IIS 7.5 Siteminder is not protecting ASP.net MVC requests

asp.net-mvciis-7.5

We are trying to use ASP.Net MVC with Siteminder for Single Sign on. This is on Windows Server 2008 R2 with IIS 7.5. Siteminder Agent version 6QMR6.

Problem :
Siteminder protects physical files that are exist.
And it is not protecting the folder when we try to access a non existed file.
It must redirect to login page even if the file doesn't exist when the user is
accessing a protected folder.

How to configure in IIS 7.5 that Do not verify a file exist, before authentication by siteminder. SiteMinderWebAgent is a Handler(WildCard Script Map) we created using the ISAPI6WebAgent.dll

How to Protect ASP.Net MVC Request with Siteminder? (Added this as My previous question did not solve the problem). MVC Request shows up in IIS Log but not in Siteminder log.

Update : Microsoft Support says currently IIS7.5, even in earlier versions doesnt support wildcard mappings on any two Isapi Handlers with * wild card. Currently in my case Siteminder has * wildcard and asp.net mvc (handler is aspnet_isapi) has * wildcard to handle the reqeusts. Ordered priority doesnt work in the wild card mappings case with Just *. Did not convinced with the answer but will wait till tomorrow for them to get back.

Best Answer

Upgrade to the latest version of Siteminder, remove all the ISAPI, move from ClassicMode to IntegratedMode as MVC / WEB API needed then use just CASiteMinderWebagentModule

and forget about the whole stupidity around hacking MVC/Webapi because ISAPi and siteminder, MVC/Webapi was never designed to run under ClassicMode.

Related Topic