This forum has been moved here:
Helicon Tech Community Forum

Helicon Ape (Forum Locked Forum Locked)
 Helicon Tech : Helicon Ape
Subject Topic: IIS7 authentication loop
Author
Message |
Wilb
Newbie


Joined: 18 October 2010
Posts: 4
Posted: 18 October 2010 at 8:03am

Hi there,

I'm currently trialling your software with a view to
purchasing a server license. It seems to fit the bill
perfectly, apart from on one particular site which I'm
having trouble with.

The server is Win2008, IIS7. The site in question is
running on a Classic application pool, with *.html mapped
through to:
Code:

%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.
dll
for all requests. The default document is
configured
as index.html.

I am trying to configure some basic authentication on
here, using the following:

.htaccess
Code:

AuthType Basic
AuthName "UAT"
AuthBasicProvider file
AuthUserFile c:\inetpub\.htpasswd
Require valid-user


I can confirm this works for other sites & the .htpasswd
file exists and is fine.

The issue I'm faced with is when I hit this specific site
at its root (eg http://mytestsite/), I get prompted for
auth repeatedly. After entering valid credentials it just
goes back to another auth prompt. I've enabled the debug
log and it appears auth is succeeding. Here is a snippet
from the log:

Code:

[18/10/2010 11:12:32] [auth_basic_module] (8) [/]
Authorization header not found
[18/10/2010 11:12:36] [auth_basic_module] (8) [/] auth
provider: file
[18/10/2010 11:12:36] [authz_user_module] (8) [/] valid-
user found
[18/10/2010 11:12:36] [auth_basic_module] (8)
[/index.html] Authorization header not found
[18/10/2010 11:12:39] [auth_basic_module] (8) [/] auth
provider: file
[18/10/2010 11:12:39] [authz_user_module] (8) [/] valid-
user found
[18/10/2010 11:12:39] [auth_basic_module] (8)
[/index.html] Authorization header not found
[18/10/2010 11:12:42] [auth_basic_module] (8) [/] auth
provider: file
[18/10/2010 11:12:42] [authz_user_module] (8) [/] valid-
user found
[18/10/2010 11:12:42] [auth_basic_module] (8)
[/index.html] Authorization header not found
[18/10/2010 11:12:45] [auth_basic_module] (8) [/] auth
provider: file
[18/10/2010 11:12:45] [authz_user_module] (8) [/] valid-
user found
[18/10/2010 11:12:45] [auth_basic_module] (8)
[/index.html] Authorization header not found


The interesting thing is if I hit the index.html page
directly (eg http://mytestsite/index.html) rather than
relying on the default document then I get a single auth
prompt and after authenticating it works correctly.

I am wondering if something is stripping out the auth
header between hitting the site & directing me to
index.html.

Does anyone have any idea what may be causing this?

Edited by Wilb - 18 October 2010 at 8:05am
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 20 October 2010 at 12:52am

Hello,
I’m sorry for delay.

Please make sure you don’t have any inbuilt IIS authentications enabled. They may cause conflicts.
Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
Wilb
Newbie


Joined: 18 October 2010
Posts: 4
Posted: 20 October 2010 at 4:54am

Hi there,

Thanks for your response - unfortunately "Anonymous
Authentication" is enabled, all other authentication is
disabled.
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 21 October 2010 at 4:16am

Hello,
Please try to map aspnet_isapi.dll on *, not *.html. When there is html mapping IIS makes 2 requests.
Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
Wilb
Newbie


Joined: 18 October 2010
Posts: 4
Posted: 21 October 2010 at 4:33am

Unfortunately APE still behaves the same:

[21/10/2010 10:30:37] [auth_basic_module] (8)
[/index.html] Authorization header not found
[21/10/2010 10:30:46] [auth_basic_module] (8) [/] auth
provider: file
[21/10/2010 10:30:46] [authz_user_module] (8) [/] valid-
user found
[21/10/2010 10:30:46] [auth_basic_module] (8)
[/index.html] Authorization header not found

It also breaks all CSS & graphics on the site if its all
being sent through that DLL rather than *.html.
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 21 October 2010 at 4:54am

1. Is there a reason for using Classic pipeline? I suggest you to switch to the Integrated.
2. Wildcard mapping is required. Although you may set the authentication for html files only:
Code:
<Files *.html>
AuthType Basic
AuthName "UAT"
AuthBasicProvider file
AuthUserFile c:\inetpub\.htpasswd
Require valid-user
</Files>


__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
Wilb
Newbie


Joined: 18 October 2010
Posts: 4
Posted: 21 October 2010 at 5:11am

Yes - these are sites I'm migrating from an IIS6 /
Win2003 system, some of them contain legacy code which
isn't behaving well under Integrated mode. I have other
sites running in Classic which are not seeing this
problem with Helicon APE.

I know that I could protect just html files if I wanted
to, but I do not believe that to be the issue here.

The CSS & Graphics issue exists if I do a wildcard
mapping with APE disabled - I can look to fix this
afterwards if necessary. However, even with a wildcard
mapping, the authentication loop still occurs.

Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 21 October 2010 at 5:56am

Would you like me to take a look on the system? You may send login credentials to [email protected] If you want to see my actions, we can arrange live-meeting conference, using any software you like.
Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version