I’ve just run into one of the problems of using the integrated dev server (Cassini) in VS and would like to see if there are any solutions.
We’re using asp.net authentication to secure the site. However, Cassini runs in integrated pipeline mode, meaning that requests for all files go through the asp.net isapi. The result of this is that it’s securing files that would otherwise not be secured in a production environment (.htm .js .css etc..).
Now I understand that we can run the project on a local IIS instance, but we would like to avoid this if possible. But, because of the problem above, this is looking like the only solution.
Does anybody have any ideas about how to get Cassini working with authentication that can be easily moved to a production environment when ready. (I’d also like to avoid having a different development web.config that specifically allows access to these files).
We’re using VS2010 by the way.
Many thanks.
You can wire up to the
HttpApplication.PostAuthenticateRequestevent in your global.asax or anIHttpModule. PostAuthenticateRequest event on MSDNIn the event handler, check the file extension for the one that you want to be unsecured. If the file extension is a match then give set the
HttpContext.Userto anIPrincipalinstance that has the roles required for accessing a file in the specified directory.