System.Web.HttpServerUtility.Execute Method

Executes the handler for the specified virtual path in the context of the current request. A System.IO.TextWriter captures output from the executed handler and a Boolean parameter specifies whether to clear the HttpRequest.QueryString and HttpRequest.Form collections.

Syntax

public void Execute (IHttpHandler handler, System.IO.TextWriter writer, bool preserveForm)

Parameters

handler
The HTTP handler that implements the System.Web.IHttpHandler to transfer the current request to.
writer
The System.IO.TextWriter to capture the output.
preserveForm
true to preserve the HttpRequest.QueryString and HttpRequest.Form collections; false to clear the HttpRequest.QueryString and HttpRequest.Form collections.

Remarks

You can write custom HTTP handlers to process specific, predefined types of HTTP requests in any language that is compliant with the Common Language Specification (CLS). Executable code that is defined in the HTTP handler classes instead of conventional ASP (also known as classic ASP) pages or ASP.NET pages responds to these specific requests. HTTP handlers allow for interacting with the low-level request and response services of a Web server that is running Internet Information Services (IIS), and they provide functionality that is similar to ISAPI extensions but with a simpler programming model.

ASP.NET does not verify that the current user is authorized to view the resource that is delivered by the HttpServerUtility.Execute(IHttpHandler, System.IO.TextWriter, bool) method. Although the ASP.NET authorization and authentication logic runs before the original resource handler is called, ASP.NET directly calls the handler that is indicated by the HttpServerUtility.Execute(IHttpHandler, System.IO.TextWriter, bool) method and does not rerun authentication and authorization logic for the new resource. If the security policy for your application requires clients to have appropriate authorization to gain access to the resource, the application should force reauthorization or provide a custom access-control mechanism.

You can force reauthorization by using the erload:System.Web.HttpResponse.Redirect method instead of the HttpServerUtility.Execute(IHttpHandler, System.IO.TextWriter, bool) method. The erload:System.Web.HttpResponse.Redirect performs a client-side redirect in which the browser requests the new resource. Because this redirect is a new request entering the system, it is subjected to all the authentication and authorization logic of both the IIS and ASP.NET security policy.

You can verify that the user has permission to view the resource by incorporating a custom authorization method that uses the erload:System.Security.Principal.WindowsPrincipal.IsInRole method before the application calls the HttpServerUtility.Execute(IHttpHandler, System.IO.TextWriter, bool) method.

Requirements

Namespace: System.Web
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0