Not working in MVC 4/.Net 4.5/VS 2012 "Internet" template #8

jgilm opened this Issue Oct 15, 2012 · 2 comments


None yet
3 participants

jgilm commented Oct 15, 2012

I tried to use this library in a brand new MVC 4 project (Internet template) on .Net 4.5 and using VS 2012. I followed the directions and added all items necessary. I copied and fixed up the controllers, views, viewmodels, and Repository items from the sample project into this new project. Nothing security related would work. I couldn't log in.

I traced into the AppHarbor.Web.Security.CookieAuthenticationModule and at the OnAuthenticateRequest method, there would be no '.APSXAUTH' cookie. All of the other cookies I added would appear but not that one, and so authentication never worked. I changed the name of the authentication cookie in the web.config, and then that cookie no longer appeared in the OnAuthenticateRequest method. It was as if something was consuming the cookie before it got to the module.

I tried various ways of getting around the issue and in the end found that the issue is something within the MVC 4 Internet Template. I am assuming that there is another step that has to occur, such as removing the SimpleMembershipProvider. I did not figure out what needed to change. Using the "Basic" template with MVC 4 and .net 4.5 and this library worked just fine.

This is not a bug in the library, but maybe some more guidance can be listed regarding using this authentication method and the Internet template for MVC4. Several hours wasted tracking this down, so hopefully someone with more experience with how MVC4, SimpleMembershipProvider, etc. can write the other steps that need to be taken if using this with the new "Internet" template.

I experienced the same issue @jgilm was seeing with getting the '.APSXAUTH' cookie to show up in the MVC4 Internet Template. I removed the SimpleMembershipProvider component and it works. I think it has something to do with WebMatrix references although I am not entirely sure what it is either.

trollsic commented May 2, 2013

Had the same problem, after reading @jeffthebear comment and some search on the web, found out that WebMatrix indeed is the one that interferes with auth cookie.
Found blog post
by @martinnormark, and it pointed me to one of 2 solutions:

  1. If you not using any WebMatrix security features in assembly WebMatrix.WebData, just remove the reference.
  2. Add key to appSettings:
    As for the second option, not sure what are the implications on WebMatrix security because i don't use it, so it's up to you to test it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment