Exclude HttpModule from running for static content on IIS7

Question

I have a problem with my Authentication HttpModule. The problem is that it obviously runs for every single request I get on my web server (IIS7). Because it also uses Session va

Answer 1

I don't know about an IIS7 setting for that but you can do this.

The session object will be available only for non-static content :

void yourEventHandler(object sender, EventArgs e) {
    HttpApplication app = (HttpApplication)sender;
    if (app.Context.Session == null) {
        return;
    }
    // then your code here...
}

This will ensure your code won't be run for files like CSS, JS etc. But keep in mind the session object will also not be ready before PostAcquireRequestState event. (For the order of the HttpApplication events, see this page.)

Edit : Also, it appears with ASP.NET Development Server (though I know you said IIS7 in your question), your HttpModule will still run even for static files.