locked
Can I ensure that a certain HttpModule is always invoked? RRS feed

  • Question

  • User-1505052757 posted

    Hi,

    Suppose I receive some data (using a Http Post) where I have to remove some some sensitive sections of that data before anything else. This calls for a HttpModule where I implement the HttpApplication.OnBeginRequest - correct? Here I must remove the data that cannot pass the module. Can I ensure that my module here is run? What if someone by accident comments out my Module from web.config?

    Thanks.

    --
    Werner

    Thursday, September 19, 2013 10:19 AM

Answers

  • User1020687624 posted

    Well it just so happens my knowledge is for IIS, so here we go:

    "Manually edit the IIS configuration store, either globally to enable the module for all applications on the server, or in a particular web.config file located within each application for which you would like to enable this module." - http://www.iis.net/learn/get-started/introduction-to-iis/iis-modules-overview#Enable_mod

    If you enable it globally then it won't be in the web.config and thus no one can comment it out. But to ensure it's only used by the application you want we need to look at handler mappings.

    Handler mappings can be set up on a per application basis. What a handler mapping does is when a user requests a certain type of page (.html, .aspx, etc...) the handler mapping will tell it which modules the request needs to be sent to in order to be processed correctly. 

    In your case, for this application you probably want all your page types to be sent to your "Sensitive Info Removal" module. In all other applications on the server or other applications you make in the future, just don't map any page types to your "Sensitive Info Removal" module and they'll be processed normally.

    Here is how to configure handler mappings on IIS 7. It also offers more info on handler mappings if you found my explanation poor.

    Hope it helps,

    Valerin


     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 20, 2013 11:35 AM

All replies

  • User1020687624 posted

    Hi itemplate,

    I can think of a few ways to accomplish this, but as far as I know my knowledge is web server specific. Would you be able to tell me what this application will be deployed on?

    Valerin

    Thursday, September 19, 2013 12:45 PM
  • User-1505052757 posted

    Oh yes sorry :)

    It would be a mix (if possible) IIS6/7 on Windows 2003/2008. But it will be deployed on whatever I tell it to really. I just need support for HTTPS certificate on it...

    Friday, September 20, 2013 2:27 AM
  • User1020687624 posted

    Well it just so happens my knowledge is for IIS, so here we go:

    "Manually edit the IIS configuration store, either globally to enable the module for all applications on the server, or in a particular web.config file located within each application for which you would like to enable this module." - http://www.iis.net/learn/get-started/introduction-to-iis/iis-modules-overview#Enable_mod

    If you enable it globally then it won't be in the web.config and thus no one can comment it out. But to ensure it's only used by the application you want we need to look at handler mappings.

    Handler mappings can be set up on a per application basis. What a handler mapping does is when a user requests a certain type of page (.html, .aspx, etc...) the handler mapping will tell it which modules the request needs to be sent to in order to be processed correctly. 

    In your case, for this application you probably want all your page types to be sent to your "Sensitive Info Removal" module. In all other applications on the server or other applications you make in the future, just don't map any page types to your "Sensitive Info Removal" module and they'll be processed normally.

    Here is how to configure handler mappings on IIS 7. It also offers more info on handler mappings if you found my explanation poor.

    Hope it helps,

    Valerin


     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 20, 2013 11:35 AM