Exclude HttpModule from running for static content on IIS7
Asked Answered
W

2

6

I have a problem with my Authentication HttpModule. The problem is that it obviously runs for every single request I get on my web server (IIS7). Because it also uses Session variable, it fails to work properly on CSS, JS files and similar.

I tried to use:

<add name="AuthModuleName" type="..." preCondition="managedHandler" />

but to no avail. It still runs on every request regardless of its extension or mime type. I should also add, there's a setting

<modules runAllManagedModulesForAllRequests="true">

that seemed suspicious to me and actually disabled preConditions on modules. But changing it to false, breaks the application in a completely different way and with a different exception (The SessionStateTempDataProvider requires SessionState to be enabled).

Can anybody help me how to force IIS7 to exclude my HttpModule when requests are made for static content files?

Wat answered 20/7, 2009 at 21:56 Comment(1)
BTW, you are sure this is IIS7 and not ASP.NET Development Server, right? Just double checking.Diabolism
W
3

runAllManagedModulesForAllRequests attribute has to be set to false to actually configure any module the way you want. You will have to also correctly reconfigure Session and others as needed, but the main thing is handlers pipeline execution order that handles requests.

The answer was provided in one of my other questions:

Thanks to Peter that provided the answer that worked correctly.

Wat answered 9/9, 2009 at 7:3 Comment(0)
C
1

I don't know about an IIS7 setting for that but you can do this.

The session object will be available only for non-static content :

void yourEventHandler(object sender, EventArgs e) {
    HttpApplication app = (HttpApplication)sender;
    if (app.Context.Session == null) {
        return;
    }
    // then your code here...
}

This will ensure your code won't be run for files like CSS, JS etc. But keep in mind the session object will also not be ready before PostAcquireRequestState event. (For the order of the HttpApplication events, see this page.)

Edit : Also, it appears with ASP.NET Development Server (though I know you said IIS7 in your question), your HttpModule will still run even for static files.

Contrail answered 21/7, 2009 at 3:39 Comment(2)
Yes I'm handling Session stuff in PostAcquireRequestState... But I still think it's possible to exclude my module altogether... I have to make it work with "runAllManagedModulesForAllRequests=false" somehow. Because this one sets my module to run on EVERY request.Wat
This approach doesn't work with pages that don't use session.Rashidarashidi

© 2022 - 2024 — McMap. All rights reserved.