Best IT Recipes

ASP.NET 2.0 and 4.0 seem to handle the root URL in Autodesk Forms differently

If there is web.config :

 <configuration> <system.web> <authentication mode="Forms"> <forms name="MembershipCookie" loginUrl="Login.aspx" protection="All" timeout="525600" slidingExpiration="true" enableCrossAppRedirects="true" path="/" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> <location path="Default.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> </configuration>

The application is an ASP.NET 2.0 application running on Windows 2008R2 / IIS7.5.

If the site application pool is configured to run ASP.NET 2.0, and I am browsing http://example.com , then Default.aspx displayed as you would expect from the above rules.

However, if the application pool is configured to run ASP.NET 4.0, I am redirected to the login page. If I explicitly specify http://example.com/default.aspx then everything will be fine and Default.aspx display.

I tried to rewrite / -> /default.aspx (using IIS UrlRewriter 2.0), but the result is still the same, I got to the login page.

I also tried this with an ASP.NET 4.0 application with the same result (this is where the problem arose). The reason I tried this with app 2.0 was to see if there was a change in behavior, and it seems that / handled differently in 4.0.

So, to summarize, using the configuration above, the following is observed:

 ASP.NET Version Url Behavior
 -------------------------------------------------- -----------------------
 2.0 http://example.com Renders Default.aspx
 2.0 http://example.com/Default.aspx Renders Default.aspx
 4.0 http://example.com Redirects to Login.aspx
 4.0 http://example.com/Default.aspx Renders Default.aspx

Is this a bug / change, or am I missing something obvious?

Update:

I have the bottom of this problem, see my own answer below.

+5
forms-authentication
Feb 22 '11 at 16:23
source share
1 answer

Found the culprit. As part of our WebDeploy 2.0 / WebMatrix backend, this hotfix is ​​recommended by WebMatrix Server Validator :

MS KB: 980368 - An update is available that allows certain IIS 7.0 or IIS 7.5 handlers to process requests whose URLs do not end in a period

Installing this hot fix causes ASP.NET 4.0 to change the authentication behavior on forms where only part of the domain name of the URL is requested.

Update 1:

This QFE is also part of Windows 2008 R2 Service Pack 1 (SP1) and will also violate ASP.NET 4.0 forms authentication using the method described above.

Update 2:

In addition, it also disrupts the processing of default documents when running classic ASP applications in an application pool configured to operate in ASP.NET and Classic Pipeline mode.

Server returns error 404.2 - Not Found .

The same violation violation applies to Windows 2008R2 SP1.

Update 3:

I reported this to MS PSS, and they confirmed a violation of changes in behavior. They created this KB article in response to us (and presumably others) that were affected by it:

Web Services May Not Work in Microsoft Internet Information Services (IIS) 7.5 and Windows 7 Service Pack 1 with .NET Framework 4.0 due to the use of URL handlers without an extension

In my case, I basically delete (or advise clients) handlers without extension if this affects this problem:

 <configuration> <system.webServer> <handlers> <remove name="ExtensionlessUrl-Integrated-4.0" /> <remove name="ExtensionlessUrl-ISAPI-4.0_64bit" /> <remove name="ExtensionlessUrl-ISAPI-4.0_32bit" /> </handlers> </system.webServer> </configuration>
+4
Feb 22 '11 at 23:23
source share


More articles:


All Articles