HttpHandler and HttpModule

Mysterious HttpHandler and HttpModule

In college, I started learning asp.net from drag controls, and I didn't know much about many class library objects in. net. So when I saw some personal asp.net terms, I felt that asp.net had always had a mysterious veil, which made me unable to understand. I believe there were many similar experiences in the garden. net attacker. In the past, both HttpHandler and HttpModule were mysterious. Haha, today I will show you my understanding about him and his applications.

Maybe you do not understand HttpHandler and HttpModule (hero Return), maybe you do not know the purpose of HttpHandler and HttpModule, maybe you do not understand. Today, let me show you the elegance of HttpHandler and HttpModule. Today I want to make it So Easy !!

Understanding asp.net pipeline events

What is an asp.net pipeline? Simply put, it is the lifecycle of a page, that is, a series of events that asp.net has done during the page request from you to display in your browser. The following shows the events (see Fish Li ).

1. Verify the request, check the information sent by the browser, and determine whether it contains potentially malicious tags. For more information, see ValidateRequest and script intrusion overview.

2. If you have configured any URL in the UrlMappingsSection of the Web. config file, perform URL ing.

3. The BeginRequest event is triggered.

4. The AuthenticateRequest event is thrown.

5. Trigger the PostAuthenticateRequest event.

6. Cause the AuthorizeRequest event.

7. Trigger the PostAuthorizeRequest event.

8. Trigger the ResolveRequestCache event.

9. The PostResolveRequestCache event is triggered.

10. Based on the file extension of the requested resource (ing in the application configuration file), select the class that implements IHttpHandler to process the request. If the request is for an object derived from the Page class

(Page), and you need to compile the page, ASP. NET will compile the page before creating the instance.

11. Trigger the PostMapRequestHandler event.

12. The AcquireRequestState event is triggered.

13. Trigger the PostAcquireRequestState event.

14. Trigger the PreRequestHandlerExecute event.

15. Call the appropriate IHttpHandler class ProcessRequest method (or asynchronous version of IHttpAsyncHandler. BeginProcessRequest) for this request ). For example, if the request is for a page

The current page instance processes the request.

16. The PostRequestHandlerExecute event is thrown.

17. Trigger the ReleaseRequestState event.

18. The PostReleaseRequestState event is triggered.

19. If the Filter attribute is defined, the response is filtered.

20. The UpdateRequestCache event is triggered.

21. Trigger the PostUpdateRequestCache event.

22. An EndRequest event is triggered.

23. The PreSendRequestHeaders event is thrown.

24. The PreSendRequestContent event is triggered.
 

Note:

1. Remember that the above events are not written blindly, and their order is not written blindly. The page is triggered from the beginning of the request to the end of the page display, from one to twenty-four, from top to bottom.

2. not every event starting with BeginRequest is triggered, because Response can be called at any time during the entire process. end () or an unhandled exception occurs before the End of the entire process. Among all events, only the EndRequest event is certainly triggered, and (some Module) BeginRequest may not be triggered.

3. For IIS7, the first event is the MapRequestHandler event, and two additional events are added before the EndRequest event: LogRequest and PostLogRequest. MapRequestHandler, LogRequest, and PostLogRequest events are supported only when the application is running in IIS 7.0 integration mode and with. NET Framework 3.0 or later.

Summary: You can add methods, classes, attributes, and other columns to the events you need at will to perform your own request operations. That is to say, we used to program at the page level. Now, we can process projects and requests at the request level. How to do this depends on the magical functions of HttpMoudle and HttpHandler below.

Understand HttpHandler and HttpModule

HttpHandler first.

First, you should understand how asp.net processes our request files. Here we will not talk about asp.net's seemingly more underlying mystery. how does net process our request file? Show you something.

Open the web. CONFIG file under the C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ config \ directory on your computer. Find the httpHandlers node and check what is written under it. See me if you don't want to open it.
Copy codeThe Code is as follows:
View Code

