I have a site that is a mix of both MVC and WebForms that is utilizing forms authentication. Recently there was a need to switch from using WebForms to handle the authentication to MVC so I created an Account controller with a Login method and created the corresponding view. If someone was already authenticated and tried to visit "account/login", I wanted them to be redirected to the Index page of the controller so I have the following if statement at the top of the action:
if(User.Identity.IsAuthenticated)
There are no issues with this statement on my development machine; however, when I deploy this to the server, the User object is always null. I've searched on stackoverflow and the rest of the internet and have not yet found anything that has resolved the issue.
I should mention that the server this is running on is Windows Server 2008 Standard running IIS7.
Anyone have any ideas on why the User object is always null? I did see a stackoverflow post that mentioned it is because of the way IIS handles extensionless routes; however, when I tried to install the KB mentioned in that post it said the KB didn't apply to my server.
Okay - I finally figured out the issue.
I found a post here (http://forums.asp.net/t/1689878.aspx?HttpContext+Current+User+always+null+on+IIS+) that said the issue was because they didn't have runAllManagedModulesForAllRequests set to true. I don't want that set to true so I did a little more searching and ran across this stackoverflow posting: <modules runAllManagedModulesForAllRequests="true" /> Meaning
I checked my entry in the applicationHost.config file and found that it had the precondition of "managedHandler". Once I took that precondition off, then everything started working as expected. The odd thing is that in my development environment the precondition was there, yet it worked without issue. Perhaps it is because my dev box uses IIS 7.5 while the server uses IIS 7.0.
Related
What scenarios cause IIS to generate a 302 besides response.redirect? I'm working on an legacy ASP.NET app and it's generating 302s in IIS. The thing is, the code doesn't make any response.redirect calls. I don't know how to debug this thing. Could losing session generate a 302? I'm totally lost.
It can happen if you return a CSS file in ASP.NET over http when it should be over https, ive seen that happen in the past. Also if any web services tied into that application that are getting hit or making passes that fail, that could cause it too. Just shooting from my hip and trying to recall the last time I seen those issue's arise.
Check at the IIS level, not ASP.NET level.
Check the IIS management console. Possible options are:
"URL rewrite module"
"HTTP redirect" (under the website settings, for IIS7)
I have an ASP.Net MVC5 application, using the Identity "out of the box" template, as per ASP.Net Identity 2.0.0. I need to upgrade it to use the newer code that is in the latest ASP.Net MVC template, namely the use of the SignInManager class.
I have done some A|B comparisons between the code in my original app and the template generated in the latest, and ported over all that I could see what different.
However, I'm getting an odd error, I suspect OWIN related. When I try and Login or Register, it triggers a Redirect loop that eventually crashes the app with a security warning as the URL Query string has concatenated itself to death.
The URL is :
https://localhost:44302/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAccount%252525252525252525252525252525252525252FLogin
Detailed Error Information:
Module RequestFilteringModule
Notification BeginRequest
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x00000000
I've used the exact same settings when referring to ReturnUrl in all methods.
For the most part, my applications' original AccountController and related security code was untouched from the original template.
My newer sample application runs fine on my local machine, so I’m not sure where the differences are.
I've seen posts suggesting that IIS Express configuration is to blame, but I've followed the cleanup advice, and also published to an Azure site with the same result.
I've been spending a lot of time trying to resolve this and haven't had any success so I thought I'd put it out there for some advice… thanks in advance for any & all help. Please let me know if you need to see more code.
I think your login action is missing [AllowAnonymous] attribute.
Do you have SSL setup locally?
Are authenticating on HTTPS then being redirected to HTTP which is killing the cookie & redirecting back to the HTTPS login page
Have you got something in the web.config for forms authentication redirect like
protection="All" requireSSL="true" loginUrl="~/Account/Login.aspx"
Do your cookies look ok?
Resolved... turns out the culprit was my Unity DI configuration.
I drilled deep to find the errors getting recursively thrown on each redirect, and it suggested the AccountController dependencies weren't being instantiated. I had a similiar issue last year Unity Container trying to resolve non registered type, throwing error , and so I looked further into the changed dependencies.
Following the suggested answer at Register IAuthenticationManager with Unity resolved the issue.
Thanks for the suggestions re: SSL / HTTPS / Filters, investigating these led me to the exceptions.
I also face this same issue before and solve by adding this line in web config
<add key="owin:AutomaticAppStartup" value="false"/>
It will disable OWIN startup discovery.
I hope it will work.
Also check in the IIS virtual directory. Check that anonymous user is enable or not, if disabled then enable it and problem will be solved.
I have a dev and prod Windows 2008 R2 servers with IIS7 and siteminder, which as far as I can tell are setup the same. Issue being the production websites work but the development ones do not.
Issue being that when I navigate to any dev website, it says "the page cannot be displayed because an internal server error has occured." I do not get a challenge in dev (which I believe is the cause of the issue), but I do in prod. This goes for classic ASP pages or ASP.NET pages.
Some findings :-
- IIS has Windows authentication enabled and all others disabled
- Windows Authentication Provider is Negotiate (tried Negotiate:Kerberos, same result)
- WindowsAuthentication and WindowsAuthenticationModule (Native) are both present in Modules
- WindowsAuthentication is installed under Server Manager -> IIS -> Roles
- Upon receipt of the above error message, IIS logs shows the access with error 401 2 5
All the solutions I found online either do not have the right setup as I do above, or suggests I disable Windows authentication and enable Anonymous Authentication. If I do so, all works fine but the only issue being my websites require Windows authentication to identify the user. I'm at my wit's end and am just short of reinstalling something in hope it works. Any possibilities or log files that I have overlooked?
