I trying to perform aditional validation before application start reading the input of the request, to end suspicious request, based on headers and form data or something like that.

Is there it possible?

[Update]

I'm focusing in prevent a zero day vunerability that occurs before BeginRequest and ins't catch by ASP .net validation.

If I could control the creation of the HttpWebRequest object I could detect this attack.

[Solution]

It can be solved using a native module.

Information about a creating a native module can be found here (using C++): http://learn.iis.net/page.aspx/169/develop-a-native-cc-module-for-iis/

The zero day vulnerability I was talking is described in this blog post: http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx

I made a fix for it (is a pre release, not suitable for production) and can be found on GitHub: https://github.com/ginx/HashCollisionDetector

Thanks for all the help.

BeginRequest is the first event in the IIS request-processing pipeline.

The only pre-request actions that happen before that event are the creation of instances the HttpContext, HttpRequest and HttpResponse classes.

It's also the case that the BeginRequest event in some registered HttpModules (including Global.asax) will run before others. However, ASP.NET makes no guarantees with regard to ordering.

You can ask HttpApplication to do this for you by setting pages validateRequest="true" in your web.config.

Otherwise, you can attempt to replace some of the standard modules in the IIS pipeline (not recommended unless you have a lot of time on your hands).

Here are some very good resources:

ASP.NET Application Life Cycle Overview for IIS 7.0

IIS 7 Modules Overview

Customizing IIS 7.0 Roles and Modules

It can be solved using a native module.

Native module are executed before any ASP .net validation.

Information about a creating a native module can be found here (using C++): http://learn.iis.net/page.aspx/169/develop-a-native-cc-module-for-iis/