Here's a repro:
Attached zip file contains: aspnetbug.conf, bugusers printvars.aspx, printvars.c, printvars.exe
To install
0. Take one working Apache 2/ mod_aspdotnet install
1. Copy printvars.* into c:\temp\aspnetbug\ ( or directory of your choice )
2. If you don't trust me, compile printvars.c with the compiler of your choice
3. Copy aspnetbug.conf and bugusers to c:\Program Files\Apache Group\Apache2\conf\ (or wherever)
4. Add the following line to c:\Program Files\Apache Group\Apache2\conf\httpd.conf:
include conf/aspnetbug.conf
To test 1. Navigate browser to http://localhost/aspnetbug/printvars.exe Observed: requires a login. Log in as username = test, password= test Web page shows:
SERVER_SOFTWARE=Apache/2.0.53 (Win32) REMOTE_USER=test AUTH_TYPE=Basic
2. Navigate browser to http://localhost/aspnetbug/printvars.aspx (and login as before if required)
Observed:
Variable ServerVariables[x] GetServerVariables(x)
AUTH_TYPE (blank) Basic
AUTH_USER (blank) (blank) REMOTE_USER (blank) test
SERVER_SOFTWARE Apache/2.0.53 (Win32) Apache/2.0.53 (Win32)
Expected:
For the Request.ServerVariables to match what came back from GetServerVariables(), of course.
Comments:
OK, clearly ASP.NET is not using the server variables passed to it to determine the authenticated user. Quite what it thinks it is using I don't know, but GetUserToken() seems like a very likely place.
Perhaps this thread should be titled "mod_aspdotnet does not implement GetUserToken()"
How to fix this is another problem. How does the value (IntPtr) returned by GetUserToken() turn into the ASP.NET User object (assuming it does!). Digging the MSDN documentation it appear that someone somewhere should be executing code like:
IPrincipal aspnet_user_object = new GenericPrincipal(
new GenericIdentity( GetServerVariables( "REMOTE_USER"), GetServerVariables("AUTH_TYPE") ),
null );
// that now becomes the ASP.NET User object.
Is it as simple as casting that aspnet_user_object to an IntPtr and returning that? I surely don't think so.
I really have run out of time on this. I hope this sheds some light, I can't see how mod_aspdotnet can be used for anything other that toy apps without it though. Every application I've ever written has wanted to know who the user is, even if just for logging.
Couple more things while they come to mind
* mod_ntlm would present its own problems in that instead of returning a GenericPrincipal it should presumably be returning a WindowsPrincipal instead. I suspect this might involve more than just "new WindowsPrincipal( r->user )"
* Would also be nice to add a list of roles so that ASP.NET code can use User.IsInRole(). Don't know where that list should be obtained, though. I don't know the request_rec structure at all so there might be something useful in there, might not.
Enough, Walter
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
