Exclude HttpModule from running for static content on IIS7

Question

I have a problem with my Authentication HttpModule. The problem is that it obviously runs for every single request I get on my web server (IIS7). Because it also uses Session va

Answer 1

I don't know about an IIS7 setting for that but you can do this.

The session object will be available only for non-static content :

void yourEventHandler(object sender, EventArgs e) {
    HttpApplication app = (HttpApplication)sender;
    if (app.Context.Session == null) {
        return;
    }
    // then your code here...
}

This will ensure your code won't be run for files like CSS, JS etc. But keep in mind the session object will also not be ready before PostAcquireRequestState event. (For the order of the HttpApplication events, see this page.)

Edit : Also, it appears with ASP.NET Development Server (though I know you said IIS7 in your question), your HttpModule will still run even for static files.

Answer 2

runAllManagedModulesForAllRequests attribute has to be set to false to actually configure any module the way you want. You will have to also correctly reconfigure Session and others as needed, but the main thing is handlers pipeline execution order that handles requests.

The answer was provided in one of my other questions:

Thanks to Peter that provided the answer that worked correctly.