Is there a way to tap into FormsAuthentication mechanism to add custom headers to responses?

I have a web app that is using forms authentication.

The scenario is as follows:

1. user requests /Default.aspx
2. Server responds with 302 Found, Objec开发者_运维问答t moved to /login.aspx?ReturnUrl=Default.aspx

Is there a way to tap into this 302 response and add additional response headers to it?

I am specifically interested in adding Expires: header.

---

One of the way could be write your own Forms Authentication Module but it can be too much work.

Yet another (quick hack) solution could be to use global.asax (or a custom HTTP module) for watching the response - you can use events such as PreSendRequestContent to see if current response is 302 and redirects to login.aspx and adds your header in such case.

---

The solution is to create an HttpModule and subscribe to EndRequest event.

It will be called after FormsAuthentication module has tried authorizing the request and decided to return a redirect to login page result.

Something like:

public class ExpireRedirectsHttpModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.EndRequest += OneEndRequest;
    }

    private void OneEndRequest(object sender, EventArgs e)
    {
        var httpApplication = (HttpApplication)sender;
        HttpContext ctx = httpApplication.Context;

        if (ctx == null) return;

        if (ctx.Response.StatusCode == (int)HttpStatusCode.Redirect)
        {
            ctx.Response.Cache.SetExpires(DateTime.UtcNow);
        }
    }

    public void Dispose()
    {
    }
}