Expand Minimize

SMA290121: Remove HttpHandlers

There is no direct replacment for HttpHandlers in the App Model. Depending on the purpose of the HttpModules an alternative approach must be implemented.

CheckId SMA290121
TypeName HttpHandlerRecommendations
Severity Error
Type Assembly

Full Trust Approach App Approach
Deploy a managed code class which inherits from the HttpHandler interface iHttpHandler

Traditionally in full trust applications, it was possible to create a handler which could direct HTTP requests in the programmed way. Uses are often applications such as converting data from one format to another, or adding a custom api to join server side applications and the client side in a more transparent manner.

Remote REST api

Now we can add this extra functionality to keep processing server side, by using a remote api that uses the App Model for security. This allows the program to be separate the process from the Client Side application, and keeps the processing offloaded.
Typically, you would use this method if you need to serve files that are generated on the fly for different MIME types rather than the source data.

Client Side JSOM

As long as all the methods required are available in JSOM, then the processing can be done in the client.

Impact of Full Trust Approach Benefit of App Approach
Not Migratible

The exact implementation of the HttpHandler interface is not migratible to the App Model.

Server Performance Impact

HttpHandlers can traditionally be a point of performance issues. Often they are used for processing large amounts of data, be it from multiple sources or from a large list/library. This means having such a component on the farm can, and often will, impact server performance.

Server Performance

This has added benefits of distributing the processing, heavily reducing the impact on the farm.

Disaster recovery

With less components deployed on the farm, disaster recovery plans become much simpler, and the turn around of activating a DR plan is significantly reduced as the processing components of the farm are separate.

Efforts and Benefits

Migration Impact Critical
Re-Design Effort High
Re-Development Effort High
Long Term Benefit High

Effort Drivers

  • Performance
  • Disaster Recovery

To suppress this violation in managed code add the following attribute to the method which contains the instruction (available since SPCAF version v5.2). Learn more about SuppressMessage here.

// Important: Ensure to have #define CODE_ANALYSIS at the beginning of your .cs file
[SuppressMessage("SPCAF.Rules.MigrationAssessment.AdvancedCustomizationsGroup", "SMA290121:HttpHandlerRecommendations", Justification = "Provide reason for suppression here")]
Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.