How can I change or remove HttpRequest input arguments in a HttpModule

Posted by Eric Gunn on Stack Overflow See other posts from Stack Overflow or by Eric Gunn
Published on 2011-01-17T18:24:16Z Indexed on 2011/01/17 18:53 UTC
Read the original article Hit count: 262

Filed under:
|
|

Is it possible to change or remove http request form inputs in an httpmodule?

My goal is to create a security IHttpmodule that will check the request for reasonable values, such as limits on acceptable input and query parameter length, or use the AntiXSS Sanitizer to remove threats, log potential hack attempts, etc. before a request is passed on to a processor.

Because this is a cross cutting concern I'd prefer to find a solution that applies to all requests and affects all ways request values could be accessed, Reqest.Form, Action(model), Action(FormCollection), HttpContext.Current.Request.Form, etc.

I'm using MVC and have considered creating custom model binders to clean the data before creating the model instance. But that would be application specific, require remembering to register every model binder and only apply to Action(model).

© Stack Overflow or respective owner

Related posts about c#

Related posts about ASP.NET