HttpModules

The end result is a page that contains text from one of the elements in astrAds. Listing 8.5 shows the resulting HTML.

Listing 8.5 The Output from AdInserter.cs to a Page with <adinsert> Tags

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html>     <head>         <title></title>         <meta name="GENERATOR" content="Microsoft Visual Studio.NET 7.0">         <meta name="CODE_LANGUAGE" content="Visual Basic 7.0">         <meta name="vs_defaultClientScript" content="JavaScript">         <meta name="vs_targetSchema"                     content="http://schemas.microsoft.com/intellisense/ie5">     </head>     <body MS_POSITIONING="GridLayout">         <adinsert><img src="deep_468x60a.gif"></adinsert><br>         <form name="Form1" method="post" action="WebForm1.aspx" id="Form1"> <input type="hidden" name="__VIEWSTATE" value="dDwtMTI3OTMzNDM4NDs7Pg==" />             Time:             8/23/2001 8:27:12 PM</form>     </body> </html> 

Note the <img> tag that was inserted by the filter between the <adinsert> tags.

Forking the Filter

Filters work great if the task at hand calls for modifying the content as it streams to the client. Some tasks , however, don't fit this model. Suppose that you want to create something similar to the OutputCache in ASP.NET. For this to work, you need to have the entire contents of the page available after it has been written to the client. You might be thinking, "No problem, the stream has a read method." As it turns out, HttpResponseStream, which is the stream that ASP.NET uses to respond to a request, doesn't support the read operation. If you attempt to use it, you will get an UnsupportedException thrown. To make this idea work, your stream implementation must "Fork" the data written to it. One copy will be written to the client stream. The other copy will be written to an in-memory buffer that can then be read from at a later time. This way, when request processing is over, we can still access the content of the page.

The next example implements a very simplistic caching mechanism. It has an internal hash table that it uses to store pages that are keyed on the request URL. This example also uses two new events: ResolveRequestCache and UpdateRequestCache. You may wonder why two new events are needed. ResolveRequestCache is the appropriate event in this case because BeginRequest happens prior to the authentication and authorization stages. If you checked the cache for a page before those events fired , you could potentially return a cached page to an unauthorized user. That clearly would be undesirable. UpdateRequestCache is to place an executed page into the cache when it is done executing. Listing 8.6 contains the implementation of SimpleCache.

Listing 8.6 Implementation of SimpleCache, an Output-Caching Mechanism

 using System; using System.Web; using System.Collections; namespace SimpleModules {     /// <summary>     /// Summary description for SimpleCache.     /// </summary>     public class SimpleCache : IHttpModule     {         // The stored application         private HttpApplication mApplication;         // Hash to store cached pages         Hashtable mHash = new Hashtable();         public void Init(HttpApplication app)         {             // Store off the application object             mApplication = app;             // Wire up our event handlers             mApplication.ResolveRequestCache += new System.EventHandler(this.ResolveRequestCache);             mApplication.UpdateRequestCache += new System.EventHandler(this.UpdateRequestCache);         }         public void Dispose()         {         }         private void ResolveRequestCache(object sender, System.EventArgs e)         {             // is the url in the cache?             if(mHash.Contains(mApplication.Request.Url))             {                 // Write it back from the cache                 mApplication.Response.Write(mHash[mApplication.Request.Url]. ToString());                 // Finish the request                 mApplication.CompleteRequest();             }             else             {                 // Create a new filter                 CacheStream mStreamFilter = new CacheStream(mApplication.Response.Filter);                 // Insert it onto the page                 mApplication.Response.Filter = mStreamFilter;                 // Save a reference to the filter in the request context so we can grab it in UpdateRequestCache                 mApplication.Context.Items.Add("mStreamFilter", mStreamFilter);             }         }         private void UpdateRequestCache(object sender, System.EventArgs e)         {             if(!mHash.Contains(mApplication.Request.Url))             {                 // Grab the CacheStream out of the context                 CacheStream mStreamFilter = (CacheStream) mApplication.Context.Items["mStreamFilter"];                 // Remove the reference to the filter                 mApplication.Context.Items.Remove("mStreamFilter");                 // Create a buffer                 byte[] bBuffer = new byte[mStreamFilter.Length];                 // Rewind the stream                 mStreamFilter.Position = 0;                 // Get the bytes                 mStreamFilter.Read(bBuffer, 0, (int)mStreamFilter.Length);                 // Convert to a string                 System.Text.UTF8Encoding utf8 = new System.Text.UTF8Encoding();                 System.Text.StringBuilder strBuff = new System.Text.StringBuilder(utf8.GetString(bBuffer));                 // Insert the cached timestamp                 strBuff.Insert(0, "<!-- Cached: " + DateTime.Now.ToString("r") + " -->");                 // Save it away                 mHash.Add(mApplication.Request.Url, strBuff.ToString());             }         }         public class CacheStream : System.IO.Stream         {             private System.IO.MemoryStream moMemoryStream = new System.IO.MemoryStream();             private System.IO.Stream moStream;             public CacheStream(System.IO.Stream stream)             {                 moStream = stream;             }             public override bool CanRead             {                 get                 {                     return true;                 }             }             public override bool CanWrite             {                 get                 {                     return true;                 }             }             public override bool CanSeek             {                 get                 {                     return true;                 }             }             public override long Length             {                 get                 {                     return moMemoryStream.Length;                 }             }             public override long Position             {                 get                 {                     return moMemoryStream.Position;                 }                 set                 {                     moMemoryStream.Position = value;                 }             }             public override int Read(byte[] buffer, int offset, int count)             {                 return moMemoryStream.Read(buffer, offset, count);             }             public override long Seek(long offset, System.IO.SeekOrigin direction)             {                 return moMemoryStream.Seek(offset, direction);             }             public override void SetLength(long length)             {                 moMemoryStream.SetLength(length);             }             public override void Close()             {                 moStream.Close();             }             public override void Flush()             {                 moStream.Flush();             }             public override void Write(byte[] buffer, int offset, int count)             {                 moStream.Write(buffer, offset, count);                 moMemoryStream.Write(buffer, offset, count);             }         }     } } 

