ASP.NET - security implementation in code vs custom http handlers?

Asked By karur krishna madhu on 30-Apr-14 02:38 AM
what difference does it make if i implement security in code level instead of implementing the same using custom HTTP handlers in  HTTP pipeline? In which scenario we go for level code implementation of security features  and the same in custom HTTP handlers level?
Robbe Morris replied to karur krishna madhu on 30-Apr-14 10:25 AM
What "kind" of security are you talking about? 

Not sure why you would need to implement some sort of hook into the http pipeline before it gets to your aspx page.   I understand what you are talking about (written these handlers myself) but I can't think of a single app I've ever seen or friend I've talked to that has done this with their apps in the 14 years I've been working with .NET.
Hemanth Kumar replied to karur krishna madhu on 01-May-14 05:55 AM
Could you please more elaborate about the question you have asked ?

Robbe Morris replied to Hemanth Kumar on 01-May-14 11:46 AM
Elaborate?  I asked you to.  When speak of implementing security, be more specific.  You talk about doing this in your code behind versus custom http handlers.  Obviously you and someone on your team are discussing/debating this.  What specifically are you debating?
karur krishna madhu replied to Robbe Morris on 02-May-14 02:36 AM
HI morris
security with respect to users(authentication and authorization).permission based access. generally every developer will implement using authentication or authorization concepts  or using member ship roles. My question is what advantage we have if i implement the same at the Http handler level? if there is no advantage as such then where does this custom HTTP handlers fit the bill? when would we implement the Ihttphander or I httpmodule?
Robbe Morris replied to karur krishna madhu on 02-May-14 08:09 AM
That's what I figured.  I don't see any advantage to the increased complexity.  In fact, there will no doubt be instances where you will need to conditionally behave differently in certain areas of your web app (if not now, in the future) and this technique will make that problematic.
karur krishna madhu replied to Robbe Morris on 05-May-14 01:37 AM
Hmm!Thanks morris