authenticate user credentials, and find out user roles.
HttpApplication objApp = (HttpApplication)r_objSender;
HttpContext objContext = (HttpContext)objApp.Context;
if ((objApp.Request["userid"] == null) (objApp.Request["password"] == null))
{
objContext.Response.Write("Credentials not provided");
objContext.Response.End();
}
string userid = "";
userid = objApp.Request["userid"].ToString();
string password = "";
password = objApp.Request["password"].ToString();
string[] strRoles;
strRoles = AuthenticateAndGetRoles(userid, password);
if ((strRoles == null) (strRoles.GetLength(0) == 0))
{
objContext.Response.Write("We are sorry but we could not find this user id and password in our database");
objApp.CompleteRequest();//end a http request
}
GenericIdentity objIdentity = new GenericIdentity(userid, "CustomAuthentication");
objContext.User = new GenericPrincipal(objIdentity, strRoles);
}
private string[] AuthenticateAndGetRoles(string r_strUserID, string r_strPassword)
{
string[] strRoles = null;
if ((r_strUserID.Equals("aaa")) && (r_strPassword.Equals("111")))
{
strRoles = new String[1];
strRoles[0] = "Administrator";
}
else if ((r_strUserID.Equals("bbb")) && (r_strPassword.Equals("222")))
{
strRoles = new string[1];
strRoles[0] = "User";
}
return strRoles;
}
}
}
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation defaultLanguage="c#" debug="true"/>
<!-- <httpHandlers>
<add verb="*" path="*.apx"
type="MyHandler.NewHandler,MyHandler" />
<add verb="*" path="*"
type="MyHandler.NewHandlerSession,MyHandlerSession" />
</httpHandlers> -->
<httpModules>
<add name=" Test1 " type="ModuleExample.CustomAuthenticationModule, CustomAuthenticationModule"/>
<!-- <add name=" Test " type="TimerModule.TimerModule, TimerModule" />
<add name=" MultiTest1 " type="MultiModuleTest1.Test1Module, MultiModuleTest1" />
<add name=" MultiTest2" type="MultiModuleTest2.Test2Module, MultiModuleTest2" />-->
</httpModules>
<customErrors mode="RemoteOnly"/>
<authentication mode="None"/>
<authorization>
<deny users="?"/>
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20"/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
<xhtmlConformance mode="Legacy"/></system.web>
</configuration>
In this code, we create a http handler to validate user credentials.