3

I'm having a problem with a Glimpse installation in a Sitecore 8.1 environment. I'm trying to create a simple Glimpse Security Policy which would check if the current user is a Sitecore admin.

        if (!Sitecore.Context.User.IsAdministrator)
        {
            return RuntimePolicy.Off;
        }

This is functionally the same as the example given in the sample code that Glimpse provides on installation through NuGet, which is, 

        var httpContext = policyContext.GetHttpContext();
        if (!httpContext.User.IsInRole("Administrator"))
        {
            return RuntimePolicy.Off;
        }

The problem is that when this code is hit, and the request is directed at glimpse.axd, the user is always reset to extranet\Anonymous. Sitecore always sets an anonymous user when there is none. Any requests that are not to the glimpse handler pass the check and set RuntimePolicy.On.

I have the following in the web.config

<modules runAllManagedModulesForAllRequests="true">
  <remove name="WebDAVModule"/>
  <add type="Sitecore.Web.RewriteModule, Sitecore.Kernel" name="SitecoreRewriteModule"/>
  <add name="Glimpse" type="Glimpse.AspNet.HttpModule, Glimpse.AspNet" preCondition="integratedMode"/>
  <add type="Sitecore.Nexus.Web.HttpModule,Sitecore.Nexus" name="SitecoreHttpModule"/>
  <add type="Sitecore.Resources.Media.UploadWatcher, Sitecore.Kernel" name="SitecoreUploadWatcher"/>
  <add type="Sitecore.IO.XslWatcher, Sitecore.Kernel" name="SitecoreXslWatcher"/>
  <add type="Sitecore.IO.LayoutWatcher, Sitecore.Kernel" name="SitecoreLayoutWatcher"/>
  <add type="Sitecore.Configuration.ConfigWatcher, Sitecore.Kernel" name="SitecoreConfigWatcher"/>
  <remove name="Session"/>
  <add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition=""/>
  <add type="Sitecore.Analytics.RobotDetection.Media.MediaRequestSessionModule, Sitecore.Analytics.RobotDetection" name="MediaRequestSessionModule"/>
  <add type="Sitecore.Web.HttpModule,Sitecore.Kernel" name="SitecoreHttpModuleExtensions"/>
  <add name="SitecoreAntiCSRF" type="Sitecore.Security.AntiCsrf.SitecoreAntiCsrfModule, Sitecore.Security.AntiCsrf"/>
</modules>

The question is, why are the requests that are meant for /glimpse.axd not passing along the same authentication cookies as requests to the rest of the site?

Alex
  • 855
  • 7
  • 11
  • I wish I could help you out more, but this seems like more of a Sitecore question than a Glimpse questions. :( – nikmd23 Dec 15 '15 at 01:21
  • Yeah, I figured that it has more to do with Sitecore. The odd thing is that Sitetecore's authentication piggy backs on top of ASP.NET Authentication so all of the cookies are the same. I can't figure out why requests to Glimpse.axd would have a different set of cookies than requests to pages. When AJAX calls are made to my webservices in a Sitecore site all of the cookies are the same as for a reqular page request. – Alex Dec 16 '15 at 18:22

0 Answers0