Insert into instead of add to the HttpModules pipeline

Hello Noremac,

From your description, I understand you've developed a custom httpmodule
for providing SSO service in your ASP.NET web applications, you used to use
some simple configuration settings in application web.config file to
register your custom module, however, you found that you need much more
cofiguration elements in ASP.NET 2.0 application's web.config. So you're
wondering whether there is any more elegant means to do this, correct?

Based on my research, ASP.NET 2.0 has added many new built-in httpmodules,
and the "RoleManager" module is a new module which also related to forms
authentication and authorization. You can try reordering all the following
modules(put after your custom module) in application's web.config file to
see whether it helps:

"FormsAuthentication"
"RoleManager"
"UrlAuthorization"
Also, in .NET 2.0, it provide a set of configuration API that can help us
manage the application(or machine level) configuration in code. For
example, here is a test page which use web configuration API to insert a
custom httpModule before the "FormsAuthentication" module:

================
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write("<br/>current user: " + Environment.UserName);

}
protected void btnButton_Click(object sender, EventArgs e)
{
Configuration config =
WebConfigurationManager.OpenWebConfiguration(Reque st.ApplicationPath);

HttpModulesSection section =
config.SectionGroups["system.web"].Sections["httpModules"] as
HttpModulesSection;

if (section != null)
{
Response.Write("<br/>section: " + section);

ConfigurationElement[] modules = new
ConfigurationElement[section.Modules.Count];
section.Modules.CopyTo(modules, 0);

List<ConfigurationElementnewmodules = new
List<ConfigurationElement>();

foreach (ConfigurationElement elm in modules)
{
Response.Write("<br/>" +
elm.ElementInformation.Properties["name"].Value);

if (elm.ElementInformation.Properties["name"].Value.Equals(
"FormsAuthentication"))
{
Response.Write("<br/>insert my module here");
HttpModuleAction mymodule = new
HttpModuleAction("mymodule", "simpleModule");

newmodules.Add(mymodule);

}

newmodules.Add(elm);
}
section.Modules.Clear();
foreach (ConfigurationElement elm in newmodules)
{
Response.Write("<br/>new module: " +
elm.ElementInformation.Properties["name"].Value);
section.Modules.Add((HttpModuleAction)elm);
}

config.Save(ConfigurationSaveMode.Modified);

}

}
}
========================

Here are some MSDN reference introducing the new web configuration API:

http://msdn2.microsoft.com/en-us/lib...60(vs.80).aspx

http://msdn2.microsoft.com/en-us/library/ms178687.aspx

Hope this helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Those are both good suggestions. Just reordering those three modules seem to
work. Re-writing the config file at runtime seems mighty tempting but I tried
to put it into an "Init" HttpModule and I got errors saving the config file
even with ASPNET having read/write.

It looks like the solution with the most elegance (i.e. less client-app
change) is to insert this handler in the machine's web.config and let each
app turn it on through a definition in their own web.config. I plan on adding
a config section to my HttpModule.

For 1.1, I think we may as well be consistent and add it into the
machine.config. Although I will have to figure out naming, etc since the code
needs to be compiled in both 1.1 and 2.0.

As always, thanks again for your help.

"Steven Cheng[MSFT]" wrote:

Hello Noremac,

From your description, I understand you've developed a custom httpmodule
for providing SSO service in your ASP.NET web applications, you used to use
some simple configuration settings in application web.config file to
register your custom module, however, you found that you need much more
cofiguration elements in ASP.NET 2.0 application's web.config. So you're
wondering whether there is any more elegant means to do this, correct?

Based on my research, ASP.NET 2.0 has added many new built-in httpmodules,
and the "RoleManager" module is a new module which also related to forms
authentication and authorization. You can try reordering all the following
modules(put after your custom module) in application's web.config file to
see whether it helps:

"FormsAuthentication"
"RoleManager"
"UrlAuthorization"
Also, in .NET 2.0, it provide a set of configuration API that can help us
manage the application(or machine level) configuration in code. For
example, here is a test page which use web configuration API to insert a
custom httpModule before the "FormsAuthentication" module:

================
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write("<br/>current user: " + Environment.UserName);

}
protected void btnButton_Click(object sender, EventArgs e)
{
Configuration config =
WebConfigurationManager.OpenWebConfiguration(Reque st.ApplicationPath);

HttpModulesSection section =
config.SectionGroups["system.web"].Sections["httpModules"] as
HttpModulesSection;

if (section != null)
{
Response.Write("<br/>section: " + section);

ConfigurationElement[] modules = new
ConfigurationElement[section.Modules.Count];
section.Modules.CopyTo(modules, 0);

List<ConfigurationElementnewmodules = new
List<ConfigurationElement>();

foreach (ConfigurationElement elm in modules)
{
Response.Write("<br/>" +
elm.ElementInformation.Properties["name"].Value);

if (elm.ElementInformation.Properties["name"].Value.Equals(
"FormsAuthentication"))
{
Response.Write("<br/>insert my module here");
HttpModuleAction mymodule = new
HttpModuleAction("mymodule", "simpleModule");

newmodules.Add(mymodule);

}

newmodules.Add(elm);
}
section.Modules.Clear();
foreach (ConfigurationElement elm in newmodules)
{
Response.Write("<br/>new module: " +
elm.ElementInformation.Properties["name"].Value);
section.Modules.Add((HttpModuleAction)elm);
}

config.Save(ConfigurationSaveMode.Modified);

}

}
}
========================

Here are some MSDN reference introducing the new web configuration API:

http://msdn2.microsoft.com/en-us/lib...60(vs.80).aspx

http://msdn2.microsoft.com/en-us/library/ms178687.aspx

Hope this helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for your reply Noremac,

I think your further consideration is comprehensive. If you have any
further questions or anything we can help later, please feel free to post
here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.