Maarten Balliauw

Maarten Balliauw

Loves web and HTTP, C#, Kotlin, Azure and application performance. Developer Advocate at JetBrains. Frequent speaker at and organizer of various community events. Likes brewing his own beer.

Remove unnecessary HTTP modules from the ASP.NET pipeline

Edit on GitHub

Trying to speed up some things in a demo ASP.NET application for a customer, I found a really simple and effective way to remove some HTTP modules from the ASP.NET pipeline. When you are not using WindowsAuthentication or PassportAuthentication or ..., you can easily disable those modules. This decreases ASP.NET bootstrapping time as there are fewer object creations to do every page load...

Now, how to do this? Very easy! Fire up your Visual Studio, and open Web.config.
In the HttpModules section, add some "remove" elements, one for every module you whish to disable. If HttpModules section is not present, you can add it yourself.

[code:xml]

...
<httpModules>
    <remove name="WindowsAuthentication"/>
    <remove name="PassportAuthentication"/>
    <remove name="UrlAuthorization"/>
    <remove name="FileAuthorization"/>
</httpModules>
...

[/code]

Here are the default HttpModules that are present and can eventually be disabled:

  • OutputCache
  • Session
  • WindowsAuthentication
  • FormsAuthentication
  • PassportAuthentication
  • RoleManager
  • UrlAuthorization
  • FileAuthorization
  • AnonymousIdentification
  • Profile
  • ErrorHandlerModule (I'm sure you want this one enabled!)
  • ServiceModel

Check C:\WINDOWS\microsoft.NET\Framework\<version>\CONFIG\Web.config for more things you can emit. There are probably some more things you can override in your own Web.config...

Now assume you have a public and protected part on your website. The public part is www.example.com, the private part is www.examle.com/protected. Thanks to ASP.NET's configuration cascading model, you can now disable FormsAuthentication for www.example.com, as no authentication will be needed there. In the www.private.com/protected folder, you can now put another Web.config file, enabling FormsAuthentication on that folder. How cool is that!

I'm on my way to vacation. No blog posts next week, unless I spot a bear somewhere.

This is an imported post. It was imported from my old blog using an automated tool and may contain formatting errors and/or broken images.

Leave a Comment

avatar

2 responses

  1. Avatar for Duncan Smart
    Duncan Smart January 17th, 2008

    [quote]Trying to speed up some things...[/quote] So - what was the speed-up, did you measure it?

  2. Avatar for Maarten
    Maarten January 17th, 2008

    We did not measure the speed-up, it should save a few initialisation routines at every request.

    Personally, I think this trick should only be used on high-trafic web applications. Also make sure every developer knows this trick has been used: if one wants to use Sessions, and they are disabled, an unexperienced developer might have to search a while to fid out why sessions aren't working...

You May Also Enjoy

Test-Driving Windows 11 Dev Drive for .NET

At Build 2023 back in June, Microsoft announced a new form of storage volume for Windows 11: Dev Drive. In October 2023, support for Dev Drive was shipped as a Windows Update and now available to anyone using the latest version of Windows 11. [Environment]::SetEnvironmentVariable(“npm_config_cache”, “$DevDrive\Pack... Read more »

Provide opt-in to experimental APIs using C#12 ExperimentalAttribute

When writing libraries and frameworks that others are using, it’s sometimes hard to convey that a given API is still considered “experimental”. For example, you may want to iterate on how to work with part of the code base with the freedom to break things, while still allowing others to consume that code if they are... Read more »

Discriminated Unions in C#

Discriminated unions have been a long-standing request for C#. While F# users have had discriminated unions for years, C# developers will have to wait a bit longer. Read more »