You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cli-dev@httpd.apache.org by Adrian Wilkins <ad...@gmail.com> on 2005/11/04 13:59:29 UTC

NTLM authentication using mod_auth_sspi fails

Using mod_auth_sspi results in an exception in the WindowsIdentity class.

The user token is being sourced from the
System.Web.Hosting.SimpleWorkerRequest class which returns a null
pointer from the GetUserToken() method.

The ISAPIWorkerRequestInProc and ISAPIWorkerRequestOutOfProc classes
(same namespace) may or may not be appropriate replacements. Or
perhaps use the aspnet_isapi.dll methods EcbGetImpersonationToken or
PMGetImpersonationToken (in and out of process calls, repectively),
which are exposed also by the System.Web.UnsafeNativeMethods class.

Would just like to be able to avoid having to school my users in yet
another user/password combo, and just stick with NTLM as it's what
they are used to for their Subversion repo and Trac.


# Exception stack trace

[ArgumentException: Token cannot be zero.]
   System.Security.Principal.WindowsIdentity.CreateFromToken(IntPtr
userToken, String type, Boolean bClose) +145
   System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken,
String type, WindowsAccountType acctType, Boolean isAuthenticated) +38
   System.Web.Security.WindowsAuthenticationModule.OnEnter(Object
source, EventArgs eventArgs) +372
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
+51
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously) +87


## httpd.conf

#asp.net
#AspNetVersion v1.1.4322

LoadModule aspdotnet_module "modules/mod_aspdotnet.so"

AddHandler asp.net asax ascx ashx asmx aspx axd config cs csproj licx
rem resources resx soap vb vbproj vsdisco webinfo

<IfModule mod_aspdotnet.cpp>
  # Mount the ASP.NET /asp application
  AspNetMount /arty "d:/www/localhost/htdocs/arty"
  #/SampleASP is the alias name for asp.net to execute
  #"c:/SampleASP" is the actual execution of files/folders  in that location

  # Map all requests for /asp to the application files
  Alias /arty "d:/www/localhost/htdocs/arty"
  #maps /SampleASP request to "c:/SampleASP"
  #now to get to the /SampleASP type http://localhost/SampleASP
  #It'll redirect http://localhost/SampleASP to "c:/SampleASP"

  # Allow asp.net scripts to be executed in the /SampleASP example
  <Directory "d:/www/localhost/htdocs/arty">
    Options FollowSymlinks ExecCGI
    Order allow,deny

	AuthType SSPI
	AuthName "aspx"
	SSPIAuth On
	SSPIAuthoritative On
	SSPIOfferBasic On
	require valid-user

	Allow from all
    DirectoryIndex index.htm index.aspx
   #default the index page to .htm and .aspx
  </Directory>

  # For all virtual ASP.NET webs, we need the aspnet_client files
    # to serve the client-side helper scripts.
    AliasMatch /aspnet_client/system_web/(\d+)_(\d+)_(\d+)_(\d+)/(.*) \
          "C:/Windows/Microsoft.NET/Framework/v$1.$2.$3/ASP.NETClientFiles/$4"
    <Directory \
          "C:/Windows/Microsoft.NET/Framework/v*/ASP.NETClientFiles">
        Options FollowSymlinks
        Order allow,deny
        Allow from all
    </Directory>
</IfModule>
#asp.net