Yes, that is the correct way to set REMOTE_USER. I was initially hoping
that the problem was caused by the SetGlobalNotification(), and this was
a side effect. (There is some code that tries to hook into the
GL_CONFIGURATION_CHANGE notification, but this caused problems with .NET
in "integrated" mode. It will be removed in the next iteration of the
cosignmodule.)
My only concerns are: does it make sense to set auth type as "Cosign".
I think that's great, but I wonder if any web apps or other modules in
IIS 7 expect certain types of authentication. In particular, if they
require some methods to be implemented such as GetPassword() and
GetToken(). However, we can cross that bridge when we come to it.
I'll roll your patch into the next CosignModule release since it is,
after all, the correct way to behave. Also, please note that the next
release of the CosignModule will be v3-compatible only.
Jarod
Darian Anthony Patrick wrote:
Synopsis
========
The current version of CosignModule (version 1.0.0 beta 2) and trunk are
incompatible with ASP.NET applications that subscribe to global events
using handlers defined in global.asax.
This problem was brought to our attention by a user with a set of
applications requiring the use of the Application_BeginRequest event.
We noted the that problem also arises when
Application_AuthenticateRequest is used.
The incompatibility arises due to REMOTE_USER being set incorrectly in
CosignModule.cpp.
CosignModule trunk uses HttpContext->SetServerVariable() to set
REMOTE_USER instead of the more appropriate (according to Microsoft's
documentation) mechanism[1] required by IIS7,
IAuthenticationProvider->SetUser(). The attached patch, crafted by Kong
Ung and Darian Patrick, addresses this issue.
Discussion
==========
It appears that IIS7 contains code that expects to set REMOTE_USER
internally, based on the value passed to IAuthenticationProvider->SetUser().
By using Red Gate's .NET Reflector to inspect classes noted in the
stacktrace from the resulting server error page, we found that
CosignModule causes problems by using HttpContext->SetServerVariable()
to set REMOTE_USER.
We believe that this is due to IIS7/ASP.NET-internal code expecting
REMOTE_USER to be NULL or unset at the time that it attempts to set
REMOTE_USER itself, using
HttpServerVarsCollection.SetServerVariableManagedOnly(). It is
difficult to say with certainty exactly what is happening since the
source code for IIS7 is not readily available for examination. However,
we can say with certainty that the attached patch effectively corrects
the issue.
The attached Global.asax file may be used to replicate the problem.
Placing this file at the root of an ASP.NET application that is
protected with CosignModule will cause the error depicted in the
attached PNG.
[1] http://msdn.microsoft.com/en-us/library/ms689307.aspx
------------------------------------------------------------------------
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
------------------------------------------------------------------------
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
