Create your first HTTP Handler in ASP.NET 3.5

What is HTTP handler: Every request into an ASP.NET application is handled by a specialized component known as an HTTP handler. The HTTP handler is the most important ingredient while handling ASP.NET requests.

Examples: ASP.NET uses different HTTP handlers to serve different file types. For example, the handler for web Page creates the page and control objects, runs your code, and renders the final HTML.

ASP.NET default handlers:

  1. Page Handler (.aspx) - Handles Web pages
  2. User Control Handler (.ascx) - Handles Webuser control pages
  3. Web Service Handler (.asmx) - Handles Webservice pages
  4. Trace Handler (trace.axd) - Handles tracefunctionality

Why we need to create our own HTTP Handler: Sometime we need to avoid ASP.NET full page processing model, which saves lot of overheads, as ASP.NET web form model has to go through many steps such as creating web page objects, persisting view state etc. What we are interested into is to develop some low level interface that provides access to objects like Request and Response but doesn't use the full control based web form model discussed above.


  1. Dynamic image creator - Use theSystem.Drawing classes to draw and size your own images.
  2. RSS - Create a handler that responds withRSS-formatted XML. This would allow you to add RSS feed capabilities to yoursites.
  3. Render a custom image,
  4. Perform an ad hoc database query,
  5. Return some binary data.

These examples extend the ASP.NET architecture but bypass the web-page model. The result is a leaner, more efficient component.

Where HTTP handlers are defined: All HTTP handlers are defined in the <httpHandlers> section of a configuration file which is nested in the <system.web> element.

  1. <httpHandlers>  
  2. <add verb="*" path="trace.axd" validate="true" type="System.Web.Handlers.TraceHandler"/>  
  3. <add verb="*" path="*.config" validate="true" type="System.Web.HttpForbiddenHandler"/>  
  4. <add verb="*" path="*.cs" validate="true" type="System.Web.HttpForbiddenHandler"/>  
  5. <add verb="*" path="*.aspx" validate="true" type="System.Web.UI.PageHandlerFactory"/>  
  6. </httpHandlers> 
  1. Trace.axd : this handler is meant forrendering HTML page with a list of all the recently collected trace output,and this is handled by TraceHandler
  2. .config: Handled by HttpForbiddenHandler
  3. .cs: Handled by HttpForbiddenHandler
  4. .aspx: Handled by PageHandlerFactory,which isn't a HTTP handler rather it's a class that will create theappropriate HTTP handler.

What is HTTP module: Help in processing of page request by handing application events , similar to what global.asax does. A request can pass through many HTTP modules but is being handled by only one HTTP handlers.


Use of HTTP Modules:

  1. ASP.NET uses HTTP modules to enablefeatures like caching, authentication, error pages etc.
  2. <add> and <remove> tags can be used to addand inactive any http module from <httpmodule> section of a configurationfile.

  1. <httpModules>  
  2. <add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>  
  3. <add name="Session" type="System.Web.SessionState.SessionStateModule"/>  
  4. <add name="WindowsAuthentication"  
  5. type="System.Web.Security.WindowsAuthenticationModule"/>  
  6. <add name="FormsAuthentication"  
  7. type="System.Web.Security.FormsAuthenticationModule"/>  
  8. </httpModules>  


  1. HTTP handler plays same role what ISAPIextension
  2. HTTP module plays same role what ISAPIfilters does.

How to write custom HTTP handler:

Step 1: What all we need to know before writing handlers

There are two type of handler you actually can make

  1. Synchronous handler , which implementIHttpHandler interface
  2. Asynchronous handler, which implementIHttpAsyncHandler. With asynchronous handlers additional requests can beaccepted, because the handler creates a new thread to process each requestrather than using the worker process

Further these Interfaces require us to implement the ProcessRequest method and the IsReusable property.

  1. The ProcessRequest method handles theactual processing for requests made.
    ASP.NET calls this method when a request is received. It's where the HTTPhandlers perform all the processing. You can access the intrinsic ASP.NETobjects (such as Request, Response, and Server) through the HttpContextobject that's passed to this method.
  2. Boolean IsReusable property specifieswhether your handler can be pooled for reuse (to increase performance) orwhether a new handler is required for each request.
    After ProcessRequest() finishes its work, ASP.NET checks this property todetermine whether a given instance of an HTTP handler can be reused. If itreturns true, the HTTP handler object can be reused for another request ofthe same type current. If it returns false, the HTTP handler object willsimply be discarded.

