tags:

views:

97

answers:

2
+1  Q: 

ASP.NET MVC Deployment Problem

I have deployed my application to a server running IIS6 using the method which invloves changing the routes to:

public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

        routes.MapRoute(
            "Default",                                              // Route name
            "{controller}.mvc/{action}/{id}",                           // URL with parameters
            new { controller = "Home", action = "Index", id = "" }  // Parameter defaults
        );

        routes.MapRoute(
          "Root",
          "",
          new { controller = "Home", action = "Index", id = "" }
        );
    }

    protected void Application_Start()
    {
        RegisterRoutes(RouteTable.Routes);
    }

And adding a handler in IIS for .mvc extentions. This is working fine for the most part until I add the [Authorize] attribute to HomeController class.

This ends up in the app trying to redirect the user to the logon page which is what I expect however the logon page URL is shown as http://server/virtualdir/Account/LogOn?ReturnUrl=%2fvirtualdir%2fDefault.aspx

This is causing a problem as no .mvc extension is being added to the Account controller part of the URL.

A: 

Not directly an answer to your question, but from my experience it worked just fine to deploy an application with the new routing features just as it is to IIS6 and add a wildcard mapping to aspnet_isapi.dll. Then you can use any URL you want, and nobody will notice when you change to a newer version in the future.

Yes, static file handling is theoretically less efficient this way, but you will need really a lot of traffic to notice anything. And if you really get a lot of traffic, you still could and even should move all your static files to a another domain/subdomain (or even a CDN) anyway, like stackoverflow.com does. It can still point to the same server, you just use different IIS settings for this subdomain site. But with e. g. just a few thousand visitors per day you don't even have to think about it.

markus  2009-08-19 08:36:56
Thanks for the information, i did see a mention of the option to use wilcard mappings, i will look into it further.
jorge_porto  2009-08-19 08:43:54
+1  A: 

The problem has been solved by changing the following in web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account.mvc/LogOn" timeout="2880" />
</authentication>
jorge_porto  2009-08-19 08:45:28

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security