2

I have an HTTP Module to handle authentication from Facebook, which works fine in classic pipeline mode.

In integrated pipeline mode, however, I'm seeing an additional request pass through for the default document, which is causing the module to fail. We look at the request (from Facebook) to retrieve and validate the user accessing our app. The initial request authenticates fine, but then I see a second request, which lacks the posted form variables, and thus causes authentication to fail.

In integrated pipeline mode, an http request for "/" yields 2 AuthenticateRequests in a row:

  1. A request where AppRelativeCurrentExecutionFilePath = "~/"
  2. A request where AppRelativeCurrentExecutionFilePath = "~/default.aspx"

That second request loses all of the form values, so it fails to authenticate. In classic mode, that second request is the only one that happens, and it preserves the form values.

Any ideas what's going on here?

UPDATE: Here is an image of the trace from module notifications in IIS. Note that my module, FBAuth, is seeing AUTHENTICATE_REQUEST multiple times (I'd expect 2 - one for authenticate and one for postauthenticate, but I get 4).

Events raised multiple times

I'm starting to believe this has something to do with module/filter configuration because I've found a (Vista) box running the same code that doesn't fire these events repeatedly - it behaves as expected. I'm working through trying to figure out what the difference could be...

Thanks! Tom

4

2 回答 2

1

我的解决方案是在 Application_BeginRequest 的末尾添加以下代码:

if (Request.RawUrl.TrimEnd('/') == HostingEnvironment.ApplicationVirtualPath.TrimEnd('/'))
    Server.Transfer(Request.RawUrl+"Default.aspx", true);
于 2011-05-26T01:02:02.807 回答
0

不支持 DefaultHttpHandler,因此依赖 DefaultHttpHandler 子类的应用程序将无法处理请求 如果您的应用程序使用 DefaultHttpHandler 或派生自 DefaultHttpHandler 的处理程序,它将无法正常运行。在集成模式下,从 DefaultHttpHandler 派生的处理程序将无法将请求传递回 IIS 进行处理,而是将请求的资源作为静态文件提供服务。集成模式允许 ASP.NET 模块针对所有请求运行,而无需使用 DefaultHttpHandler。

解决方法

更改您的应用程序以使用模块对所有请求执行请求处理,而不是使用通配符映射将 ASP.NET 映射到所有请求,然后使用 DefaultHttpHandler 派生处理程序将请求传递回 IIS。

嗯,或者这可能是问题所在。

处于早期请求处理阶段的 ASP.NET 模块将看到以前可能在进入 ASP.NET 之前被 IIS 拒绝的请求,其中包括在 BeginRequest 中运行的模块,看到对需要身份验证的资源的匿名请求 ASP.NET 模块可以在任何管道中运行可用于本机 IIS 模块的阶段。因此,以前可能在身份验证阶段被拒绝的请求(例如对需要身份验证的资源的匿名请求)或进入 ASP.NET 之前的其他阶段可能会运行 ASP.NET 模块。此行为是设计使然,以使 ASP.NET 模块能够在所有请求处理阶段扩展 IIS。

解决方法

更改应用程序代码以避免在请求处理期间看到稍后可能被拒绝的请求而引起的任何特定于应用程序的问题。这可能涉及更改模块以订阅稍后在请求处理期间引发的管道事件。 http://learn.iis.net/page.aspx/381/aspnet-20-break-changes-on-iis-70/

于 2009-02-27T20:27:51.717 回答