18

Is there a good way to exclude certain pages from using a HTTP module?

I have an application that uses a custom HTTP module to validate a session. The HTTPModule is set up like this in web config:

<system.web>
  <!-- ... -->
  <httpModules>
    <add name="SessionValidationModule"
       type="SessionValidationModule, SomeNamespace" />
  </httpModules>
</system.web>

To exclude the module from the page, I tried doing this (without success):

<location path="ToBeExcluded">
  <system.web>
    <!-- ... -->
    <httpModules>
      <remove name="SessionValidationModule" />
    </httpModules>
  </system.web>
</location>

Any thoughts?

LittleBoyLost
  • 518
  • 2
  • 4
  • 11

3 Answers3

14

HttpModules attach to the ASP.NET request processing pipeline itself. The httpModule itself must take care of figuring out which requests it wants to act on and which requests it wants to ignore.

This can, for example, be achieved by looking at the context.Request.Path property.

Brian Mains
  • 50,520
  • 35
  • 148
  • 257
11

You could use an HTTPHandler instead of an HTTPModule. Handlers let you specify a path when you declare them in Web.Config. 

<add verb="*" path="/validate/*.aspx" type="Handler,Assembly"/>

If you must use an HTTPModule, you could just check the path of the request and if it's one to be excluded, bypass the validation.

Crob
  • 14,807
  • 3
  • 31
  • 28
  • I'm using this same method and it's just not working. Not sure how this is the accepted answer. – keeehlan May 29 '14 at 20:38
  • I tried using a handler instead but it doesn't seem to be applicable as a handler reroutes the http context. I asked about it here: http://stackoverflow.com/questions/27124737/asp-net-httphandler-prevents-page-from-loading?noredirect=1#comment42750773_27124737 – user1531921 Nov 25 '14 at 12:12
7

Here is some simple example how to filter requests by extension... the example below exclude from the processing files with the specific extensions. Filtering by file name will look almost the same with some small changes...

public class AuthenticationModule : IHttpModule
{
    private static readonly List<string> extensionsToSkip = AuthenticationConfig.ExtensionsToSkip.Split('|').ToList();

    // In the Init function, register for HttpApplication 
    // events by adding your handlers.
    public void Init(HttpApplication application)
    {
        application.BeginRequest += new EventHandler(this.Application_BeginRequest);
        application.EndRequest += new EventHandler(this.Application_EndRequest);
    }

    private void Application_BeginRequest(Object source, EventArgs e)
    {
        //  we don't have to process all requests...
        if (extensionsToSkip.Contains(Path.GetExtension(HttpContext.Current.Request.Url.LocalPath)))
            return;

        Trace.WriteLine("Application_BeginRequest: " + HttpContext.Current.Request.Url.AbsoluteUri);
    }

    private void Application_EndRequest(Object source, EventArgs e)
    {
        //  we don't have to process all requests...
        if (extensionsToSkip.Contains(Path.GetExtension(HttpContext.Current.Request.Url.LocalPath)))
            return;

        Trace.WriteLine("Application_BeginRequest: " + HttpContext.Current.Request.Url.AbsoluteUri);
    }
}

General idea is to specify in config file what exactly should be processed (or excluded from the processing) and use that config parameter in the module.

Mr. Pumpkin
  • 6,212
  • 6
  • 44
  • 60
  • Old question, but excellent answer and sample code! Only suggestion from me is to use `HastSet<>` instead of `List<>` for extensionsToSkip which should result in faster lookups and no duplicates. – BenSwayne Oct 10 '13 at 20:10