Is there a good way to exclude certain pages from using a HTTP module?

I have an application that uses a custom HTTP module to validate a session. The HTTPModule is set up like this in web config:

<system.web>
  <!-- ... -->
  <httpModules>
    <add name="SessionValidationModule"
       type="SessionValidationModule, SomeNamespace" />
  </httpModules>
</system.web>

To exclude the module from the page, I tried doing this (without success):

<location path="ToBeExcluded">
  <system.web>
    <!-- ... -->
    <httpModules>
      <remove name="SessionValidationModule" />
    </httpModules>
  </system.web>
</location>

Any thoughts?

You could use an HTTPHandler instead of an HTTPModule. Handlers let you specify a path when you declare them in Web.Config.

<add verb="*" path="/validate/*.aspx" type="Handler,Assembly"/>

If you must use an HTTPModule, you could just check the path of the request and if it's one to be excluded, bypass the validation.

HttpModules attach to the ASP.NET request processing pipeline itself. The httpModule itself must take care of figuring out which requests it wants to act on and which requests it wants to ignore.

This can, for example, be achieved by looking at the context.Request.Path property.

You could use an HTTPHandler instead of an HTTPModule. Handlers let you specify a path when you declare them in Web.Config.

<add verb="*" path="/validate/*.aspx" type="Handler,Assembly"/>

If you must use an HTTPModule, you could just check the path of the request and if it's one to be excluded, bypass the validation.

Here is some simple example how to filter requests by extension... the example below exclude from the processing files with the specific extensions. Filtering by file name will look almost the same with some small changes...

public class AuthenticationModule : IHttpModule
{
    private static readonly List<string> extensionsToSkip = AuthenticationConfig.ExtensionsToSkip.Split('|').ToList();

    // In the Init function, register for HttpApplication 
    // events by adding your handlers.
    public void Init(HttpApplication application)
    {
        application.BeginRequest += new EventHandler(this.Application_BeginRequest);
        application.EndRequest += new EventHandler(this.Application_EndRequest);
    }

    private void Application_BeginRequest(Object source, EventArgs e)
    {
        //  we don't have to process all requests...
        if (extensionsToSkip.Contains(Path.GetExtension(HttpContext.Current.Request.Url.LocalPath)))
            return;

        Trace.WriteLine("Application_BeginRequest: " + HttpContext.Current.Request.Url.AbsoluteUri);
    }

    private void Application_EndRequest(Object source, EventArgs e)
    {
        //  we don't have to process all requests...
        if (extensionsToSkip.Contains(Path.GetExtension(HttpContext.Current.Request.Url.LocalPath)))
            return;

        Trace.WriteLine("Application_BeginRequest: " + HttpContext.Current.Request.Url.AbsoluteUri);
    }
}

General idea is to specify in config file what exactly should be processed (or excluded from the processing) and use that config parameter in the module.