<HttpHandlers>
<Add verb = "*" path = "*. rules" type = "System. Web. HttpForbiddenHandler" validate = "true"/>
<Add verb = "*" path = "*. xoml "type =" System. serviceModel. activation. httpHandler, System. serviceModel, Version = 3.0.0.0, Culture = neutral, PublicKeyToken = b77a5c561934e089 "validate =" false "/>
<Add path = "*. svc "verb =" * "type =" System. serviceModel. activation. httpHandler, System. serviceModel, Version = 3.0.0.0, Culture = neutral, PublicKeyToken = b77a5c561934e089 "validate =" false "/>
<Add path = "trace. axd" verb = "*" type = "System. Web. Handlers. TraceHandler" validate = "True"/>
<Add path = "WebResource. axd" verb = "GET" type = "System. Web. Handlers. AssemblyResourceLoader" validate = "True"/>
<Add path = "*. axd" verb = "*" type = "System. Web. HttpNotFoundHandler" validate = "True"/>
<Add path = "*. aspx" verb = "*" type = "System. Web. UI. PageHandlerFactory" validate = "True"/>
<Add path = "*. ashx" verb = "*" type = "System. Web. UI. SimpleHandlerFactory" validate = "True"/>
<Add path = "*. asmx "verb =" * "type =" System. web. services. protocols. webServiceHandlerFactory, System. web. services, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a "validate =" False "/>
<Add path = "*. rem "verb =" * "type =" System. runtime. remoting. channels. http. httpRemotingHandlerFactory, System. runtime. remoting, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b77a5c561934e089 "validate =" False "/>
<Add path = "*. soap "verb =" * "type =" System. runtime. remoting. channels. http. httpRemotingHandlerFactory, System. runtime. remoting, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b77a5c561934e089 "validate =" False "/>
<Add path = "*. asax" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. ascx" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. master" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. skin" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. browser" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. sitemap" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. dll. config" verb = "GET, HEAD" type = "System. Web. StaticFileHandler" validate = "True"/>
<Add path = "*. exe. config" verb = "GET, HEAD" type = "System. Web. StaticFileHandler" validate = "True"/>
<Add path = "*. config" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. cs" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. csproj" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. vb" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. vbproj" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. webinfo" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. licx" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. resx" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. resources" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. mdb" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. vjsproj" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. java" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. jsl" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. ldb" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. ad" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. dd" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. ldd" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. sd" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. cd" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. adprototype" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. lddprototype" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. sdm" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. sdmDocument" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. mdf" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. ldf" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. exclude" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*. refresh" verb = "*" type = "System. Web. HttpForbiddenHandler" validate = "True"/>
<Add path = "*" verb = "GET, HEAD, POST" type = "System. Web. DefaultHttpHandler" validate = "True"/>
<Add path = "*" verb = "*" type = "System. Web. HttpMethodNotAllowedHandler" validate = "True"/>
</HttpHandlers>

The above code is as follows: In the

The above is the default Handler processing. Of course, after knowing HttpHandler, we can also register our own HttpHandler and write our own HttpHandler processing program to process different types of files, I will implement it later. Let's take a look.

Problem: Since HttpHandler maps different types of suffix files in the request to different handlers for processing, how long does the handler map the time in the page lifecycle to process the request?

A: According to the preceding 24 events, the htting in the HttpHandler node is triggered in step 10th. Instead, it maps to different handlers. the implementation of methods and classes in these handlers is triggered in step 1.

Let's talk about HttpModule.

HttpHandler maps requests to a specified handler for a type of files. And the ing and processing occur in the events that have been specified by asp.net.

HttpModule maps all request files to the specified handler to process the requests, which can occur in any event in the request pipeline. That is to say, which event you subscribe to will occur in that event, and then execute it after processing. The next event of the event you subscribe, of course, you can terminate all the events and directly run the last event, which means that he can not give HttpHandler the chance to run the HttpModule.

HttpHandler usage

HttpHandler is demonstrated through anti-leech technology.

1. Register HttpHandler first: Register in Web. config

Copy codeThe Code is as follows:
<HttpHandlers>
<! -- Map a jpg file to ProcessHandler_test.CustomHandler. -->
<! -- In type, add the class name (ProcessHandler_test.CustomHandler) to the namespace before the comma, and then the Assembly name -->
<Add path = "*. jpg" verb = "*" type = "httphandre_test.customhandler, ProcessHandler_test"/>
</HttpHandlers>

The above registration is to map the request for jpg files in the website to the Assembly ProcessHandler_test whose namespace is httphand_test class name CustomHandler to process the request.

2. If you want to process requests through HttpHandler, you must implement the IHttpHandler interface in the mapped processing program.

3. The mapped program code is as follows:

Copy codeThe Code is as follows:
View Code

Namespace httphandre_test
{
Public class CustomHandler: IHttpHandler
{
Public void ProcessRequest (HttpContext context)
{
// Obtain the physical path of the file server
String FileName = context. Server. MapPath (context. Request. FilePath );
// If UrlReferrer is empty, a default anti-leeching image is displayed.
If (context. Request. UrlReferrer. Host = null)
{
Context. Response. ContentType = "image/gif ";
Context. Response. WriteFile ("/error.gif ");
}
Else
{
// If UrlReferrer does not contain the host domain name of your website, a default anti-leeching image is displayed.
If (context. Request. UrlReferrer. Host. IndexOf ("yourdomain.com")> 0)
{
Context. Response. ContentType = "image/gif ";
Context. Response. WriteFile (FileName );
}
Else
{
Context. Response. ContentType = "image/gif ";
Context. Response. WriteFile ("/error.gif ");
}
}
}

 

Public bool IsReusable
{
Get {throw new NotImplementedException ();}
}
}
}

Press Ctrl + C to copy the code. The simple instance above is complete. If there is a Jpg file request, instead of a request in the domain name of the website, then a specified error image is output to replace the original connected image.

Summary: httpHandler has more functions than this. I hope you can understand that it is a type of file request processing and that you can understand the event location in the request pipeline, this will be helpful for your understanding.

Use of HttpModule

Because the HttpModule is too powerful, that is to say, any request must pass the registered HttpModule processing program, you must make a good judgment on various requests when using it, that is, to process any request, let the request go through the processing program, and do not let him execute every method. Will not let the program load, the loss is worth the candle.

The steps for using HttpModule are similar to those for HttpHandler, while HttpModule implements the IHttpModule interface.

Here, I will not write down his specific case. I used to write a Url rewriting case, that is, using it. You can check it out. Url rewriting