The pattern should be familiar by now. First, implement IHttpModule and save off a copy of the application. ResolveRequestCache is where things start to diverge from prior examples. In ResolveRequestCache, look in mHash to see if a cached copy of the page already exists. Call the Contains method, passing the URL of the request to determine if it is in the cache. If it is, retrieve the string from mHash, Response.Write it to the client, and then call HttpApplication.CompleteRequest . This call short-circuits execution of the request and causes ASP.NET to bypass the rest of the steps and stream the result back to the client. If the page is not in the cache, place an instance of CacheStream into Response.Filter , and also place a reference to CacheStream into HttpContext.Items. This reference is needed because the Response.Filter property always returns the stream that points to the client, even after it's set to point to a different stream. That way, multiple filters can be inserted and each can act on the stream. In this case, however, we need to get access to CacheStream later on during the UpdateRequestCache event.

To facilitate communication between events in HttpModules and/or HttpModules themselves , the HttpContext provides the items collection that allows data to be associated with the request. In this case, use it to store a reference to CacheStream. CacheStream inherits Stream and acts as the forking filter. Everything that is written to CacheStream is also written to an internal MemoryStream. CacheStream, unlike the previous examples, supports the Read method. When Read is called, information from the internal MemoryStream is returned. When UpdateRequestCache finally fires, it checks again to see if the current request is already in mHash. If it isn't, grab the CacheStream from the HttpContext and retrieve the copy of the page data that it contains. Add a comment to the beginning of the page data that stamps it with the date and time that the page was cached. This page is then placed into mHash, keyed off the URL. That's it! The OutputCacheModule in real life, of course, does considerably more than this, including aging of items from the cache and varying by parameters, but this HttpModule effectively demonstrates how to use the Filter property to get at the content of the page.

An Error Module

One of the coolest new application events in ASP.NET is the Error event. As mentioned before, with an HttpModule you can sink this event in an application-specific way in Global.asax. You can redirect the user away from the error page to some other part of the site that is more appropriate than just an error message. It might be interesting to sink the error event in a module, however, to provide a non “application-specific piece of functionality. A common idea is to log the error to the event log for later analysis or perhaps even to e-mail it to the Webmaster. This can be done in an application-independent way, which indicates the need for an HttpModule.

Listing 8.7 shows an HttpModule that logs the error information to an event log and e- mails the Webmaster with the error information. It first attempts to connect to an event log called "ASP.NET ErrorModule," which is created if it doesn't already exist. Next, it gathers the error information from the HttpApplication.Context.Error property. This property returns the exception that was thrown during the processing of this request. Several of the Exception properties are bundled into a string, which is then logged to the event log. Finally, the error is sent to the Webmaster using the SmtpMailClass.

