I have a site that uses a .net security module to secure certain areas of the website. It’s not working, the pages that should be password protected are not. Other than that, the site doesn’t throw any errors.
I don’t have access to the code, and the module doesn’t seem to log anything.
Is there an IIS or .Net log of loading/calling httpModules? I feel like it’s not loading/calling it, and it’s just not telling me.
My web.config has this snippet, which loads the module:
<httpModules>
<add name="MyApp.SecurityModule" type="MyApp.Host.Security.WebForms.SecurityModule" />
</httpModules>
You can use Modules property in global.asax class to inspect the http modules that are loaded and associated with the application – use any request event such as
BeginRequestorPostMapRequestHandler.However, I don’t think this would be an problem – if you are configured the module in the web.config then it would be loaded. If there are any issues then the ASP.NET will report an error. Most probably, http module code must be working in a certain way or needs certain per-conditions that are not being met.
Use tools such as Reflector or ILSpy to inspect & de-compile your application assemblies – check the code for the said type (
MyApp.Host.Security.WebForms.SecurityModule) – frankly speaking, in the absence of documentation/commented code, it would be the only option to figure out how exactly your module is supposed to run (and then trouble-shoot accordingly).