HTTP Handlers in ASP.NET

The low level Request and Response API to service incoming HTTP requests are HTTP Handlers in ASP.NET. All handlers implement the IHttpHandler interface, which is located in the System.Web namespace. Handlers are somewhat analogous to Internet Server Application Programming Interface (ISAPI) extensions.

Introduction

The low level Request and Response API to service incoming Http requests are Http Handlers in Asp.Net. All handlers implement the IHttpHandler interface, which is located in the System.Web namespace. Handlers are somewhat analogous to Internet Server Application Programming Interface (ISAPI) extensions.

In this article, I will explain how to extend the functionality of web server by using Http handlers and How to protect files using Http handlers.

Methods in Http Handler

The following are the methods in Http Handlers.

Method Name Description
ProcessRequest Used to call Http Requests.
IsReusable To check the reusability of same instance handler with a new request of same type.

Configuring HTTP Handlers

The <httpHandlers> configuration section handler is responsible for mapping incoming URLs to the IHttpHandler or IHttpHandlerFactory class. It can be declared at the computer, site, or application level. Subdirectories inherit these settings.

Administrators use the <add> tag directive to configure the <httpHandlers> section. <Add> directives are interpreted and processed in a top-down sequential order. Use the following syntax for the <httpHandler> section handler:

<httpHandlers>
<
add verb="[verb list]" path="[path/wildcard]" type="[COM+ Class], [Assembly]" validate="[true/false]" />
<
remove verb="[verb list]" path="[path/wildcard]" />
<
clear />
</
httpHandlers>

Creating HTTP Handlers

To create an HTTP handler, you must implement the IHttpHandler interface. The IHttpHandler interface has one method and one property with the following signatures:

void ProcessRequest(HttpContext);
bool IsReusable {get;}

Customized Http Handler

By customizing http handlers, new functionalities can be added to Web Server. Files with new extensions like .text for a text file can be handled by Web Server by using http handlers. The future of customization can lead to hosting .jsp pages in IIS by finding adequate ISAPI extensions. The following steps are involved to create customized http handler:

  1. Create a C# class library as "Examplehandler"
  2. Name class as "Handlerclass.cs"

using System;
using System.Web;
using System.Web.SessionState;
namespace ExampleHandler
{
/// <summary>
/// Summary description for Examplehandler.
/// </summary>
public class Handlerclass : IHttpHandler
{
public Handlerclass()
{
//
// TODO: Add constructor logic here
//
}
#region Implementation of IHttpHandler
public void ProcessRequest(System.Web.HttpContext context)
{
HttpResponse objResponse = context.Response ;
HttpSessionState objSession = context.Session ;
objResponse.Write("<html><body><h1>Hello World from Handler") ;
objResponse.Write("</body></html>") ;
}
public bool IsReusable
{
get
{
return true;
}
}
#endregion
}
}

Compile it and place it in the bin directory of TestApp project.

Step 2

Register this handler by adding the following text in the web.config file:

<httpHandlers>
<
add verb="*" path="*.text" type=" ExampleHandler.Handlerclass, ExampleHandler "/>
</
httpHandlers>

Step 3

Go to Internet Information Services and select Default Web Site. Right Click and Select Properties. Select Home Directory and click on Configuration. The Following Screen will appear:

HTTPHandlers1.jpg 

Click on Add and give executable path and new extension and click OK.

HTTPHandlers2.jpg 

Close IIS and Run TestApp website by using the URL

http://localhost/Testapp/hello.text

The output will be as follows:

HTTPHandlers3.jpg 

HttpForbiddenHandler

The sensitive files can be protected by Http Forbidden Handler. The Database driven web sites using MS Access, the .mdb file has to be protected. To protect the .mdb files, we must follow the two steps given below:

  1. Map .mdb file in IIS 
  2. Register the file extension in web.config with HttpForbiddenHandler.

In the Web.Config file, Add this Http handler section:

<httpHandlers>
<
add verb="*" path="*.mdb" type="System.Web.HttpForbiddenHandler"/>
</
httpHandlers>

Conclusion

The Http Handlers are often useful when the services provided by the high-level page framework abstraction are not required for processing the HTTP request. Common uses of handlers include filters and CGI-like applications, especially those that return binary data.