You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cli-users@httpd.apache.org by Walter Nicholls <wa...@cornerstone.co.nz> on 2005/03/04 03:21:42 UTC
Re: [cli-users] mod_aspdotnet does not pass authentication info on
to ASP.NET
OK, I've wasted way too much time on this but I've eliminated two red
herrings, IIS and the GetServerVariables() method
Here's a repro:
Attached zip file contains:
aspnetbug.conf, bugusers
printvars.aspx, printvars.c, printvars.exe
To install
0. Take one working Apache 2/ mod_aspdotnet install
1. Copy printvars.* into c:\temp\aspnetbug\ ( or directory of your choice )
2. If you don't trust me, compile printvars.c with the compiler of your
choice
3. Copy aspnetbug.conf and bugusers to c:\Program Files\Apache
Group\Apache2\conf\ (or wherever)
4. Add the following line to c:\Program Files\Apache
Group\Apache2\conf\httpd.conf:
include conf/aspnetbug.conf
To test
1. Navigate browser to http://localhost/aspnetbug/printvars.exe
Observed:
requires a login. Log in as username = test, password= test
Web page shows:
SERVER_SOFTWARE=Apache/2.0.53 (Win32)
REMOTE_USER=test
AUTH_TYPE=Basic
2. Navigate browser to http://localhost/aspnetbug/printvars.aspx (and
login as before if required)
Observed:
Variable ServerVariables[x] GetServerVariables(x)
AUTH_TYPE (blank) Basic
AUTH_USER (blank) (blank)
REMOTE_USER (blank) test
SERVER_SOFTWARE Apache/2.0.53 (Win32) Apache/2.0.53 (Win32)
Expected:
For the Request.ServerVariables to match what came back from
GetServerVariables(), of course.
Comments:
OK, clearly ASP.NET is not using the server variables passed to it to
determine the authenticated user. Quite what it thinks it is using I
don't know, but GetUserToken() seems like a very likely place.
Perhaps this thread should be titled "mod_aspdotnet does not implement
GetUserToken()"
How to fix this is another problem. How does the value (IntPtr) returned
by GetUserToken() turn into the ASP.NET User object (assuming it does!).
Digging the MSDN documentation it appear that someone somewhere should
be executing code like:
IPrincipal aspnet_user_object = new GenericPrincipal(
new GenericIdentity( GetServerVariables( "REMOTE_USER"),
GetServerVariables("AUTH_TYPE") ),
null );
// that now becomes the ASP.NET User object.
Is it as simple as casting that aspnet_user_object to an IntPtr and
returning that? I surely don't think so.
I really have run out of time on this. I hope this sheds some light, I
can't see how mod_aspdotnet can be used for anything other that toy apps
without it though. Every application I've ever written has wanted to
know who the user is, even if just for logging.
Couple more things while they come to mind
* mod_ntlm would present its own problems in that instead of returning
a GenericPrincipal it should presumably be returning a WindowsPrincipal
instead. I suspect this might involve more than just "new
WindowsPrincipal( r->user )"
* Would also be nice to add a list of roles so that ASP.NET code can
use User.IsInRole(). Don't know where that list should be obtained,
though. I don't know the request_rec structure at all so there might be
something useful in there, might not.
Enough,
Walter
---------------------------------------------------------------------
To unsubscribe, e-mail: cli-users-unsubscribe@httpd.apache.org
For additional commands, e-mail: cli-users-help@httpd.apache.org
Re: [cli-users] mod_aspdotnet does not pass authentication
info on to ASP.NET
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 08:45 PM 3/3/2005, Walter Nicholls wrote:
>zip attachment can be found at http://www.cornerstone.co.nz/temp/aspnetbug.zip
>
>Note in hindsight printvars.c is not actually required now I found that GetServerVariables is working correctly.
You see, the environment table is not actually part of the ASP.NET
specification. GetServerVariables is where it's at.
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: cli-users-unsubscribe@httpd.apache.org
For additional commands, e-mail: cli-users-help@httpd.apache.org
Re: [cli-users] mod_aspdotnet does not pass authentication info on
to ASP.NET
Posted by Walter Nicholls <wa...@cornerstone.co.nz>.
zip attachment can be found at
http://www.cornerstone.co.nz/temp/aspnetbug.zip
Note in hindsight printvars.c is not actually required now I found that
GetServerVariables is working correctly.
