c# - MVC authentication not occurring during request unless authorization in Web.Config -
i'm using cleartrust sso in mvc application. means server provides variable can access: request.servervariables["http_ct_remote_user"]
using variable, i'm able login user during session_start in global.asax file. however, i'm running issue after attempting clean web.config. using owin authentication cookieauthentication.
if remove system.web in web.config:
<authorization> <deny users="?" /> </authorization> then users redirected owin middleware login page should never see because variable mentioned above username available log them in during session_start.
i've traced code using breakpoints best can, whether web.config has section or not, code hit on first request logs user site:
var signinmanager = httpcontext.current.getowincontext().get<applicationsigninmanager>(); signinmanager.signin(user, ispersistent: false, rememberbrowser: false); the difference without authorization section, owin catches request not authenticated, somehow users current request marked authenticated (without redirect same page). when owin redirects them login page, seeing login page logged site.
this easibly fixable adding following code accountcontroller login, i'm curious why happens...
if (request.isauthenticated) { return redirecttolocal(returnurl); } edit: forgot mention why removing code, didn't think necessary since i'm using global authorizeattribute filter , allowanonymous needed.
Comments
Post a Comment