[Mono-aspnet-list] Help with MVC4 authentication please - at wit's end

Alex E. Wielhouwer alexew at synapticsys.com
Tue Sep 16 17:34:23 UTC 2014 

Using BrianV's post at http://stackoverflow.com/questions/17900677/running-mono-3-2-0-with-net-mvc-4 I have almost completed setting up an MVC4 app that runs under IIS7 to run under Ubuntu/Mono/Apache.  The only thing not working is authentication.

In web.config I have:
  <system.web>
    <authorization>
      <deny users="?" />
      <allow users="*" />
    </authorization>

To deny anonymous users.  If I remove the deny line it works fine for anonymous, but does not enforce a login.

I have a custom authorization process to force and handle logins

Again, web.config:
<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="UrlAuthorization" />
      <remove name="AuthModule" />
      <remove name="BasicAuthModule" />
      <add name="AuthModule" type="appData.AuthModule, appData" />
      <add name="BasicAuthModule" preCondition="managedHandler" type="appData.AuthModule, appData" />
    </modules>
    <handlers>
      <remove name="MvcHttpHandler" />
      <remove name="UrlRoutingHandler" />
      <add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </handlers>

When I deny anonymous users the BasicAuthModule is triggered in IIS7 and my custom authentication is run, which issues a WWW-Authenticate header when there is no user or an invalid user.  Debug code indicates that the module is never even loaded.

My conf file for the app is
<Location "/app">
     Allow from all
     Order allow,deny
     DirectoryIndex default.aspx
     Require all granted
     Satisfy Any
     MonoSetServerAlias app
     SetHandler mono
     SetOutputFilter DEFLATE
     SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png)$" no-gzip dont-vary
</Location>

Something is intercepting the authorization processing and kicking out the anonymous user before my code gets to it.

I have crawled around various sites and tried numerous variations based on suggestions but no luck.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-aspnet-list/attachments/20140916/ac0e6b99/attachment.html>

More information about the Mono-aspnet-list mailing list