0

I've just run into one of the problems of using the integrated dev server (Cassini) in VS and would like to see if there are any solutions.

We're using asp.net authentication to secure the site. However, Cassini runs in integrated pipeline mode, meaning that requests for all files go through the asp.net isapi. The result of this is that it's securing files that would otherwise not be secured in a production environment (.htm .js .css etc..).

Now I understand that we can run the project on a local IIS instance, but we would like to avoid this if possible. But, because of the problem above, this is looking like the only solution.

Does anybody have any ideas about how to get Cassini working with authentication that can be easily moved to a production environment when ready. (I'd also like to avoid having a different development web.config that specifically allows access to these files).

We're using VS2010 by the way.

Many thanks.

Martyn
  • 1,446
  • 2
  • 19
  • 30

2 Answers2

1

Instead of using Cassini, you can download and install IIS Express:

IIS Express is a lightweight, self-contained version of IIS optimized for developers. IIS Express makes it easy to use the most current version of IIS to develop and test websites. It has all the core capabilities of IIS 7 as well as additional features designed to ease website development

Oded
  • 489,969
  • 99
  • 883
  • 1,009
  • Thanks Oded, if we decide to move away from Cassini then we may as well use the full IIS so Express doesn't really fit. Having said that, I don't really know much about it. What advantages does Express have over the full IIS for development? Does it allow edit and continue? – Martyn Mar 07 '11 at 12:01
  • @Martyn - I don't know about edit and continue, but suspect that it will be the same as full IIS. It is more lightweight than IIS and the main benefit is that you don't need to be running VS as admin for webservices to work right. – Oded Mar 07 '11 at 12:09
0

You can wire up to the HttpApplication.PostAuthenticateRequest event in your global.asax or an IHttpModule. PostAuthenticateRequest event on MSDN

In the event handler, check the file extension for the one that you want to be unsecured. If the file extension is a match then give set the HttpContext.User to an IPrincipal instance that has the roles required for accessing a file in the specified directory.

smartcaveman
  • 41,281
  • 29
  • 127
  • 212
  • Thanks, I have marked your response as the answer because it seems like a reasonable solution. However, we have decided against using it and instead have taken the hit and set up IIS for all developers to use. – Martyn Mar 09 '11 at 13:09