httpmodules(Classic Mode) Vs Modules (Integrated mode) not parsing request in the same way

3
votes

I have an ASP.NET FW 4.5 application, normally it is running under Classic Mode , and we use a HttpModule that parse every request to webpages. The Module checks in the DB if the user has access. No problem with that.

When we switch to integrated mode we put a < webserver > < module > as recommended in the migration guide. The problem is that the module is parsing every request to the application, also the css, jss and images. In Classic mode this does not happen, only pages are parsed. Is there a different behavior between classic and integrated? The module implements methods like: private void OnBeginRequest(object sender, EventArgs e) private void OnAuthorization(object sender, EventArgs e)

1
asp.netweb-configiis-7.5httpmoduleintegrated-pipeline-mode
The difference you have described is the difference between integrated and classic mode. - mason
So in classic mode only aspx pages are parsed?Where can i check the documentation of that? I didn't find anything. Thanks - X.Otano
ASP.NET FW4.5 has nothing to do with Classic ASP; they are completely different technologies. You should retag your question. - Paul
rettaged as you suggested - X.Otano

1 Answers

1
votes

This question is a bit old but just in case somebody else finds it I'll provide the answer...

In integrated mode, any modules you provide in <system.webserver> are invoked for every IIS request (including non ASP.NET pages) unless you add a constraint via the preCondition attribute. e.g.

<system.webserver>
    <modules>
        <add preCondition="managedHandler" name="..." type="..."/>
    </modules>
</system.webserver>

Specifying managedHandler means the module will be invoked only for ASP.Net managed resources such as .aspx files, but not unmanaged resources such as html, images and javascript.

Note, however, this setting is overridden if you specify runAllManagedModulesForAllRequests="true" on the <modules> element, which causes all modules (and your Global.asax class if present) to be notified about all requests.

There's a useful write-up of the Life Cycle of an IIS 7.x request on MSDN, but this does not mention the preCondition attribute. However you can read about it in the IIS Settings Schema documentation.

TL;DR

You might be wondering how it's possible that a module can be invoked for a non-managed resource when the event handlers defined in your Global.asax file are not invoked. After all, modules register their event handlers with the HttpApplication object that is passed to the IHttpModule.Init method like this:-

public void Init(System.Web.HttpApplication context)
{
    context.AuthenticateRequest += my_request_handler;
}

The HttpApplication passed to Init is the same as that defined in Global.asax, so why aren't the Global application event handlers invoked? The answer is simply that when a module registers its event handlers with the HttpApplication object, the HttpApplication is aware that it is in module initialization mode, and registers the event handlers separately, along with flags to indicate if the event handler should be called for non-managed resources. You can investigate further by looking at the HttpApplication reference source code.