httpd-cli-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Walter Nicholls <>
Subject Re: [cli-users] mod_aspdotnet does not pass authentication info on to ASP.NET
Date Fri, 04 Mar 2005 02:21:42 GMT
OK, I've wasted way too much time on this but I've eliminated two red 
herrings, IIS and the GetServerVariables() method

Here's a repro:

Attached zip file contains:
    aspnetbug.conf, bugusers
    printvars.aspx, printvars.c, printvars.exe

To install
0. Take one working Apache 2/ mod_aspdotnet install
1. Copy printvars.* into c:\temp\aspnetbug\  ( or directory of your choice )
2. If you don't trust me, compile printvars.c with the compiler of your 
3. Copy aspnetbug.conf and bugusers to c:\Program Files\Apache 
Group\Apache2\conf\  (or wherever)
4. Add the following line to c:\Program Files\Apache 
    include conf/aspnetbug.conf

To test
1. Navigate  browser to http://localhost/aspnetbug/printvars.exe
  requires a login. Log in as username = test, password=  test
  Web page shows:

SERVER_SOFTWARE=Apache/2.0.53 (Win32)

2. Navigate browser to http://localhost/aspnetbug/printvars.aspx (and 
login as before if required)
Variable    ServerVariables[x]   GetServerVariables(x)
AUTH_TYPE    (blank)    Basic
AUTH_USER    (blank)    (blank)   
REMOTE_USER    (blank)    test
SERVER_SOFTWARE    Apache/2.0.53 (Win32)    Apache/2.0.53 (Win32)

For the Request.ServerVariables to match what came back from 
GetServerVariables(), of course.

OK, clearly ASP.NET is not using the server variables passed to it to 
determine the authenticated user.  Quite what it thinks it is using I 
don't know, but GetUserToken() seems like a very likely place.

Perhaps this thread should be titled "mod_aspdotnet does not implement 

How to fix this is another problem. How does the value (IntPtr) returned 
by GetUserToken() turn into the ASP.NET User object (assuming it does!). 
Digging the MSDN documentation it appear that someone somewhere should 
be executing code like:

 IPrincipal aspnet_user_object = new GenericPrincipal(
    new GenericIdentity( GetServerVariables( "REMOTE_USER"), 
GetServerVariables("AUTH_TYPE") ),
    null );
// that now becomes the ASP.NET User object.

Is it as simple as casting that aspnet_user_object to an IntPtr and 
returning that?  I surely don't think so.

I really have run out of time on this. I hope this sheds some light, I 
can't see how mod_aspdotnet can be used for anything other that toy apps 
without it though.  Every application I've ever written has wanted to 
know who the user is, even if just for logging.

Couple more things while they come to mind
 * mod_ntlm would present its own problems in that instead of returning 
a GenericPrincipal it should presumably be returning a WindowsPrincipal 
instead. I suspect this might involve more than just "new 
WindowsPrincipal( r->user )"
 * Would also be nice to add a list of roles so that ASP.NET code can 
use User.IsInRole().   Don't know where that list should be obtained, 
though. I don't know the request_rec structure at all so there might be 
something useful in there, might not.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message