We're using cosign 3.1.1 and installed the filter on an IIS server (version 10). Cosign places authenticated user information in Request.ServerVariables["REMOTE_USER"] and everything works fine. The problem I'm having is in implementing some anti-CSRF code (out of the box asp.net mvc AntiForgery libraries). When my post submits the token for validation, the AntiForgery code rejects it with this error:
The provided anti-forgery token was meant for user "xxx", but the current user is "". I believe I need to somehow get the username into the token but I'm not sure how to do that. The IIS server is configured to use Anonymous Authentication, and that seems to be a requirement since any other choice (ASP.NET impersonation, Forms or Windows Authentication) all require a separate login against a non-existent provider (since cosign IS the provider). Does anyone have any suggestion for how to work around this problem? Thanks in advance. Edward (Ned) Balzer Programmer/Analyst 814-863-5950 | em...@psu.edu<mailto:em...@psu.edu> INFORMATION TECHNOLOGY LIBERAL ARTS Penn State University | Greenleaf Park One 2013 Sandy Drive, Suite 201 State College, PA 16803 814-865-3412 | lahelpd...@psu.edu<mailto:lahelpd...@psu.edu> | http://itla.la.psu.edu
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss