Ironing code, geek t-shirts and even presentations!


Good to Know: Built-in ASP.NET Http Handlers

Http handlers is a really elegant infrastructure allowing you to provide special behavior to specific paths in your application. You can use them to create RSS  feeds, dynamically generate images, handle requests differently and  more.

Apart from writing new http handlers, there are some built-in handlers that you can take advantage of. The built in handlers are separated into three categories (in my opinion at least): request handlers, error generators and misc. handlers.

Request Handlers

These handlers process requests in a specific way. Although these already have paths configured  for them, you can manually configure them in the web.config (or via  IIS Manager) to run on different  paths. For example, treat ABC files the same as ASPX files. There is one catch here – because ASPX, ASHX and ASMX files are dynamically compiles, you will also need to provide build configurations for the new extensions.

The handlers in this category include:

  • The regular ASP.NET page (ASPX) hander - System.Web.UI.PageHandlerFactory.
  • The generic handler (ASHX) handler - System.Web.UI.SimpleHandlerFactory.
  • The resource handler (WebResource.axd) - System.Web.Handlers.AssemblyResourceLoader.
  • The web service handler (ASMX) - System.Web.Services.Protocols.WebServiceHandlerFactory.
  • The trace handler (trace.axd) – System.Web.Handlers.TraceHandler.

The following web.config  sample enables accessing trace info via (this is web.config configuration for IIS 7 running in Integrated  mode, in other versions or modes the configuration will be a bit different):

        <add verb="*" path="" name="Trace-handler" type="System.Web.Handlers.TraceHandler"/>

After this is configured (and tracing is enabled as well), try navigate to page.

    Error Generators

    These handlers generate specific http errors. You can use them to prevent access to specific files, specific extensions or folders. These error generator handlers include:

  • Forbidden – generates a 403 Forbidden http error - System.Web.HttpForbiddenHandler.
  • Not Found – generates a 404 Not Found  http error - System.Web.HttpNotFoundHandler.
  • Method Not Allowed – generates a 405 Method Not Allowed http error - System.Web.HttpMethodNotAllowedHandler.
  • Not Implemented – generates a 501 Not Implemented http error - System.Web.HttpNotImplementedHandler.

The following web.config sample prevents users from accessing all files with secret extensions. Once a user tries to access such file he or she will get a 403 Forbidden page:

    <add verb="*" path="*.secret" name="SecretAccess" type="System.Web.HttpForbiddenHandler"/>

Try navigating to top.secret and witness the result.


    The misc. category contains one handler, the static file handler, which can help in various  scenarios. It will present the file content without any processing. With this handler you can, for example, enable users to retrieve lkr file (no special meaning to this extension that I know of) content.

  • Static file – shows the content of a file without any processing - System.Web.StaticFileHandler.

The following  sample configures lkr files to be processed by the static file handler. To test this, create a txt file in your web application root folder, rename its extension to lkr and navigate to it.

    <add verb="*" path="*.lkr" name="lkr-handler" 
              type="System.Web.StaticFileHandler" resourceType="File"/>


All  the best,

Share it:
Shout it kick it on

Pingbacks and trackbacks (8)+

Add comment