0

I implemented this HttpHandler using IIS 7 and .NET 2.0 to restrict access to certain requests to our server:

using System;
using System.Web;

public class HtmlHandler : IHttpHandler
{
    public bool IsReusable
    {
        get
        {
            return true;
        }
    }

    public void ProcessRequest (HttpContext context)
    {
        if(!context.Request.IsAuthenticated)
            context.Response.Redirect("/inc/logout.asp");
    }
}

I set it up in IIS like so:

enter image description here

At first, it seems to work. It redirects me to the login page if the request isn't authenticated when trying to access .html files.

The problem is, that when I do log in and try to access the page, it just returns a blank page. Nothing but html, head, and body tags.

What am I doing wrong?

keeehlan
  • 7,874
  • 16
  • 56
  • 104

2 Answers2

2

From what i remember, IHttpHandler is something you use as the end result.

If you're looking to filter/proxy, you should implement an IHttpModule.

Peep this -- IHttpHandler vs IHttpModule

Community
  • 1
  • 1
Micah
  • 10,295
  • 13
  • 66
  • 95
0

You're using the wrong approach. HttpHandlers are typically used as Ajax handlers to handle requests and return string or JSON data to a JavaScript client.

I think your problem would be better solved by defining your own 'BasePage' class that inherits from System.Web.UI.Page; you can put this..

if(!context.Request.IsAuthenticated)
            context.Response.Redirect("/inc/logout.asp");

..in PageLoad, and then change your secure pages so that they inherit from your new BasePage class instead of System.Web.UI.Page

This way the check is run for every page that derives from BasePage, and will actually perform a redirect; the user will be redirected. Performing a redirect in an HttpHandler will appear to do nothing as far as the user is concerned.

sh1rts
  • 1,874
  • 1
  • 13
  • 14