0

I am using windows authentication in my ASP.NET MVC 3 website. Apart from this, I am not using any authentication module or session or caching module, So I would like to disable these modules.

I have read several article on this:

https://serverfault.com/questions/72338/iis7-lock-violation-error-http-handlers-modules-and-the-clear-element

http://www.codeproject.com/Articles/23306/10-ASP-NET-Performance-and-Scalability-Secrets

Something faster than HttpHandlers?

Is this the right way to disable modules which I am not using:

<httpModules>
   <remove name="PassportAuthentication" />
   <remove name="Session" />
</httpModules>

What's the correct way to disable unused modules?

Community
  • 1
  • 1
SharpCoder
  • 18,279
  • 43
  • 153
  • 249

1 Answers1

3

Mads Kristensen (he of Web Essentials fame) covered this briefly a while ago. The recommendation (from ScottGu no less) is not to worry about it:

http://madskristensen.net/post/remove-default-http-modules-in-aspnet

You may be getting a small performance boost from removing default modules, but it's probably not worth the added risk of issues down the line.

If you still want to go ahead, the configuration snippet you provided is correct.

Dave R.
  • 7,206
  • 3
  • 30
  • 52
  • In my case, I needed to remove some modules because they were intercepting and altering (or handling) requests when they shouldn't - for example the `ServiceModel-4.0` `IHttpModule` was preventing requests for URLs containing the string `".svc"` from getting through to ASP.NET's routing. – Dai May 25 '20 at 02:57