HTTPModule invoked on main page but not on sub-page

Question

Hi All,

I am facing a strange error in MOSS 2007 running under Windows 2008. I have created a custom HTTP Module that fires on the application's OnAuthenticate event. It basically creates a custom cookie which is used by another application to authenticate the user, creating a single sign-on effect.

Everything went fine under the development server running Win2K3. However, on the staging server the following wierd things are happening:

a) The module seems to fire on the base page, i.e. https://conn.test.com/Pages/Default.aspx, however if somone goes into a sub-page directly like: https://conn.test.com/Operations/Pages/Operations%20Portal.aspx, it does not seem to fire.

b) The module gets fired from IE but not from Firefox or Chrome. The only difference between the two seems to be that a certain webpart loads and works in IE but does not seem to load or work in Chrome or FF.

Can someone help explain the behaviour of this. The HTTPMOdule overrides the AuthenticateRequest event of the application.

Answer 1

Sorry got this figured out. The problem is that the Init method of the event handler for OnAuthenticate works with privileges of the underlying ASP.NET user, but the main event handler delegate works with the credentials of the authenticated user.

I had written some code t log on to an Event Log and apparently this needs higher level privileges. This was the reason the module's delegate was firing but nothing was getting logged.

My guess is that the webpart on the main page ran with privileges of some other user who had the necessary access rights and hence things worked there. Since it does not work in FF or Chrome the module did not work in those browsers. Also the sub-pages do not have the webpart, hence directly going onto them, also causes the problem.

The issue got sorted after I added SPSecurity.runWithElevatedPriviliges around the logging code.