After screwing around a bit I finally solved my problem ... hope this helps someone.
I realized in fact ASP pages were working but ASP.NET pages were not working
When I had turned on Anonymous Authentication, the ASP.NET pages were now giving 500 0 or 500 19 errors in IIS logs, instead of 401 2 5 with Windows Authentication
I tried to launch a ASP.NET page from within the localhost and got then 500 error with a more detailed error saying I should use relative path in httpErrors under web.config (??)
At this point I realized I had earlier changed the 403 error to a custom file at the default website level, then changed it back. Despite changing it back to it's previous value, What this ended up doing was adding a "remove" then an "add" tag, both for 403.htm, under httpErrors in the wwwroot/web.config. After I deleted the entire httpErrors segment, my websites started working again.
Reverting back to Windows Authentication at this point also worked.
So some take aways is to test websites locally first and keep in mind the existing of the wwwroot/web.config giving near untraceable errors ...
So I have all the updated code, the entire solution builds. It works on everyone else's machine, however when I try and access localhost/extranet on my machine, it gives me this error:
HTTP Error 403.14 - Forbidden
Detail Error Info:
Module DirectoryListingModule
Notification ExecuteRequestHandler
Handler 0x00000000
Requested URL http://localhost:80/extranet/
Physical Path C:\svn\K2\trunk\appteam\web\Chatham.Web.UI.Extranet\
Logon Method Anonymous
Logon User Anonymous
Now I tried going into IIS7, and enabling directory browsing, this removed the error, but still didn't bring up my website. I also tried going in and disabling the default document, re-enabling it, everything, nothing worked. I've also restarted IIS a few times to no avail.
Any ideas?
It sounds like your IIS is not processing the routing rules for your application and is trying to find a default.aspx, index.htm, etc. Since it cannot, it is wanting to display the directory listings (which is why you were getting the 404.14).
I just checked my dev setup and I think that your AppPool has to be set on Integrated as opposed to Classic on the Managed Pipeline for the AppPool. I have ran into this before, there may be ways to use the Classic Pipeline, but this would/should be the quickest way to resolve your issue. To check/change the pipeline mode, click on Application Pools from the menu on the left side of IIS, find your AppPool and look in the managed pipeline column. If it is set to Classic -> Right click the AppPool, choose basic settings, then change the dropdown from Classic to Integrated.
If I am incorrect, someone please feel free to correct me on this in the comments.
Edit - Just to add, you can run an MVC app in the Classic Pipeline mode, but you have to do the IIS 6 tricks to get it to work properly. Mainly, you need to turn on wildcard script mapping for MVC to work in Classic mode, If not it expects an .aspx file (or similar) to exist for it to handle the execution pipeline over to .NET from IIS.
Causes this error is removed Global.asax file from your root directory of your site.
To solve this problem add a Global.asax file to your project.
See here: How to add Global.asax file to ASP.NET MVC4 project
In IIS, you need to find out which app pool your application is running from. Just right click the web application under Sites>Manage Web Site>Advanced Settings. The first property should be the app pool.
Now, click Application Pools. You should see a column called "Identity". Add that user to the ACL of the C:\svn\K2\trunk\appteam\web\Chatham.Web.UI.Extranet\ directory. If it just says 'ApplicationPoolIdentity', it can be a little tricky figuring out the user. If it's just running under DefaultAppPool, you can use IIS AppPool\DefaultAppPool.
My solution was because I didn't have ASP.NET installed via "Turn Windows Features on and Off" so it was simple. I figured it out by enabling directory browser and trying to go to my views folder which then gave a more descriptive answer and pretty much said that there was a problem with a module because ASP.NET is not properly installed. It then dawned on my to go and install it.
Change the 'start page' by right click on the page and select 'Set as Start Page' that you want to open first when the web application starts first. This might solve your problem. :)
Also make sure in IIS Application Pool settings that Enabled 32-bit Applications under Advanced Settings is set to FALSE. I spent hours trying to fix this and that was my issue. Windows Server 2012 IIS 8.5
I solved this problem by setting exact .net framework. My website was using v4.0 version of .net.
Workaround to handle the problem:
Open command line as an administrator
Go to directory "C:\Windows\Microsoft.NET\Framework\v4.0.30319"
Execute the following: aspnet_regiis.exe -i
Open IIS and change Pipeline Mode of Your application to Integrated
Hope this helps
In my case the HTTP Redirection feature was missing on the server (with IIS 10).
Adding the feature resolved the issue and the site started to load fine.
My MVC site was working fine at Webhost4life until they migrated to the new platform with IIS7. Now the Login feature which my site has to allow employees of the site's company to perform back office functionality does not work. It simply does nothing and returns no error. Looking at it in Fiddler does not seem to reveal anything unusual. Is there a config setting that needs to be made to get this to work with IIS7. Support for the hosting company has not been much help. Please reply with suggestions - I'm desperate to get this working again.
Webhost4life tried to migrate my sites but failed so miserably I jumped ship. I assume your mvc app connects to a database? Who knows what WH4L did. First, check the settings in the web.config- maybe they left out some connection data. Here's where your web.config is located ASP.NET MVC and two Web.config files . If this doesn't help post the error message.
The MachineKey has changed unless you specifically set it in your Web.Config. If you cannot get the old MachineKey and set it in your web.config I'm assuming your going to have to reset all your passwords so they get hashed with the new machine key.