Checking Anonymous Authentication Allowed on ASP.NET OWIN Middleware and Web Forms

Some business logic on our web application apparently caused issue when hitting a page that allow anonymous authentication. And it seems there is no simple flag that indicates whether a page requires authorization or not.

I need to check for allow anonymous in ASP.NET Web Forms page and on OWIN middleware.

For ASP.NET Web Forms page, I found the following thread in StackOverflow which works great:


In my case, I need to convert the code to VB.NET, so it becomes:

Dim principal = New GenericPrincipal(New GenericIdentity(String.Empty, String.Empty), New String() {})
Dim isAllowAnonymous = UrlAuthorizationModule.CheckUrlAccessForPrincipal(Page.AppRelativeVirtualPath, principal, Context.Request.HttpMethod).ToString()

And on OWIN middleware, I need to tweak the above a little bit, so it becomes:

Dim principal = New GenericPrincipal(New GenericIdentity(String.Empty, String.Empty), New String() {})
Dim isAllowAnonymous = UrlAuthorizationModule.CheckUrlAccessForPrincipal(context.Request.Uri.AbsolutePath, principal, context.Request.Method)

Comments

Post a Comment

Popular posts from this blog

Sentinel One Strikes Again. No internet connection. Uninstall Sentinel One Agent.

This happened to a co-worker of mine a while back when his test application file was marked as suspicious by Sentinel One antivirus and had his internet on his laptop disabled. Today, it happened to me without any suspicious file. Probably suspicious activity, who knows. On Microsoft Edge, it says "Hmmm... your Internet access is blocked.", "Firewall or antivirus software may have blocked the connection", and "ERR_NETWORK_ACCESS_DENIED". So, I worked with my IT to uninstall the agent, but uninstalling is not without a fight. Here are the steps that I took: Since it is a Windows 11 machine with Bitlocker, I have to first get the Bitlocker key. From command prompt run: manage-bde -protectors -get C: After I verified it is the same key that the IT has, I saved the key outside of the machine. Then go to system configuration by searching for "sysconfig" or run msconfig. Under "boot" tab, check the "Safe boot" option, then click ...
Read more

A2 Hosting Let's Encrypt Can't Install Certificate on ASP.NET Core Application

I have an ASP.NET Core app hosted by A2 Hosting. A2 Hosting provides free SSL certificate through Let's Encrypt, so I decided to install it for my application. Since the portal is by Plesk, I follow the guide in: https://support.plesk.com/hc/en-us/articles/115000165013 However, it didn't work as expected. My application still has a web.config file. After trying different ways, I commented out aspNetCore module in the web.config and then the certificate was installed successfully. By commenting the module, ASP.NET Core processing by IIS is disabled, so the validation request by Let's Encrypt is treated like a regular request towards a static file.
Read more

NuGet Package Reference NU6105 Publish Error

Some of my .NET Core applications are already using PackageReference which is a very nice idea. However, through a combination of packages, Visual Studio did not allow me to publish my project although it built fine. During publish, it threw error on NU6105 warning. Along with that most of it comes with the following message: Detected package downgrade Some developers solve it by finding which package caused the issue and manually added them through NuGet, but I find them troublesome until I found the following article: https://docs.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu1605 In my case, all I need to do to solve it is to install the following NuGet package:  Microsoft.NETCore.Targets
Read more