Role of HTTP Modules in .NET Security
Today, one of the important goals is to provide high
security to the distributed Web Applications. The security
is designed throughout the .NET Framework like Code Access
Security, ASP.NET Integrated Security and Cryptography,
which can be optimally used to develop Secure Applications.
However, in scenarios where one has to perform
Authentication or Authorization by the database and give
appropriate privileges to the users (or) the permissions
have to be provided at the runtime for specific operations
(or) in scenarios like where no web browsers are used , it
becomes crucial to develop Custom Security.
The
ASP.NET Framework has defined set of Http Modules which
takes care of the basic Authentication and Authorization
mechanisms. The Custom Security (Custom Authentication or
Authorization) can be performed in Forms Authentication or
Windows Authentication by coding in the Global.asax file,
which is not a reliable (or) reusable solution. The .NET
Framework gives the flexibility to develop custom Http
Modules and plug them into the ASP.NET Application,hence
enabling to develop highly scalable, reusable and reliable
.NET Security Components.
This article explains
in detail about the HTTP Modules and the steps to create
custom Http Module with an example. The article also gives a
brief how to create a custom Http Module in developing a
custom database authorization module.