Authentication Being Bypassed?

Aug 8, 2009 at 12:23 AM

Hopefully somebody can point me in the right direction, because I'm pulling my hair out.

I've taken Dominick's fantastic code, written a custom membership provider, and successfully deployed and tested everything on IIS7 running in a virtual machine hosting Win 2008, SP2. When I try and take the exact same code and deploy it to a real Win 2008 SP2 server the authentication is bypassed. By bypassed I mean it goes directly to a debug aspx landing page I created without prompting for login information.

I've configured the VM and real server to be as identical as possible, and I've used a diff tool to review the web.config and applicationHost.config files on both machines and made them as identical as possible. If my project wasn't working at all then I'd just assume I'd made a mistake, but when identical files are deployed to nearly identical servers and only one of them works I start to wonder.

Any insight or suggestions into what might cause the custom basic authentication to be bypassed? I'm running out of ideas myself.

Thanks for your help!



Aug 12, 2009 at 9:18 PM

Well, that was QUITE the adventure but I believe I’ve solved the problem. While downgrading from .NET 4.0 as instructed after calling in a support incident to Microsoft I encountered an error, which after research seemed to indicate that the WCF HTTP Activation and WCF Non-HTTP Activation features weren’t installed. Attempting to add them via the Features portion of Server Manager resulted in a hex error code, but following these instructions seemed to work.

 After following those instructions authentication seems to be working correctly for my web service. I’m guessing that .NET 4.0 or ADO.NET Data Services 1.5 CTP1 was preventing the error from being displayed and just bypassing my authentication settings.