Using ASP.NET authentication / authorization with Cassini development server

Question

I've just run into one of the problems of using the integrated dev server (Cassini) in VS and would like to see if there are any solutions.

We're using asp.net authentication to secure the site. However, Cassini runs in integrated pipeline mode, meaning that requests for all files go through the asp.net isapi. The result of this is that it's securing files that would otherwise not be secured in a production environment (.htm .js .css etc..).

Now I understand that we can run the project on a local IIS instance, but we would like to avoid this if possible. But, because of the problem above, this is looking like the only solution.

Does anybody have any ideas about how to get Cassini working with authentication that can be easily moved to a production environment when ready. (I'd also like to avoid having a different development web.config that specifically allows access to these files).

We're using VS2010 by the way.

Many thanks.

Answer 1

You can wire up to the HttpApplication.PostAuthenticateRequest event in your global.asax or an IHttpModule. PostAuthenticateRequest event on MSDN

In the event handler, check the file extension for the one that you want to be unsecured. If the file extension is a match then give set the HttpContext.User to an IPrincipal instance that has the roles required for accessing a file in the specified directory.

Answer 2

Instead of using Cassini, you can download and install IIS Express:

IIS Express is a lightweight, self-contained version of IIS optimized for developers. IIS Express makes it easy to use the most current version of IIS to develop and test websites. It has all the core capabilities of IIS 7 as well as additional features designed to ease website development