Or alternatively:
=== aspnetbug.conf
usual mod_aspdotnet stuff plus
AspNetMount /aspnetbug "C:/temp/aspnetbug"
Alias /aspnetbug "C:/temp/aspnetbug"
# Enable scripts to be executed in this directory
<Directory "C:/temp/aspnetbug">
Options FollowSymlinks ExecCGI
Order allow,deny
Allow from all
# enable printvars.exe to run
AddHandler cgi-script .exe
# Require authentication
AuthType basic
AuthName "Test mod_aspdotnet bug"
AuthUserFile "conf/bugusers"
Require user test
</Directory>
=== bugusers
test:$apr1$JW4.....$bb.7.q9roAcdOmDgh2OyK.
=== printvars.aspx
<%@ Page Language="C#" %>
<html>
<body>
<h2>Results of reading (IIS/Apache) Server Variables</h2>
<p>Left column is in the ASP.NET Request.ServerVariables[] collection</p>
<p>Right column is what the WorkerRequest.GetServerVariable() method
returns</p>
<p>Spot the difference!</p>
<%
// Get direct access to the server variables via the Workerrequest object.
IServiceProvider provider = (IServiceProvider) HttpContext.Current;
HttpRequest util = (HttpRequest) provider.GetService(typeof(HttpRequest));
HttpWorkerRequest wr = (HttpWorkerRequest)
provider.GetService(typeof(HttpWorkerRequest));
// And print the variables from the two sources
Response.Write( "<table cellpadding=\"2px\">\n" );
Response.Write( "<tr><td>Variable</td><td>ServerVariables[x]<br
/>collection</td><td>GetServerVariables(x)<br />method</td></tr>" );
Response.Write( String.Format(
"<tr><td>AUTH_TYPE</td><td>{0}</td><td>{1}</td></tr>\n",
Request.ServerVariables["AUTH_TYPE"],
wr.GetServerVariable("AUTH_TYPE") ) );
Response.Write( String.Format(
"<tr><td>AUTH_USER</td><td>{0}</td><td>{1}</td></tr>\n",
Request.ServerVariables["AUTH_USER"],
wr.GetServerVariable("AUTH_USER") ) );
Response.Write( String.Format(
"<tr><td>REMOTE_USER</td><td>{0}</td><td>{1}</td></tr>\n",
Request.ServerVariables["REMOTE_USER"],
wr.GetServerVariable("REMOTE_USER") ) );
Response.Write( String.Format(
"<tr><td>SERVER_SOFTWARE</td><td>{0}</td><td>{1}</td></tr>\n",
Request.ServerVariables["SERVER_SOFTWARE"],
wr.GetServerVariable("SERVER_SOFTWARE") ) );
Response.Write( "</table>\n" );
%>
</body>
</html>
=== printvars.c
#include <ctype.h>
#include <stdio.h>
#include <string.h>
char * interesting_vars[] =
{
"AUTH_TYPE", "AUTH_USER", "REMOTE_USER", "SERVER_SOFTWARE", NULL
};
int main(int argc, char **argv, char **arge )
{
char **pEnv, **pTest, *p; size_t len;
printf( "Status: 200 OK\n" );
printf( "Content-type: text/plain\n" );
printf( "\n");
for( pEnv = arge; NULL != *pEnv; ++pEnv )
{
// does it match one of the interesting ones?
for( p= *pEnv; *p!='\0'&&*p!='='; ++p ) { } // find = or null
while( p>*pEnv && isspace(*(p-1)) ) { --p; } // skip whitespace
for( pTest = interesting_vars; NULL!=*pTest; ++pTest )
{
len = (size_t)(p-*pEnv);
if( strlen(*pTest)==len && 0==strnicmp(*pEnv,*pTest,len) )
{
printf( "%s\n", *pEnv );
break;//for
}
}
}
return 0;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: cli-users-unsubscribe@httpd.apache.org
For additional commands, e-mail: cli-users-help@httpd.apache.org
Re: [cli-users] mod_aspdotnet does not pass authentication
info on to ASP.NET
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
OK - somewhere we are missing a linkage. Should be a trivial
fix, but I have far fewer hours to spend on .NET than likely you
do, Walter. Hopefully someone else on this list has the humor
to overlook your ostentatiousness.
