7

I have a Global.asx file that needs to do custom authentication, auditing and profiling stuff. This is needed because it supports a SAML based SSO system and needs to override the normal .Net authentication (which doesn't support either SAML or mixed authentication)

I don't want to fire it for static files, such as .js, .css, .png, etc

In Cassini/WebDev and IIS7 it does.

What I want to have is some simple check, like a this.Request.IsStaticFile (which doesn't exist, unfortunately) to identify the static files.

I realise that this would be fairly simple to write, but it feels like something that must already exist - IIS has already applied caching policy stuff for the static files and so on.

I need a code solution, rather than an IIS config change one.

Update

This is my current workaround:

/// <summary>Hold all the extensions we treat as static</summary>
static HashSet<string> allowedExtensions = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
{
    ".js", ".css", ".png", ...
};

/// <summary>Is this a request for a static file?</summary>
/// <param name="request">The HTTP request instance to extend.</param>
/// <returns>True if the request is for a static file on disk, false otherwise.</returns>
public static bool IsStaticFile(this HttpRequest request)
{
    string fileOnDisk = request.PhysicalPath;
    if (string.IsNullOrEmpty(fileOnDisk))
    {
        return false;
    }

    string extension = Path.GetExtension(fileOnDisk);

    return allowedExtensions.Contains(extension);
}

This works and is quick enough, but feels horribly clunky. In particular relying on extensions is going to be error prone if we add new static files not thought of.

Is there a better way without changing the IIS config?

Keith
  • 150,284
  • 78
  • 298
  • 434

3 Answers3

0

You might be able to check which handler is dealing with the request.

In IIS6 only .net files, eg aspx are mapped to a handler that does stuff.

In IIS7 with the integrated pipeline, everything routes through .net, which is normally a good thing. Different handlers still deal with different file types though. In particular I believe the staticfilehandler is the one you need to check for. The httpcontext.handler property should allow you to figure it out.

You could create an extension method to add that IsStatic method...

Simon

Simon Halsey
  • 5,459
  • 1
  • 21
  • 32
  • 1
    I realise that I could write my own implementation (like I say in the question) but that feels like re-inventing the wheel. IIS and .Net already know that this is static file request, so there should be an existing way to do this. – Keith Jul 13 '11 at 11:05
0

There are a few options:

  • Adding authorization element and deny none for those paths that you do not need any authentication and contains your static files
  • You are using integrated pipeline. Turn it off on your IIS 7.
Aliostad
  • 80,612
  • 21
  • 160
  • 208
  • I've had to completely override .Net's authorisation mechanism in order to support SAML SSO (that's why I need lots of work in `Application_BeginRequest` in the first place) so option 1's out. Also, like I stated in the question, changing the IIS config is not an option - I need a code solution. – Keith Jul 13 '11 at 11:03
0

There is no doubt that you need to create a custom extension method because ASP.NET routing engine uses this code to decide whether a file exist,

if (!this.RouteExistingFiles)
{
    string appRelativeCurrentExecutionFilePath = httpContext.Request.AppRelativeCurrentExecutionFilePath;
     if (((appRelativeCurrentExecutionFilePath != "~/") && (this._vpp != null)) && (this._vpp.FileExists(appRelativeCurrentExecutionFilePath) || this._vpp.DirectoryExists(appRelativeCurrentExecutionFilePath)))
     {
          return null;
       }
}

You will not able to decide whether the request is static in Application_BeginRequest using context.handler because Routing Module may change the handler and this module always execute after Application_BeginRequest. My suggestion is to use the similar code which ASP.NEt routing engine uses.

user571646
  • 665
  • 5
  • 10