We are currently experimenting with using Drupal 6 (soon Drupal 7) with ASP.Net Forms Authentication and a mildly modified External HTTP Authentication Module. Everything is working great for authenticated users. For anonymous requests everything works well too, with one exception. All PHP Posts by unauthenticated visitors hang until the PHP Timeout and then return a 500.0 Error. This error provides no detail of the actual description of the problem even though verbose logging is on. This is true inside or outside of Drupal.
Does anyone have any experience with this? All authenticated requests work fine, and the second I change the web.config authentication type from "Forms" to "Windows" or "None" Anonymous PHP Posts work. But this doesn't solve our problem because then no one is authenticated. ASP.Net and Classic ASP Posts work under the same configuration that PHP anonymous Posts are failing.
Some of the things I've tried include:
Adding and removing the FormsAuthentication Module in the local web.config (though already inherited):
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
</modules>The only reference I have found to this problem online is an unanswered question on Experts Exchange (http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Mic...). After several weeks tinkering with this on and off, I figured it was finally time to ask to see what simple thing I must be overlooking.
Explicitly Allowing Access (though already inherited):
<authorization>
<add accessType="Allow" users="?" verbs="GET, POST" />
</authorization>I have followed the PHP.ini and web.config recommended on the MSDN and IISBlog (http://msdn.microsoft.com/en-us/magazine/cc135973.aspx) and the Acquia web.config settings.
When I say a simple PHP Post fails, I mean simple:
<form action="test.php" method="post">
<input type="text" name="testpost" />
<input type="submit" value="postit" />
</form>
<?php if(isset($_POST['testpost'])) { ?>
Posted: <?php echo($_POST['testpost']) ?>
<?php } else { ?>
Waiting for post...
<?php } ?>Anyone else have any ideas?
Thanks!
Brent
Comments
Here is some info that may help
The guy that does all the PHP on IIS engineering here at Microsoft created this blog post showing what you are trying to do. Maybe this can be helpful to you.
http://ruslany.net/2009/02/how-to-secure-wordpress-admin-directory-on-ii...
Thanks, but not quite...
Mark,
Thanks for this information. Though valuable and informative, it doesn't quite touch the same problem I am having which is that when Forms Authentication (and the Integrated Pipeline) is activated all anonymous PHP Posts fail. Perhaps I will attempt to contact RuslanY directly since my own attempts have failed and I've failed to find anyone with experience in this area here and on Stack Overflow.
Thanks,
Brent
Integrated Pipeline does not work.
Use Classic for your managed pipeline in your application pool which allows you to use your isapi extension. Integrated pipeline does not work here.
Allow anonymous and forms authentication and you should be good to go.
The key here is php posts which (from what I understand) require isapi to work.
Mr.Philbert
P.S. The only time I use Integrated Pipelines is when I have a dedicated asp.net application.
One giant Thank you!
MrPhilbert, you saved me. I'm embarrased to say I've spent over 40 hours on this over the course of several weeks.
I was misled to think that Integrated Pipeline was the answer based on what I had read about using it with PHP on iis.net, MSDN and others.
What is odd is that for authenticated users GET and POST worked, and for anonymous users all GET requests worked with the integrated pipeline. I am baffled as to why POST failed.
Following your direction, I changed the Application Pool to Classic Mode and added the following to my web.config:
<system.webServer>...
<handlers accessPolicy="Read, Script">
<add name="WILDCARD-ISAPI-2.0" path="" verb="" type="" modules="IsapiModule" scriptProcessor="c:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" allowPathInfo="false" preCondition="classicMode,runtimeVersionv2.0,bitness32" responseBufferLimit="4194304" />
</handlers>
...
</system.webServer>
Miraculously, everything suddenly works! You've really helped tremendously with the adoption of drupal at our Agency. All public rollout was stalled, waiting on finding a solution to this issue. Now both MS ASP.Net Forms Authentication works for a Single Sign-On and anonymous visitors can now POST with their GETs. I'll happily send you and your family/friends/coworkers out to lunch as a thank you, just message me a physical address or paypal.
Just glad I could help.
I've gotten a lot of help from the Drupal community and especially Drupal itself. I've also gotton a little help from my neighbors here above Microsoft.
I'm just glad that I can give back once in a while as well.
Speaking of giving back, I'm building a website for myself called blitherblather.com. It's kind of an anti-facebook collaboration site.
The premise is if people want to truly collaborate about politics and the outrageous things all politicians say, it can only be done at least semi anonymously. The problem with politics, facebook, twitter et. al. is people always color their responces when they are looking for attention (which seems like just about everybody these days).
If you or anybody has any suggestions that would be cool.
Reference wildcards, thank you for the link. I'll go through it now.