What to watch out for developing an HTTP Module in SharePoint 2007
https://sharepoint.stackexchange.com/questions/3504
-
16-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Has anyone created a custom HTTP Module for SharePoint 2007? If yes, what should I watch out for?
I need to add a course grain authentication check to SharePoint (can a user see this app), so I need to intercept all requests into MOSS, call the existing security components and either allow access or redirect to a Registration screen. I can do this with an HTTP Module, but after an initial attempt, I ran into some "issues".
Anyone done this before???
Background : The Security Authentication Model is Integrated Windows Authentication, and we have to check whether the user is already registered, if yes allow access or else redirect to a registration page.
Solution
You have to take into account that every request (including images / simple files on the server's file system) goes through the HTTP Module, so any time you spend in the SharePoint object model will most likely include at least 1 database call, which will reduce the scalability of your solution significantly.
Our URL Shortener for SharePoint uses an HTTP Module to convert TinyURLs back to the original URLs, however before we involve the SharePoint OM we make sure that the URL in question is indeed a small URL that we want to waste our CPU cycles on. We have A number of checks in place, but one that may apply to you is a quick look at the request's file extension.
OTHER TIPS
Code in HttpModule's should be kept minimal for performance reasons.
However I see other potential ways to solve your requirement, but you will need to tell me a bit more about the scenario you are trying to solve.
First, where does your application live? Is it application pages in SharePoint or do they live on another VDIR/VWEB on the same server?
Why do you need a secondary check for security when users are already logged in? If you want extra security checks, consider developing a custom membership and/or custom role provider for SharePoint.
It is also possible, depending on authentication, to share authentication across web applications. If the machinekey setting match in web.config in SharePoint and an external virtual web, you can share authentication across web sites.