Step 2: Create a ASP.NET web application and name it: SimpleHTTPHanlder

Step 3: Add a class and name it "SimpleHandler"

Step 4: Write below code


Here we are implementing IHttpHandler

The full code look like below

  1. public class SimpleHandler : IHttpHandler  
  2. {  
  3.     #region IHttpHandler Members  
  5.     bool IHttpHandler.IsReusable  
  6.     {  
  7.         get { return true; }  
  8.     }  
  10.     void IHttpHandler.ProcessRequest(HttpContext context)  
  11.     {  
  12.         HttpResponse response = context.Response;  
  13.         response.Write("<html><body><h1>Wow.. We created our first handler");  
  14.         response.Write("</h1></body></html>");  
  15.     }  
  16.     #endregion  
  17. }   

Step 5: Configuring HTTP handler in configuration file;

We will add our handler in <httpHandlers> section

  1. <httpHandlers>            
  2. <add verb="*" path="vishal.nayan" type="MyHttpHandler.SimpleHandler,MyHttpHandler"/>  
  3. </httpHandlers>
Now here we need to understand what these attributes means
  1. Verb: indicates whether the request is an HTTPPOST or HTTP GET request (use * for all requests).

  2. Path : indicates the file extension that willinvoke the HTTP handler

  3. Type: identifies the HTTP handler class. Thisidentification consists of two portions. First is the fully qualified classname , That portion is followed by a comma and the name of the DLL assemblythat contains the class

Step 6: How to run our Handler

Well, visual studio doesn't allow us directly to run the handler, rather we need to run the project first and then explicitly type URL to request for handler, so in our case it is;



Now, can we create HTTPHanlder without configuring web.config file. Well yes. In visual studio we have a new item template to accomplish this. For this we can use the recognized extension .ashx. All requests that end in .ashx are automatically recognized as requests for a custom HTTP handler.


What is leeching: sites that steal bandwidth by linking to resources on your server .i.e. giving an image URL path from their server to your server, so when user tries to access that image, it's actually using your server resources.

Problem Scenario: As stated above, when any request for image is originated from same website then it's ok, but if the request is coming from another website, then there is a potential problem, as it is creating more work for your web server and reducing the bandwidth.

Solution: HTTP handler will refuse to serve the image or they substitute a dummy image if the referrer header indicates that a request originates from another site.

Add a generic handler from existing item and name it ImageHandler.ashx. Write the code below;

  1. public class ImageHandler : IHttpHandler  
  2. {  
  3.     public void ProcessRequest(HttpContext context)  
  4.     {  
  5.         HttpRequest request = context.Request;  
  6.         HttpResponse response = context.Response;  
  8.         string imageURL = null;  
  9.         // Perform a case-insensitive comparison.  
  10.         if (request.UrlReferrer != null)  
  11.         {   
  12.             if(String.Compare(request.Url.Host, request.UrlReferrer.Host,true,CultureInfo.InvariantCulture) ==0)  
  13.             {  
  14.                 // The requesting host is correct.  
  15.                 // Allow the image (if it exists).  
  16.                 imageURL = request.PhysicalPath;  
  17.                 if (!File.Exists(imageURL))  
  18.                 {  
  19.                     response.Status = "Image Not Found";  
  20.                     response.StatusCode = 404;  
  21.                 }  
  22.                 else  
  23.                 {   
  24.                 }  
  25.             }  
  26.         }  
  27.         if (imageURL == null)  
  28.         {  
  29.             // No valid image was allowed.  
  30.             // Use the warning image instead.  
  31.             // Rather than hard-code this image, you could  
  32.             // retrieve it from the web.config file  
  33.             // (using the <appSettings> section or a custom  
  34.             // section).   
  35.             imageURL = context.Server.MapPath("~/images/notallowed.gif");  
  36.         }  
  37.         // Serve the image  
  38.         // Set the content type to the appropriate image type.  
  39.         response.ContentType = "image/" + Path.GetExtension(imageURL).ToLower();  
  40.         response.WriteFile(imageURL);  
  41.     }  
  43.     public bool IsReusable  
  44.     {  
  45.         get  
  46.         {  
  47.             return false;  
  48.         }  
  49.     }  
  50. }

Now its time to configure it. For this handler to protect image files, you need to register it to deal with the appropriate file types. Here are the web.config settings that set this up for the .gif and .jpg file types only.

  1. <add verb="*" path="*.gif" type="SimpleHTTPHanlder.ImageHandler,SimpleHTTPHanlder"/>  
  2. <add verb="*" path="*.jpg" type="SimpleHTTPHanlder.ImageHandler,SimpleHTTPHanlder"/>  
Now this configuration setting will only allow jpg and gif images, after checking it the request is originating from same website.

So now when we have to request any image, we simply type image URL and we can see that http://localhost:3238/images/areng.jpg


The one which is not available, is greeted by not found image. Say for this image request which doesn't exists;


So by this HTTP handler for images, we can restrict any request which is not coming from our web site and also increase performance by quicker response time.

Hope You enjoyed, Cheers