Http handlers is a really elegant infrastructure allowing you to provide special behavior to specific paths in your application. You can use them to create RSS feeds, dynamically generate images, handle requests differently and more.
Apart from writing new http handlers, there are some built-in handlers that you can take advantage of. The built in handlers are separated into three categories (in my opinion at least): request handlers, error generators and misc. handlers.
Request Handlers
These handlers process requests in a specific way. Although these already have paths configured for them, you can manually configure them in the web.config (or via IIS Manager) to run on different paths. For example, treat ABC files the same as ASPX files. There is one catch here – because ASPX, ASHX and ASMX files are dynamically compiles, you will also need to provide build configurations for the new extensions.
The handlers in this category include:
- The regular ASP.NET page (ASPX) hander - System.Web.UI.PageHandlerFactory.
- The generic handler (ASHX) handler - System.Web.UI.SimpleHandlerFactory.
- The resource handler (WebResource.axd) - System.Web.Handlers.AssemblyResourceLoader.
- The web service handler (ASMX) - System.Web.Services.Protocols.WebServiceHandlerFactory.
- The trace handler (trace.axd) – System.Web.Handlers.TraceHandler.
The following web.config sample enables accessing trace info via MyTrace.aaa (this is web.config configuration for IIS 7 running in Integrated mode, in other versions or modes the configuration will be a bit different):
After this is configured (and tracing is enabled as well), try navigate to MyTrace.aaa page.
Error Generators
These handlers generate specific http errors. You can use them to prevent access to specific files, specific extensions or folders. These error generator handlers include:
- Forbidden – generates a 403 Forbidden http error - System.Web.HttpForbiddenHandler.
- Not Found – generates a 404 Not Found http error - System.Web.HttpNotFoundHandler.
- Method Not Allowed – generates a 405 Method Not Allowed http error - System.Web.HttpMethodNotAllowedHandler.
- Not Implemented – generates a 501 Not Implemented http error - System.Web.HttpNotImplementedHandler.
The following web.config sample prevents users from accessing all files with secret extensions. Once a user tries to access such file he or she will get a 403 Forbidden page:
<system.webServer>
<handers>
<add verb="*" path="*.secret" name="SecretAccess" type="System.Web.HttpForbiddenHandler"/>
</handlers>
</system.webServer>Try navigating to top.secret and witness the result.
Miscellaneous
The misc. category contains one handler, the static file handler, which can help in various scenarios. It will present the file content without any processing. With this handler you can, for example, enable users to retrieve lkr file (no special meaning to this extension that I know of) content.
- Static file – shows the content of a file without any processing - System.Web.StaticFileHandler.
The following sample configures lkr files to be processed by the static file handler. To test this, create a txt file in your web application root folder, rename its extension to lkr and navigate to it.
<system.webServer>
<handlers>
<add verb="*" path="*.lkr" name="lkr-handler"
type="System.Web.StaticFileHandler" resourceType="File"/>
</handlers>
</system.webServer>
All the best,
Shay.
Share it:
