I've a huge classic ASP application where in thousands of users manage their company/business data. Currently this is not multi-user so that application users can create users and authorize them to access certain areas in the system.
I'm thinking of writing a handler which will act as middle man between client and server and go through every request and find out who the user is and whether he is authorized to access the data he is trying to.
For the moment ignore about the part how I'm going to check the authorization and all that stuff. Just want to know whether I can implement a ASP.net handler and use it as middle man for the requests coming for a asp website? I just want to read the url and see what is the page user is trying to access and what are the parameters he is passing in the url the posted data. Is this possible? I read that Asp.net handler cannot be used with asp website and I need to use isapi filter or extensions for that and that can be developed only c/c++.
Can anybody through some light on this and guide me whether I'm in the right direction or not?
-
I'd consider using web service instead of handler.superM– superM06/25/2012 10:25:53Commented Jun 25, 2012 at 10:25
-
@superM : how does a web service help with this issue?Wyatt Barnett– Wyatt Barnett08/23/2012 17:54:06Commented Aug 23, 2012 at 17:54
2 Answers 2
A .Net handler can't be used with ASP because IIS can only hand the request off to one handler for each request. ASP and .Net have distinct handlers.
If you wanted to write a .Net HTTPModule to act as a Man in the Middle, the handler for the request would need to be .Net.
I've not tried it, but I reckon if you then wrote a .Net HTTPHandler to service the ASP page (which basically just runs the ASP as a VBScript), you'd have complications with the Request and Response objects. Probably more effort than its worth even trying.
An ISAPI Filter would be the most straight-forward way to go but may not be practical if you don't have the C++ experience. But what you're doing doesn't sound like particularly new ground and there may be an existing implementation you can use.
If you are on IIS7 you could write a .NET HTTP Module and use that within your classic ASP's request pipeline. The main challenge would be how to figure out who is logged into your classic ASP app from ASP.NET.
If you are on IIS6 your only option is ISAPI.
HttpHandlers solve a different problem -- they handle a request after the modules have filtered and modified them. They are not suitable for this sort of filter function.
Explore related questions
See similar questions with these tags.