Tuesday, November 20, 2007

HTTP Handlers and HTTP Modules (1)

HTTP Handlers and HTTP Modules in ASP.NET

<%@ Page language="c#" Codebehind="Index.aspx.cs" AutoEventWireup="True" Inherits="AspnetHttp.ModuleExample.Index" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >




<meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">

<meta name="CODE_LANGUAGE" Content="C#">

<meta name="vs_defaultClientScript" content="JavaScript">

<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">



<form id="Index" method="post" runat="server">

<asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 178px; POSITION: absolute; TOP: 236px" runat="server" Width="329px" Height="132px" Font-Size="XX-Large">Test Page!</asp:Label>




using System;

using System.Collections;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Web;

using System.Web.SessionState;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.HtmlControls;

namespace AspnetHttp.ModuleExample


public partial class Index : System.Web.UI.Page


protected void Page_Load(object sender, System.EventArgs e)




#region Web Form Designer generated code

override protected void OnInit(EventArgs e)





private void InitializeComponent()






using System;

using System.Web;

using System.Security.Principal;

namespace ModuleExample


public class CustomAuthenticationModule : IHttpModule


public CustomAuthenticationModule()



public void Init(HttpApplication r_objApplication)


// Register our event handler with Application object.

r_objApplication.AuthenticateRequest += new EventHandler(this.AuthenticateRequest);


public void Dispose()



private void AuthenticateRequest(object r_objSender, EventArgs r_objEventArgs)


// Authenticate user credentials, and find out user roles.

HttpApplication objApp = (HttpApplication)r_objSender;

HttpContext objContext = (HttpContext)objApp.Context;

if ((objApp.Request["userid"] == null) (objApp.Request["password"] == null))


objContext.Response.Write("Credentials not provided");



string userid = "";

userid = objApp.Request["userid"].ToString();

string password = "";

password = objApp.Request["password"].ToString();

string[] strRoles;

strRoles = AuthenticateAndGetRoles(userid, password);

if ((strRoles == null) (strRoles.GetLength(0) == 0))


objContext.Response.Write("We are sorry but we could not find this user id and password in our database");

objApp.CompleteRequest();//end a http request


GenericIdentity objIdentity = new GenericIdentity(userid, "CustomAuthentication");

objContext.User = new GenericPrincipal(objIdentity, strRoles);


private string[] AuthenticateAndGetRoles(string r_strUserID, string r_strPassword)


string[] strRoles = null;

if ((r_strUserID.Equals("aaa")) && (r_strPassword.Equals("111")))


strRoles = new String[1];

strRoles[0] = "Administrator";


else if ((r_strUserID.Equals("bbb")) && (r_strPassword.Equals("222")))


strRoles = new string[1];

strRoles[0] = "User";


return strRoles;




<?xml version="1.0"?>



<compilation defaultLanguage="c#" debug="true"/>

<!-- <httpHandlers>

<add verb="*" path="*.apx"

type="MyHandler.NewHandler,MyHandler" />

<add verb="*" path="*"

type="MyHandler.NewHandlerSession,MyHandlerSession" />

</httpHandlers> -->


<add name=" Test1 " type="ModuleExample.CustomAuthenticationModule, CustomAuthenticationModule"/>

<!-- <add name=" Test " type="TimerModule.TimerModule, TimerModule" />

<add name=" MultiTest1 " type="MultiModuleTest1.Test1Module, MultiModuleTest1" />

<add name=" MultiTest2" type="MultiModuleTest2.Test2Module, MultiModuleTest2" />-->


<customErrors mode="RemoteOnly"/>

<authentication mode="None"/>


<deny users="?"/>


<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>

<sessionState mode="InProc" stateConnectionString="tcpip=" sqlConnectionString="data source=;user id=sa;password=" cookieless="false" timeout="20"/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>

<xhtmlConformance mode="Legacy"/></system.web>


In this code, we create a http handler to validate user credentials.

blog comments powered by Disqus