This is the “HttpHandler and HttpModule in real scenarios” article series. As the name suggests, in this series we will understand a few real scenarios where we can use HttpHandler and HttpModule. In our previous article we have learned to implement a simple HttpHandler in our ASP.NET application. If you are new to HttpHandler then you can visit our previous article by clicking the following link.
HttpHandler and HttpModule in Real Scenario: Getting Started with HttpHandler
In this article we will understand a few more scenarios where we can implement HttpHandler. Let’s try to understand the following example.
Stop specific HTTP method in ASP.NET application
In this scenario we can use HttpHandler. For example a situation might occur wherein we want to stop a certain HTTP verb in our application. In this scenario we can use HttpHandler as a solution. In this example we will stop a GET request in our application. When the user throws a GET request in the application our custom HttpHandler login will prevent the request by throwing one simple response message. Have a look at the following example.
This is the custom HttpHandler where we have written logic to prevent a GET request that will come from the user.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace WebApp
{
public class methodHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
if(context.Request.RequestType.ToString() == "GET" || context.Request.HttpMethod.ToString() == "GET")
{
context.Response.ContentType = "text/plain";
context.Response.Write("Please do not use GET request");
}
}
public bool IsReusable
{
get
{
return false;
}
}
}
}
We are checking the request type in the HttpContext object. If the request type is GET then we are displaying a custom response message from there.
We now need to register the HttpHandler in the web.config file in the application. This is the code to register the HttpHandler in the application.
We are giving path=”*.html”, in other words when any GET request is received from the user, our custom HttpHandler code will execute and it will prevent the GET request.
</system.webServer>
<handlers>
<add name="myImageHandler" verb="*" path="*.html" type="WebApp.methodHandler"/>
</handlers>
</system.webServer>
Here is the output of the example above. We are getting a custom message when we are making a GET request in the application.
![Custom message]()
Not only GET, you can prevent any request type in the same way.
Determine whether or not the user is authenticated
This is another possible scenario wherein we can use HttpHandler. For example, in our example we will not allow any request from any unauthorized user.
We can check whether or not the user is authenticated by checking the “IsAuthenticated” property of the Request object. Have a look at the following example.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace WebApp
{
public class loginHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
//Check whether user is authenticated or not
if (!context.Request.IsAuthenticated)
{
context.Response.ContentType = "text/plain";
context.Response.Write("Please login to process request");
}
}
public bool IsReusable
{
get
{
return false;
}
}
}
}
In this implementation, we are checking whether or not the user is authenticated. If he is not authenticated then we are dropping the request there and instead generating a custom response message.
We now need to register our HttpHandler in the web.config file. Here is the code to do that.
</system.webServer>
<handlers>
<add name="myImageHandler" verb="*" path="*.html" type="WebApp.loginHandler"/>
</handlers>
</system.webServer>
This is the example of the example above. We are seeing the custom response message because we did not implement any authentication mechanism in this example.
![authentication]()
Check number of parameters in query string
Though this is not a significantly strong scenario where we can implement HttpHandle, but anyway, we can check the number of parameters in the query string for a certain page. For example we want to call a .aspx page where we need to send at least one parameter through query string to invoke the page. Before reaching the HTTP request to the specific page, we can check whether or not the user’s request is carrying a query string value.
Have a look at the following example.
In this example we are checking the length of the query string value in the HttpRequest, if the number of query strings is fewer than 1 then we will notify the user of the insufficient query string parameter.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace WebApp
{
public class loginHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
if (context.Request.RawUrl.Contains("Form1.aspx"))
{
if (context.Request.QueryString.Count < 1)
{
context.Response.ContentType = "text/plain";
context.Response.Write("Please provide at least one value through URL");
}
}
}
public bool IsReusable
{
get
{
return false;
}
}
}
}
This is the code to register the HttpHandler in the web.config file.
</system.webServer>
<handlers>
<add name="myImageHandler" verb="*" path="*.aspx" type="WebApp.loginHandler"/>
</handlers>
</system.webServer>
Here is the output; we will get it when the “Form1.aspx” page is requested.
Here is the output of the example above.
![query string]()
Conclusion
In this article we saw a few scenarios where we can implement a HttpHandler as a solution. Though those scenarios are not exact/perfect for HttpHandler to be implemented but those scenarios are enough to practice with HttpHandler. In a future article we will understand a little more realistic real-life concept of HttpHandler.