Create your first HTTP Handler in ASP.NET 3.5

What is HTTP handler: Every request into an ASP.NET application is handled by a specialized component known as an HTTP handler. The HTTP handler is the most important ingredient while handling ASP.NET requests.

Examples: ASP.NET uses different HTTP handlers to serve different file types. For example, the handler for web Page creates the page and control objects, runs your code, and renders the final HTML.

ASP.NET default handlers:

  1. Page Handler (.aspx) - Handles Web pages
  2. User Control Handler (.ascx) - Handles Web user control pages
  3. Web Service Handler (.asmx) - Handles Web service pages
  4. Trace Handler (trace.axd) - Handles trace functionality

Why we need to create our own HTTP Handler: Sometime we need to avoid ASP.NET full page processing model, which saves lot of overheads, as ASP.NET web form model has to go through many steps such as creating web page objects, persisting view state etc. What we are interested into is to develop some low level interface that provides access to objects like Request and Response but doesn't use the full control based web form model discussed above.


  1. Dynamic image creator - Use the System.Drawing classes to draw and size your own images.
  2. RSS - Create a handler that responds with RSS-formatted XML. This would allow you to add RSS feed capabilities to your sites.
  3. Render a custom image,
  4. Perform an ad hoc database query,
  5. Return some binary data.

These examples extend the ASP.NET architecture but bypass the web-page model. The result is a leaner, more efficient component.

Where HTTP handlers are defined: All HTTP handlers are defined in the <httpHandlers> section of a configuration file which is nested in the <system.web> element.

  1. <httpHandlers>  
  2. <add verb="*" path="trace.axd" validate="true" type="System.Web.Handlers.TraceHandler"/>  
  3. <add verb="*" path="*.config" validate="true" type="System.Web.HttpForbiddenHandler"/>  
  4. <add verb="*" path="*.cs" validate="true" type="System.Web.HttpForbiddenHandler"/>  
  5. <add verb="*" path="*.aspx" validate="true" type="System.Web.UI.PageHandlerFactory"/>  
  6. </httpHandlers> 
  1. Trace.axd : this handler is meant for rendering HTML page with a list of all the recently collected trace output, and this is handled by TraceHandler
  2. .config: Handled by HttpForbiddenHandler
  3. .cs: Handled by HttpForbiddenHandler
  4. .aspx: Handled by PageHandlerFactory, which isn't a HTTP handler rather it's a class that will create the appropriate HTTP handler.

What is HTTP module: Help in processing of page request by handing application events , similar to what global.asax does. A request can pass through many HTTP modules but is being handled by only one HTTP handlers.


Use of HTTP Modules:

  1. ASP.NET uses HTTP modules to enable features like caching, authentication, error pages etc.
  2. <add> and <remove> tags can be used to add and inactive any http module from <httpmodule> section of a configuration file.

  1. <httpModules>  
  2. <add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>  
  3. <add name="Session" type="System.Web.SessionState.SessionStateModule"/>  
  4. <add name="WindowsAuthentication"  
  5. type="System.Web.Security.WindowsAuthenticationModule"/>  
  6. <add name="FormsAuthentication"  
  7. type="System.Web.Security.FormsAuthenticationModule"/>  
  8. </httpModules>  


  1. HTTP handler plays same role what ISAPI extension
  2. HTTP module plays same role what ISAPI filters does.

How to write custom HTTP handler:

Step 1: What all we need to know before writing handlers

There are two type of handler you actually can make

  1. Synchronous handler , which implement IHttpHandler interface
  2. Asynchronous handler, which implement IHttpAsyncHandler. With asynchronous handlers additional requests can be accepted, because the handler creates a new thread to process each request rather than using the worker process

Further these Interfaces require us to implement the ProcessRequest method and the IsReusable property.

  1. The ProcessRequest method handles the actual processing for requests made.
    ASP.NET calls this method when a request is received. It's where the HTTP handlers perform all the processing. You can access the intrinsic ASP.NET objects (such as Request, Response, and Server) through the HttpContext object that's passed to this method.
  2. Boolean IsReusable property specifies whether your handler can be pooled for reuse (to increase performance) or whether a new handler is required for each request.
    After ProcessRequest() finishes its work, ASP.NET checks this property to determine whether a given instance of an HTTP handler can be reused. If it returns true, the HTTP handler object can be reused for another request of the same type current. If it returns false, the HTTP handler object will simply be discarded.

