Last post Sep 20, 2013 04:35 PM by Valerin
Sep 19, 2013 03:19 PM|itemplate|LINK
Suppose I receive some data (using a Http Post) where I have to remove some some sensitive sections of that data before anything else. This calls for a HttpModule where I implement the HttpApplication.OnBeginRequest - correct? Here I must remove the data
that cannot pass the module. Can I ensure that my module here is run? What if someone by accident comments out my Module from web.config?
Sep 19, 2013 05:45 PM|Valerin|LINK
I can think of a few ways to accomplish this, but as far as I know my knowledge is web server specific. Would you be able to tell me what this application will be deployed on?
Sep 20, 2013 07:27 AM|itemplate|LINK
Oh yes sorry :)
It would be a mix (if possible) IIS6/7 on Windows 2003/2008. But it will be deployed on whatever I tell it to really. I just need support for HTTPS certificate on it...
Sep 20, 2013 04:35 PM|Valerin|LINK
Well it just so happens my knowledge is for IIS, so here we go:
"Manually edit the IIS configuration store, either globally to enable the module for all applications on the server, or in a particular web.config file located within each application for which you would like to enable this module." - http://www.iis.net/learn/get-started/introduction-to-iis/iis-modules-overview#Enable_mod
If you enable it globally then it won't be in the web.config and thus no one can comment it out. But to ensure it's only used by the application you want we need to look at handler mappings.
Handler mappings can be set up on a per application basis. What a handler mapping does is when a user requests a certain type of page (.html, .aspx, etc...) the handler mapping will tell it which modules the request needs to be sent to in order to be processed
In your case, for this application you probably want all your page types to be sent to your "Sensitive Info Removal" module. In all other applications on the server or other applications you make in the future, just don't map any page types to your "Sensitive
Info Removal" module and they'll be processed normally.
Here is how to configure handler mappings on IIS 7. It also offers more info on handler mappings if you found my explanation poor.
Hope it helps,