I assure you, however, that no one will invest any effort
in solving the legitimate issues you raise, when your thorough
reproduction case wasn't attached.
Did you forget to click attach?
</sarcasm>
There are EBCADs everywhere. That includes aspdotnet. If you
want us to work with you, we are glad to investigate what's
going on. If you don't have the time, don't bother with the
report, we don't either.
mod_aspdotnet is free software. Unlike MS - when it breaks,
you get to keep both pieces and fix them yourself if you like,
or work with the community to resolve the issues.
2.0 isn't even five months old, lighten up :) There are even
snapshot builds of the most recent code at
http://httpd.apache.org/dev/dist/ if you care to ensure this
problem exists in the next coming release.
Bill
At 08:21 PM 3/3/2005, Walter Nicholls wrote:
>OK, I've wasted way too much time on this but I've eliminated two red herrings, IIS and the GetServerVariables() method
>
>Here's a repro:
>
>Attached zip file contains:
> aspnetbug.conf, bugusers
> printvars.aspx, printvars.c, printvars.exe
>
>To install
>0. Take one working Apache 2/ mod_aspdotnet install
>1. Copy printvars.* into c:\temp\aspnetbug\ ( or directory of your choice )
>2. If you don't trust me, compile printvars.c with the compiler of your choice
>3. Copy aspnetbug.conf and bugusers to c:\Program Files\Apache Group\Apache2\conf\ (or wherever)
>4. Add the following line to c:\Program Files\Apache Group\Apache2\conf\httpd.conf:
> include conf/aspnetbug.conf
>
>To test
>1. Navigate browser to http://localhost/aspnetbug/printvars.exe
>Observed:
> requires a login. Log in as username = test, password= test
> Web page shows:
>
>SERVER_SOFTWARE=Apache/2.0.53 (Win32)
>REMOTE_USER=test
>AUTH_TYPE=Basic
>
>2. Navigate browser to http://localhost/aspnetbug/printvars.aspx (and login as before if required)
>Observed:
>Variable ServerVariables[x] GetServerVariables(x)
>AUTH_TYPE (blank) Basic
>AUTH_USER (blank) (blank)
>REMOTE_USER (blank) test
>SERVER_SOFTWARE Apache/2.0.53 (Win32) Apache/2.0.53 (Win32)
>
>Expected:
>For the Request.ServerVariables to match what came back from GetServerVariables(), of course.
>
>Comments:
>OK, clearly ASP.NET is not using the server variables passed to it to determine the authenticated user. Quite what it thinks it is using I don't know, but GetUserToken() seems like a very likely place.
>
>Perhaps this thread should be titled "mod_aspdotnet does not implement GetUserToken()"
>
>How to fix this is another problem. How does the value (IntPtr) returned by GetUserToken() turn into the ASP.NET User object (assuming it does!). Digging the MSDN documentation it appear that someone somewhere should be executing code like:
>
>IPrincipal aspnet_user_object = new GenericPrincipal(
> new GenericIdentity( GetServerVariables( "REMOTE_USER"), GetServerVariables("AUTH_TYPE") ),
> null );
>// that now becomes the ASP.NET User object.
>
>Is it as simple as casting that aspnet_user_object to an IntPtr and returning that? I surely don't think so.
>
>I really have run out of time on this. I hope this sheds some light, I can't see how mod_aspdotnet can be used for anything other that toy apps without it though. Every application I've ever written has wanted to know who the user is, even if just for logging.
>
>Couple more things while they come to mind
>* mod_ntlm would present its own problems in that instead of returning a GenericPrincipal it should presumably be returning a WindowsPrincipal instead. I suspect this might involve more than just "new WindowsPrincipal( r->user )"
>* Would also be nice to add a list of roles so that ASP.NET code can use User.IsInRole(). Don't know where that list should be obtained, though. I don't know the request_rec structure at all so there might be something useful in there, might not.
>
>Enough,
>Walter
>
>
>
>
>
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: cli-users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: cli-users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: cli-users-unsubscribe@httpd.apache.org
For additional commands, e-mail: cli-users-help@httpd.apache.org