California Consumer Privacy Act (CCPA) Opt-Out Icon

In the ever-changing world of web development, managing and optimizing the flow of inbound and outbound traffic is critical. Internet Information Services (IIS) provides a powerful platform for web applications, and one of its powerful features is the ability to use handlers.

Custom handlers allow developers to create custom solutions that enhance the functionality and performance of their applications. In this blog, we will look at what handlers are in IIS, how to create custom handlers in ASP.NET Framework applications, and the benefits of using them.

You can read more about this in my previous blog.
IIS Handler

If you want to do the same thing using modules, read more below.
Remove unwanted HTTP headers using IIS modules

Handlers in IIS are components that process requests to the server. When a client sends a request, IIS determines the appropriate handler to handle the request based on its type. Handlers operate at a lower level than modules, interacting directly with HTTP requests and responses. They can control the entire request pipeline, making them essential for tasks that require specific handling of HTTP requests, such as file downloads, dynamic content generation, and custom authentication mechanisms.

Creating a custom handler in an ASP.NET Framework application involves several steps.

I am using .NET Framework version 4.8.1 to create this class library in Visual Studio 2022.

Step 1: Create a new Visual Studio project

• Open Visual Studio and create a new Class Library project.
  

Give it an appropriate name (e.g. “MyCustomHandler”).

Step 2: Implementing the IHttpHandler interface

To create a custom handler, you must implement the `IHttpHandler` interface, which requires defining two methods: `ProcessRequest` and `IsReusable`.

namespace RemoveHeadersUsingHandlers
{
    // You may need to install the Microsoft.AspNetCore.Http.Abstractions package into your project
    public class RemoveHeadersMiddleware
    {
        private readonly RequestDelegate _next;

        public RemoveHeadersMiddleware(RequestDelegate next)
        {
            _next = next;
        }

        public async Task InvokeAsync(HttpContext context)
        {
            context.Response.OnStarting(() =>
            {
                // List of headers to remove
                var headersToRemove = new[] { "X-AspNetMvc-Version", "Server", "Content-Type" };
                foreach (var header in headersToRemove)
                {
                    context.Response.Headers.Remove(header);
                }
                context.Response.Headers.Add("X-Frame-Options","SAMEORIGIN");
                context.Response.Headers.Add("X-Powered-By", "123.123.123.123");
                context.Response.Headers.Add("X-Content-Type", "nosniff");
                return Task.CompletedTask;
            });
            // Call the next delegate/middleware in the pipeline
            await _next(context);
        }
    }

    // Extension method used to add the middleware to the HTTP request pipeline.
    public static class RemoveHeadersMiddlewareExtensions
    {
        public static IApplicationBuilder UseRemoveHeadersMiddleware(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware();
        }
    }

Step 3 A: Registering the handler in Web.config

After creating a handler class, you need to register it in your application’s `Web.config` file.

Step 3 B: Registering a Handler via the IIS UI

After creating the handler class, you can place the ‘DLL’ in the bin folder of your application.
Then go to ‘Handler Mapping’.

Click ‘Add Managed Handler’.

Enter the details of the handler

Here’s how to add a custom handler to an application hosted on IIS:

Step 3: Accessing the custom handler

Once registration is complete, you can access your custom handler via the specified path. In this example, `[URL]` triggers the custom handler and returns the response defined in the `ProcessRequest` method of the custom handler class library.

Custom handlers have the ability to inspect, modify, or replace incoming and outgoing HTTP traffic. This is especially useful for implementing custom logic that cannot be achieved with standard handlers. For example, you can use custom handlers to:

• Filters and validates incoming requests before they reach your application.
• Modify the request headers or body content to suit your specific requirements.
• Generate dynamic responses based on request parameters.
• Log detailed information about requests and responses for audit purposes.
• Implement a custom caching mechanism to optimize performance.

Custom handlers allow developers to create highly specialized solutions that enhance the security, performance, and functionality of web applications.

The Failed Request Event Buffering (FREB) log in IIS provides detailed information about the request processing pipeline, including the execution of custom handlers. To track custom handlers in the FREB log, follow these steps:

• Enable FREB Logging: In IIS Manager, select the site and go to “Failed Request Tracing Rules”. Enable FREB and configure the rule to capture relevant information.
• Configure tracking rules: Specify conditions that trigger tracking, such as status codes, duration, or specific request URLs.
• Analyze FREB Logs: After enabling FREB, you can analyze the logs generated for each request. The logs provide detailed insights into each step of the request processing pipeline, including the execution of custom handlers. Look for entries related to the path of your custom handlers and investigate events logged during execution.

  

FREB logs provide a powerful tool for debugging and optimizing custom handlers, as they provide detailed visibility into the request processing flow and help identify performance bottlenecks or errors.

Custom handlers are best suited for scenarios where you need fine-grained control over the request and response process. Consider using custom handlers in the following situations:

• Custom authentication and authorization: Implement custom authentication mechanisms that go beyond the capabilities of the standard handlers.
• Dynamic content generation: Generate content on the fly based on request parameters, user roles, or other dynamic factors.
• Request Filtering and Validation: Filter and validate incoming requests to ensure they meet certain criteria before processing them.
• Custom logging: Log detailed information about requests and responses for auditing, monitoring, or debugging purposes.
• Performance optimization: Implement custom caching, compression, or other performance-enhancing techniques.

Custom handlers allow developers to create tailored solutions that meet specific business requirements and improve the overall functionality and performance of web applications.

Custom handlers offer several advantages that make them a valuable tool in the developer toolkit.

• Flexibility: Custom handlers provide the flexibility to implement unique request processing logic that cannot be implemented with the standard handlers.
• Performance: By optimizing request and response processing, custom handlers can significantly improve the performance of web applications.
• Security: Implementing custom authentication and authorization mechanisms enhances the security of your web applications.
• Extensibility: Custom handlers can be easily extended and adapted to changing business requirements.
• Debugging and Logging: Custom handlers provide detailed logging capabilities to aid in debugging and performance monitoring.

These advantages make custom handlers an essential tool for developers looking to create sophisticated, high-performance web applications.

The ability to create custom handlers in IIS and ASP.NET Framework applications gives developers unparalleled control over the request and response lifecycle. Implementing custom handlers can help you address specific business requirements, optimize performance, and enhance the security of your Web applications. Whether you need to filter requests, generate dynamic content, or implement custom authentication, custom handlers provide the flexibility and power you need to achieve your goals.

As you explore the potential of custom handlers, don’t forget to leverage tools like FREB Logs to track and optimize performance and ensure your application runs smoothly and efficiently.