0

Is any special routing or IIS config needed when a controller action uses the same URL as a virtual directory?

I have an ASP.NET MVC 1.0 application that needs Windows Authentication applied to a single action ("/Login/FromWindows"). To do this, we've setup a virtual directory with the same path as the action (e.g. "/Login/FromWindows") and enabled Windows Authentication on it in IIS.

When I visit the /Login/FromWindows URL, I get an empty HTTP 200 response and nothing is logged in the server text log. The "FromWindows" action should be logging messages and redirect the user to the home page.

It seems like the action code is simply not being executed, so there is possibly a conflict with the virtual directory.

Route config in Global.asax.cs

public static void RegisterRoutes(RouteCollection routes)
{
    // snipped: ignored routes for images, scripts, etc.

    routes.MapRoute( "Default", "{controller}/{action}",
        new { controller = "Home", action = "Index" } );
}
Improve this question

2 Answers 2

Reset to default
1

You are right, the action code isn't being executed. That's because existing file paths (virtual or not) take precedence over MVC routing rules.

Why are you using a virtual directory? Just set authentication to windows in the web.config and use the [authorize] attribute over the corresponding action methods.

Web.config:

<configuration>
     <system.web>
          <authentication mode=”Windows” />
     </system.web>
</configuration>

Action Method:

[Authorize]
public ActionResult SomeAction()
{
     return View();
}

Visit http://www.asp.net/mvc/tutorials/authenticating-users-with-windows-authentication-vb for more information on mvc with windows authentication.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

We wanted to use virtual directories to allow blocking of external requests to this URL. Only internal Windows users in the domain will be able to use this page, and we don't want to make our servers vulnerable to any holes in Windows Authentication. To be honest, I'm not sure why we need virtual directories for this. I'm currently talking to our servers guys to figure out a better solution.
Yeah you can accomplish everything you just said without virtual directories. There are no holes in windows authentication if you do it the right way, but doing a hybrid like you are right now is just begging for trouble. Scrap those virtual directories and slap the authentication attributes over your corresponding controllers and/or action methods. Then just let web.config worry about how to authenticate the users.
We need some form of file or directory on which to enable/disable authentication schemes in IIS, since our server team doesn't want to allow developers to enable/disable authentication schemes in the web.config. I'm currently writing an ASPX file that executes the logic that was previously in the action. The ASPX file will then be setup to require Windows Authentication, and a rule will be added to our firewall to block external access to it. It's not perfect, but it should work.
Wow, you guys must have some shady developers :P not sure I'd want them on my team.
Extra red tape in a large corporation doesn't equal shady developers.
|
0

Just simple is using [Authorize] attribute a Chevex mention above, or if you want more, you can customize the Authorize by extension it for your business. IMHO.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.