I love the web. The web should allow anyone to access any experience that they need without the need for native install or content walled garden.
During the development of a custom IHttpModule, it's important to be aware of the timing of context access. Avoid accessing HttpContext properties directly within the Init method, as the context isn't fully initialized yet. Instead, handle events like BeginRequest. Within those event handlers, the HttpContext object provided will be fully populated, allowing access to properties such as HttpMethod, QueryString, and Form.
I've been pondering an ASP.Net security concern: while it blocks potentially harmful querystring characters by default, turning this off puts the onus of validation on developers. I'm exploring the idea of a declarative approach to query parameter validation, where developers define predicates (like data types) for expected parameters within the Page Class definition itself. This could simplify validation and ensure data is HTML-safe before reaching the developer. This would streamline validation compared to using custom validators. I'm considering the benefits and implementation details of such an approach.