Step 2: Create a ASP.NET web application and name it: SimpleHTTPHanlder

Step 3: Add a class and name it "SimpleHandler"

Step 4: Write below code


Here we are implementing IHttpHandler

The full code look like below

  1. public class SimpleHandler : IHttpHandler  
  2. {  
  3.     #region IHttpHandler Members  
  5.     bool IHttpHandler.IsReusable  
  6.     {  
  7.         get { return true; }  
  8.     }  
  10.     void IHttpHandler.ProcessRequest(HttpContext context)  
  11.     {  
  12.         HttpResponse response = context.Response;  
  13.         response.Write("<html><body><h1>Wow.. We created our first handler");  
  14.         response.Write("</h1></body></html>");  
  15.     }  
  16.     #endregion  
  17. }   

Step 5: Configuring HTTP handler in configuration file;

We will add our handler in <httpHandlers> section

  1. <httpHandlers>            
  2. <add verb="*" path="vishal.nayan" type="MyHttpHandler.SimpleHandler,MyHttpHandler"/>  
  3. </httpHandlers>
Now here we need to understand what these attributes means
  1. Verb: indicates whether the request is an HTTP POST or HTTP GET request (use * for all requests).

  2. Path : indicates the file extension that will invoke the HTTP handler

  3. Type: identifies the HTTP handler class. This identification consists of two portions. First is the fully qualified class name , That portion is followed by a comma and the name of the DLL assembly that contains the class

Step 6: How to run our Handler

Well, visual studio doesn't allow us directly to run the handler, rather we need to run the project first and then explicitly type URL to request for handler, so in our case it is;



Now, can we create HTTPHanlder without configuring web.config file. Well yes. In visual studio we have a new item template to accomplish this. For this we can use the recognized extension .ashx. All requests that end in .ashx are automatically recognized as requests for a custom HTTP handler.


What is leeching: sites that steal bandwidth by linking to resources on your server .i.e. giving an image URL path from their server to your server, so when user tries to access that image, it's actually using your server resources.

Problem Scenario: As stated above, when any request for image is originated from same website then it's ok, but if the request is coming from another website, then there is a potential problem, as it is creating more work for your web server and reducing the bandwidth.

Solution: HTTP handler will refuse to serve the image or they substitute a dummy image if the referrer header indicates that a request originates from another site.

Add a generic handler from existing item and name it ImageHandler.ashx. Write the code below;

  1. public class ImageHandler : IHttpHandler  
  2. {  
  3.     public void ProcessRequest(HttpContext context)  
  4.     {  
  5.         HttpRequest request = context.Request;  
  6.         HttpResponse response = context.Response;  
  8.         string imageURL = null;  
  9.         // Perform a case-insensitive comparison.  
  10.         if (request.UrlReferrer != null)  
  11.         {   
  12.             if(String.Compare(request.Url.Host, request.UrlReferrer.Host,true,CultureInfo.InvariantCulture) ==0)  
  13.             {  
  14.                 // The requesting host is correct.  
  15.                 // Allow the image (if it exists).  
  16.                 imageURL = request.PhysicalPath;  
  17.                 if (!File.Exists(imageURL))  
  18.                 {  
  19.                     response.Status = "Image Not Found";  
  20.                     response.StatusCode = 404;  
  21.                 }  
  22.                 else  
  23.                 {   
  24.                 }  
  25.             }  
  26.         }  
  27.         if (imageURL == null)  
  28.         {  
  29.             // No valid image was allowed.  
  30.             // Use the warning image instead.  
  31.             // Rather than hard-code this image, you could  
  32.             // retrieve it from the web.config file  
  33.             // (using the <appSettings> section or a custom  
  34.             // section).   
  35.             imageURL = context.Server.MapPath("~/images/notallowed.gif");  
  36.         }  
  37.         // Serve the image  
  38.         // Set the content type to the appropriate image type.  
  39.         response.ContentType = "image/" + Path.GetExtension(imageURL).ToLower();  
  40.         response.WriteFile(imageURL);  
  41.     }  
  43.     public bool IsReusable  
  44.     {  
  45.         get  
  46.         {  
  47.             return false;  
  48.         }  
  49.     }  
  50. }

Now its time to configure it. For this handler to protect image files, you need to register it to deal with the appropriate file types. Here are the web.config settings that set this up for the .gif and .jpg file types only.

  1. <add verb="*" path="*.gif" type="SimpleHTTPHanlder.ImageHandler,SimpleHTTPHanlder"/>  
  2. <add verb="*" path="*.jpg" type="SimpleHTTPHanlder.ImageHandler,SimpleHTTPHanlder"/>  
Now this configuration setting will only allow jpg and gif images, after checking it the request is originating from same website.

So now when we have to request any image, we simply type image URL and we can see that http://localhost:3238/images/areng.jpg


The one which is not available, is greeted by not found image. Say for this image request which doesn't exists;


So by this HTTP handler for images, we can restrict any request which is not coming from our web site and also increase performance by quicker response time.

Hope You enjoyed, Cheers

Similar Articles