search

kristofferahl / FluentSecurity

Fluent Security configuration for ASP.NET MVC
MIT License
163 stars 47 forks source link

ForAllControllersInNamespaceContainingType Not behaving ?? #65

Closed rsacher closed 11 years ago

rsacher commented 11 years ago

I got this in my configuration - which works fine locally with IIS-Express. FluentSecurity 2.0.0 - alpha 2

When deployed on IIS - my css-files are not loaded. They reside in Content/css. The network-debugger of IE tells me, the request is redirected to my login-page. So, I did a login, and all of a sudden, my Css-files could be loaded.

That is why, I suspect, that the ForAllControllersInNamespaceContainingType().Ignore(); does not let unknown users request the css files. All my other controllers are in that namespace.

Any idea, what can cause this?

my config - snip:

        configuration.GetAuthenticationStatusFrom(SecurityHelper.UserIsAuthenticated);
        //configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
        configuration.GetRolesFrom(SecurityHelper.UserRoles);

        // It is reccommended not to use this setting. For all of our applications users must always be authenticated.
        //  configuration.IgnoreMissingConfiguration();

          configuration.DefaultPolicyViolationHandlerIs(() => new DefaultPolicyViolationHandler());

        //Make sure user must be authenticated but allow unauthenticated access to the logon screen
        configuration.ForAllControllers().DenyAnonymousAccess();
        configuration.ForAllControllersInNamespaceContainingType<haas2013.Controllers.HomeController>().Ignore();
rsacher commented 11 years ago

Another interesting observation: One and the same source code: once run on IIS (a), the second time IIS-Express (b) is showing the Version a: as .0.0.0000 (all other dlls show meaningfull versions) and on b: the correct 2.0.0.0000

  a)    FluentSecurity.DLL  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\eb13e3be\76583e57\assembly\dl3\228bd0c2\3827a769_a15fce01\FluentSecurity.DLL   Yes No  Skipped loading symbols.        60  .0.0.0000   21.10.2012 18:46    0000000069B30000-0000000069B48000   [7560] w3wp.exe [2] /LM/W3SVC/7/ROOT-1-130146755734049046   

  b)    FluentSecurity.dll  C:\Users\reinhard.sacher\AppData\Local\Temp\2\Temporary ASP.NET Files\root\af031fe3\30ef2e79\assembly\dl3\ac1f5041\3827a769_a15fce01\FluentSecurity.dll No  No  Cannot find or open the PDB file.       69  2.0.0.0000  21.10.2012 18:46    04C10000-04C28000   [2900] iisexpress.exe: Managed (v4.0.30319)
rsacher commented 11 years ago

Sorry, it all turned out to be a problem of IIS: I had to set the identity of the anonymous user to AppPoolIdentity in IIS-manager.

kristofferahl commented 11 years ago

No worries! Sorry I could not respond faster and possibly help with the issue. Glad you found a fix.