in MiniProfiler.mvc the file MiniProfiler.cs has some example code commented
out. It's uncompleted, and should probably attach to AuthorizeRequest and not
AuthenticateRequest, as most users will already have something else running to
authenticate the request that will, most likely fill in
HttpContext.Current.User.
1. uncomment the lines in the file MiniProfiler.cs when using on an asp.net mvc
project that begin with "context.AuthenticateRequest += (sender, e)"
2. Implement CurrentUserIsAllowedToSeeProfiler() using
((HttpApplication)sender).Context.User.IsAuthenticated, or
mContext.User.IsInRole("PROFILERS")
3. Make a request.
It fails intermittently because IIS will sometimes call this modules
AuthenticateRequest before the actual forms auth modules AuthenticateRequest
event. Most users probably won't be doing authentication here, they want to do
authorization, where they already know who it is, they just don't know if the
user has the right privileges.
to fix:
1) Change AuthenticateRequest to AuthorizeRequest
2) provide a default implementation of CurrentUserIsAllowedToSeeProfiler(),
like below
if (!CurrentUserIsAllowedToSeeProfiler(((HttpApplication)sender).Context))
...snip...
private static bool CurrentUserIsAllowedToSeeProfiler(HttpContext mContext)
{
return mContext.User != null && (mContext.User.Identity.IsAuthenticated && mContext.User.IsInRole("PROFILERS"));
}
What version of the product are you using? On what operating system?
MiniProfiler.mvc on iis7.5 / mvc 4
Original issue reported on code.google.com by g...@stonefin.com on 13 Aug 2012 at 10:58
Original issue reported on code.google.com by
g...@stonefin.comon 13 Aug 2012 at 10:58