Remove unnecessary HTTP modules from the ASP.NET pipeline

Edit on GitHub

Trying to speed up some things in a demo ASP.NET application for a customer, I found a really simple and effective way to remove some HTTP modules from the ASP.NET pipeline. When you are not using WindowsAuthentication or PassportAuthentication or ..., you can easily disable those modules. This decreases ASP.NET bootstrapping time as there are fewer object creations to do every page load...

Now, how to do this? Very easy! Fire up your Visual Studio, and open Web.config.
In the HttpModules section, add some "remove" elements, one for every module you whish to disable. If HttpModules section is not present, you can add it yourself.

[code:xml]

...
<httpModules>
    <remove name="WindowsAuthentication"/>
    <remove name="PassportAuthentication"/>
    <remove name="UrlAuthorization"/>
    <remove name="FileAuthorization"/>
</httpModules>
...

[/code]

Here are the default HttpModules that are present and can eventually be disabled:

  • OutputCache
  • Session
  • WindowsAuthentication
  • FormsAuthentication
  • PassportAuthentication
  • RoleManager
  • UrlAuthorization
  • FileAuthorization
  • AnonymousIdentification
  • Profile
  • ErrorHandlerModule (I'm sure you want this one enabled!)
  • ServiceModel

Check C:\WINDOWS\microsoft.NET\Framework\<version>\CONFIG\Web.config for more things you can emit. There are probably some more things you can override in your own Web.config...

Now assume you have a public and protected part on your website. The public part is www.example.com, the private part is www.examle.com/protected. Thanks to ASP.NET's configuration cascading model, you can now disable FormsAuthentication for www.example.com, as no authentication will be needed there. In the www.private.com/protected folder, you can now put another Web.config file, enabling FormsAuthentication on that folder. How cool is that!

I'm on my way to vacation. No blog posts next week, unless I spot a bear somewhere.

This is an imported post. It was imported from my old blog using an automated tool and may contain formatting errors and/or broken images.

Leave a Comment

avatar

2 responses

  1. Avatar for Duncan Smart
    Duncan Smart January 17th, 2008

    [quote]Trying to speed up some things...[/quote] So - what was the speed-up, did you measure it?

  2. Avatar for Maarten
    Maarten January 17th, 2008

    We did not measure the speed-up, it should save a few initialisation routines at every request.

    Personally, I think this trick should only be used on high-trafic web applications. Also make sure every developer knows this trick has been used: if one wants to use Sessions, and they are disabled, an unexperienced developer might have to search a while to fid out why sessions aren't working...