1

I have created a simple MVC 4 web site that uses Windows Identity Foundation for authentication. When accessing static content with a default file the authentication works fine, but when accessing a specific file, the user is granted access without having to authenticate. For example the path to the static content: https://test.wgint.com/help/robohelp/fmsuserguide Forwards to the AD FS server for authentication but https://test.wgint.com/help/robohelp/fmsuserguid/login_support.htm allows access without forwarding to the AD FS server.

The path 'robohelp' is a virtual directory off of the MVC site and is not directly managed by the MVC code.

The web config was set up by the 'Identity and Access' tool:

<system.web>
   <authorization>
      <deny users="?" />
   </authorization>
   <authentication mode="None" />

I cannot figure out why direct access to static files in the virtual directory are not protected but access to paths in the virtual directory are protected. Any ideas?

tereško
  • 58,060
  • 25
  • 98
  • 150
Steve
  • 1,557
  • 2
  • 17
  • 34

1 Answers1

2

What do the handler mappings in IIS look like?

Static files should have the same mapping as .aspx. Otherwise, they won't be directed to the WIF handler.

Also, what is the setting for runAllManagedModulesForAllRequests?

Refer : Modules runAllManagedModulesForAllRequests=“true” Meaning.

Community
  • 1
  • 1
rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • It was not set. When I set runAllManagedModulesForAllRequests="true" the authentication started working like I needed. Thank you. – Steve Jul 01 '13 at 19:48
  • According to one [blog post](http://www.britishdeveloper.co.uk/2010/06/dont-use-modules-runallmanagedmodulesfo.html) by Colin Farr, Don't use runAllManagedModulesForAllRequests="true" when getting your MVC routing to work. He suggests specifically enabling UrlRoutingModule-4.0. – sshine Oct 09 '15 at 12:46