Listing 8.7 An HttpModule That Handles Errors in an Application by Writing Them to the Event Log and E-mailing the Webmaster

 public class ErrorModule : IHttpModule {     private const string strEVENTLOGNAME = "ASP.NET ErrorModule";     private HttpApplication mApplication;     public void Init(HttpApplication application)     {         // Save off the application         mApplication = application;         // Wire up the error handler         mApplication.Error += new System.EventHandler(this.ErrorHandler);     }     private void ErrorHandler(object sender, EventArgs e)     {         // Create the event source if it doesn't exist         if(!EventLog.SourceExists(strEVENTLOGNAME))             EventLog.CreateEventSource(strEVENTLOGNAME, strEVENTLOGNAME + " Log");         // Create an event log instance and point it at the event source         EventLog el = new EventLog();         el.Source = strEVENTLOGNAME;         // Create the error text         string strErrorMessage = "An uncaught exception was thrown in your application\r\nUrl: " + mApplication.Request.Url.ToString() + "\r\nMessage:" + mApplication.Context.Error.Message + "\r\nStack Trace:" + mApplication.Context.Error.StackTrace;         // Write the event log entry         el.WriteEntry(strErrorMessage, EventLogEntryType.Error);         // Mail the message to the web master         System.Web.Mail.SmtpMail.Send("webserver@vergentsoftware.com", "ckinsman@vergentsoftware.com", "Web Site Error", strErrorMessage);     }     public void Dispose()     {     } } 

This code results in the event log entry shown in Figure 8.1 and the e-mail message shown in Figure 8.2.

Notice that this HttpModule doesn't actually do any redirection. That is expected to be handled in an application-specific way. The sample shows another event handler defined in Global.asax for the Error event. This event handler is responsible for redirecting the user to a friendly error page. Both error event handlers fire during the processing of the request. This fact is important because it points out that multiple HttpModules can each be handling the same events. Listing 8.8 shows the global.asax.

Listing 8.8 Global.asax Does the Actual Redirection in an Application-Specific Way

 public class Global : System.Web.HttpApplication {     private void InitializeComponent()     {         this.Error += new System.EventHandler(this.Application_Error);     }     protected void Application_Error(object sender, EventArgs e)     {         Response.Redirect("friendlyerror.htm");     } } 

Typically you wouldn't just redirect to another page in the event handler. You would normally do something along the lines of logging the error or notifying the administrator. If you just want to show another page instead of the error, also check out the <CustomErrors> element of the web.config, which is discussed in Chapter 5, "Configuration and Deployment."

Raising Events from an HttpModule

As mentioned previously, HttpModules are intended to be generic, containing no application logic. In many cases, however, you may want the developer of the application to tie application-specific code to your HttpModule. One way to do this is to raise events as part of your processing that the developer can sink in Global.asax to provide application-specific processing. Several of the built-in HttpModules raise events of this nature.

The way this is done is a little odd. No explicit event wireup is done. Instead, events are wired based on a naming convention. If you have a public event delegate in your code of the form:

 public event EventHandler MyEvent 

You can then put an event handler in the global.asax in the form friendlymodulename_eventname. When ASP.NET loads your HttpModule, it will dynamically wire up the event in the module to the event handler in the global.asax for you, based on the matching signatures. Listing 8.9 shows an HttpModule that raises an event in the global.asax of the application. It defines MyEvent and then raises it as part of the processing of BeginRequest.

Listing 8.9 An HttpHandler That Raises an Event in Global.asax

 public class EventRaise : IHttpModule {     private HttpApplication mApplication;     public event EventHandler MyEvent;     public void Init(HttpApplication application)     {         // Save off the application object         mApplication = application;         // Wire up begin request         mApplication.BeginRequest += new System.EventHandler(this.BeginRequest);     }     private void BeginRequest(object sender, EventArgs e)     {         OnMyEvent(new EventArgs());     }     private void OnMyEvent(EventArgs e)     {         if(MyEvent!=null)             MyEvent(this, e);     }     public void Dispose()     {     } } 

Listing 8.10 shows the global.asax handling the event, based on the friendly name of the HttpModule, EventRaise, and the name of the event, OnMyEvent.

