All geek questions in one place

FormsAuthenticationModule Event Authentication Fails When Using ASP.NET MVC

We use the HttpModule to connect to the FormsAuthenticationModule module and subscribe to the Authenticate event. When we use web forms, this event fires in the module. When we use MVC, this event does not fire.

I tried using the [Authorize] attribute on the controllers and the location in web.config (although this is not the best practice) to try to fire this event, but it still doesn’t.

The event fires when using the Cassini web server, but does not fire in IIS 7.5 or IIS Express. We run ASP.NET MVC 2 using .NET 3.5

EDIT

The Authentication event is triggered when we request a .aspx or .ashx file. If we request a file without continuing either .css or .js, it also does not start.

The new ASP.NET MVC application will fire this event for each requested file.

Any suggestions?

+4
source share
3 answers

Our web.config does not have the runAllManagedModulesForAllRequests = "true" element from the modules element in system.webServer. After that, all web requests receive an authorization event from the FormsAuthenticationModule.

<system.webServer> .... <modules runAllManagedModulesForAllRequests="true"> .... </system.webServer>
+2
source

Going to the aspx page does not check if forms authentication works in MVC, you need to go to the route. I saw your answer and what I had in mind. Instead of the ineffective runAllManagedModulesForAllRequests="true" I suggest removing the managedHandler precondition:

  <remove name="FormsAuthentication"/> <add name="FormsAuthentication" preCondition="" type="System.Web.Security.FormsAuthenticationModule"/> <remove name="DefaultAuthentication"/> <add name="DefaultAuthentication" preCondition="" type="System.Web.Security.DefaultAuthenticationModule"/> <remove name="RoleManager"/> <add name="RoleManager" preCondition="" type="System.Web.Security.RoleManagerModule"/> <remove name="UrlAuthorization"/> <add name="UrlAuthorization" preCondition="" type="System.Web.Security.UrlAuthorizationModule"/> <remove name="UrlRoutingModule-4.0"/> <add name="UrlRoutingModule-4.0" preCondition="runtimeVersionv4.0" type="System.Web.Routing.UrlRoutingModule"/>
+2
source

I don't think this is the best way to solve it, but I also use a combination of MVC and formpages and set all permissions in web.config

 <location path="[path]"> <system.web> <authorization> <allow users="[username]" roles="[role]"/> <deny users="*"/> </authorization> </system.web> </location>
0
source

Source: https://habr.com/ru/post/1393950/

More articles:


All Articles