Home » Articles


Sponsored links

CodeDigest Navigation

Technology News
No News Feeds available at this time.

Community News
No News Feeds available at this time.
HttpHandler in ASP.Net - PART 1

By Satheesh Babu
Posted On Feb 24,2008
Article Rating:
Be first to rate
this article.
No of Comments: 5
Print this article.

HttpHandler in ASP.Net: PART 1




In this article, I will explain HttpHandler and its responsibility in request processing. I will also discuss how to write a custom HttpHandler and how to hook it into the request processing. HttpHandler is a program that is executed to complete the request processing when a client requests an ASP.Net resource like aspx page. At this point it will be relevant if we know something about HttpModules and Request processing. We will try to understand how the request is processed briefly (as our subject mater is HttpHandler).

For example, when a user or client request for an ASPX page say http://localhost/WebApp/Default.aspx. The request is first received by the IIS i.e., inetinfo.exe. IIS can resolve the page if it is a static file like HTML, since it is ASPX page it forwards the request to ISAPI filters which is aspnet_isapi.dll in our case. It is the isapi filter that is used in handling ASP.Net Request. The isapi filter forwards the request to the worker process which is aspnet_wp.exe in our case. The worker process is the one who execute the request and give back the HTML output back to the client.


HttpModules and HttpHandlers


The HttpModules and HttpHandler are the components in worker process that helps in completing the request. There is a mechanism called Http Pipeline inside the worker process to complete the request. Http pipeline is nothing but it is a mechanism that receives the request with relevant information’s (via HttpContext object) and passes the request to series of object. During this stage the involvement of HttpModules comes into the picture for servicing the request. There are a number of system-level( HTTP modules, providing services ranging from authentication to state management to output caching. We can always write our own httpmodules and configure it for our web application in web.config. So, where does the system-level HttpModules configuration resides? Yes, as you might have guessed it is in machine.config file. Open the Machine.config file from C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG and you can see the configuration of httpmodules that is involved by default in an request processing. I have installed framework in C:\ so look into the drive where you installed the framework for machine.config file.


                     <add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>

                     <add name="Session" type="System.Web.SessionState.SessionStateModule"/>

                     <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/>

                     <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>

                     <add name="PassportAuthentication" type="System.Web.Security.PassportAuthenticationModule"/>

                     <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"/>

                     <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule"/>

                     <add name="ErrorHandlerModule" type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile, Version=1.0.5000.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>



There may be more than one httpmodules involved in a request processing like authentication, caching, etc. After the request is processed by httpmodules it is given to the HttpHandler for further completion. Like HttpModules there cannot be more than one HttpHandler that is involved in a request processing. To add more value to the above point, in our example user requests an ASPX page so the HttpHandler which receives the request will be HttpPageHandlerFactory, it’s an factory implementation. Like HttpModules we can also write a custom HttpHanlder and configure it Web.Config of our application to use it during request processing. As HttpModules the default HttpHandler used for ASP.Net request processing is configured in Machine.Config file. Below you can find the information’s about HttpHandler in machine.config,


                     <add verb="*" path="*.vjsproj" type="System.Web.HttpForbiddenHandler"/><add verb="*" path="*.java" type="System.Web.HttpForbiddenHandler"/><add verb="*" path="*.jsl" type="System.Web.HttpForbiddenHandler"/><add verb="*" path="trace.axd" type="System.Web.Handlers.TraceHandler"/>

                     <add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory"/>

                     <add verb="*" path="*.ashx" type="System.Web.UI.SimpleHandlerFactory"/>

                     <add verb="*" path="*.asmx" type="System.Web.Services.Protocols.WebServiceHandlerFactory, System.Web.Services, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false"/>

                     <add verb="*" path="*.rem" type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory, System.Runtime.Remoting, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="false"/>

                     <add verb="*" path="*.soap" type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory, System.Runtime.Remoting, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="false"/>

                     <add verb="*" path="*.asax" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.ascx" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="GET,HEAD" path="*.dll.config" type="System.Web.StaticFileHandler"/>

                     <add verb="GET,HEAD" path="*.exe.config" type="System.Web.StaticFileHandler"/>

                     <add verb="*" path="*.config" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.cs" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.csproj" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.vb" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.vbproj" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.webinfo" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.asp" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.licx" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.resx" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="*" path="*.resources" type="System.Web.HttpForbiddenHandler"/>

                     <add verb="GET,HEAD" path="*" type="System.Web.StaticFileHandler"/>

                     <add verb="*" path="*" type="System.Web.HttpMethodNotAllowedHandler"/>


If you see above configuration settings you can understand why we can’t browse web.config, project file, .cs file as it is handled by System.Web.HttpForbiddenHandler handler which forbids the output from being viewed by the user. You can clearly understand when we start implementing our own HttpHandler.

I will discuss about implementing HttpHandlers in ASP.Net and scenarios where we can prefer HttpHandler in our application in the next article.


Similar Articles
You can contribute to CodeDiget.Com:
Donate to
Article Feedback
from this page i got a lot of solutions of my problem. i think this page is very use full for learning security concept in
Really helpful....
G8 job............ I really liked it.........
Excellent for beginners..... :)
Good Article
Please provide Sourc code also.
Good begner tutorial
Excellent for begners Please mention the lavel for the articals.