Listing 8.10 The global.asax That Sinks the OnMyEvent Event from the HttpModule

 public class Global : System.Web.HttpApplication {     protected void EventRaise_MyEvent(object sender, EventArgs e)     {         Response.Write("MyEventFired!");     } } 

Authentication Modules

In the previous chapter, we wrote an AuthenticateRequest handler that was used to do role mapping based on Forms authentication with a custom ticket. None of the code in AuthenticateRequest was really application specific. It could easily be abstracted into an HttpModule that sinks the AuthenticateRequest event and can then be reused in many other applications. Converting this code to work in an HttpModule is straightforward. Listing 8.11 shows AuthModule, an implementation of the functionality from the DbFormUrl Listing 7.16 in Chapter 7.

Listing 8.11 AuthenticateRequest in a Web Module for the DbFormUrl Example in Chapter 7

 using System; using System.Collections; using System.ComponentModel; using System.Web; using System.Web.SessionState; namespace DBFormURL {     /// <summary>     /// Summary description for Global.     /// </summary>     public class Global : System.Web.HttpApplication     {         protected void Application_Start(Object sender, EventArgs e)         {             Application["DSN"] = "SERVER=localhost;UID=sa;PWD=;DATABASE= SecuritySample";         }         protected void Application_AuthenticateRequest(object sender, EventArgs e)         {             // Make sure the user has been authenticated             // This event fires for unauthenticated users also             if(Request.IsAuthenticated)             {                 // Get the users identity                 System.Web.Security.FormsIdentity fiUser  = (System.Web.Security.FormsIdentity)User.Identity;                 // Get the ticket                 System.Web.Security.FormsAuthenticationTicket at = fiUser.Ticket;                 // Grab out the roles                 string strRoles = at.UserData;                 // Renew the ticket if need be                 System.Web.Security.FormsAuthenticationTicket ticket = System.Web.Security.FormsAuthentication.RenewTicketIfOld(at);                 if(ticket!=at)                 {                     // Get the encrypted version of the ticket                     string strEncrypted = System.Web.Security.FormsAuthentication.Encrypt(ticket);                     // Put it into a cookie                     HttpCookie hc = new HttpCookie(System.Web.Security. FormsAuthentication.FormsCookieName, strEncrypted);                     hc.Expires = DateTime.Now.AddMinutes(20);                     // Add it to the cookies collection                     Response.Cookies.Add(hc);                 }                 // Create a new principal which includes our role information from the cookie                 HttpContext.Current.User = new System.Security.Principal. GenericPrincipal(fiUser, strRoles.Split(','));             }         }     } } 

Rewriting Paths

Occasionally, a technique that you come up with for conveying information in a URL doesn't fit the standard model for URLs. A great example of this is the cookieless session management that we looked at in Chapter 4, "State Management and Caching." The URLs used in cookieless session management take on the following form:

http://localhost/sessionid/default.aspx

Where the sessionid part varies on a user-by-user basis. This is an invalid URL in the normal context of ASP.NET, so how is it handled? Behind the scenes, the cookieless Session state HttpModule uses a method of the HttpApplication, RewritePath() . RewritePath() allows you to take an incoming URL and change it to point to a different page. This is not a redirect, which requires a round trip to the client. It is also not a Server.Transfer; it happens prior to the PageHandlerFactory executing any code in a page.

RewritePath() allows the cookieless Session state HttpModule to change the preceding URL that ASP.NET looks for to the following:

http://localhost/default.aspx

The URL in the user's browser remains unchanged ”there's no noticeable difference. Let's take a look at an HttpModule that does something of this sort . The RewritePath module in Listing 8.12 sinks the BeginRequest event. Inside this event, it rewrites any request that is received by ASP.NET to instead point to the webform1.aspx file that is in the application root.

Listing 8.12 RewritePath Module That Changes Every Request to Map to webform1.aspx

 public class RewritePath : IHttpModule {     private HttpApplication mApplication;     public void Init(HttpApplication application)     {         // Save off the application         mApplication = application;         // Wire up the begin request         mApplication.BeginRequest += new EventHandler(this.RewritePathHandler);     }  private void RewritePathHandler(object sender, EventArgs e)     {         mApplication.Context.RewritePath(mApplication.Request.ApplicationPath + "/webform1.aspx");     }     public void Dispose()     {     } }