Mvc action returns 401 error - McMap

About

Mvc action returns 401 error

Asked 7/2, 2013 at 1:7 Answered 7/2, 2013 at 16:3

c#asp.net-mvc asp.net-mvc-areas http-status-code-401

M

1

1

This is a strange one. They always are when I get to this point.

I have an MVC app. It's a single page app so all routes are ajax calls but I don't think this is relevant.

Strangely and all of a sudden one particular page has started giving me a 401 and prompting for creds. Actually it's both pages that are in this MVC Area. It is only doing it in qa no locally so I can't debug. And It only started after last push. None of the other pages are doing this.

So I compared the headers via fiddler for a successful page and the 401 page on the site. exactly the freakin same except the url. the actions

the action for 401

public ActionResult Display_Template(ViewModel input)
{
    return this.View("Display", new TasksByFieldViewModel());
}

for the 200

public ActionResult AddUpdate_Template(ViewModel input)
{
    return View("VendorAddUpdate", new VendorViewModel());
}

The only changes are this and this makes no sense.

From the 401 page, I redirect to an aspx page that has a reportviewer on it. But you have to click a button and then you are window.locationed on over. It can't possibly have anything to do with that.

The second is that I upgraded from sqlserver trial to sqlserver standard on the qa server.

That's all I got. completely befuddled.

Any thoughts would be great.

Thanks,

Raif

EDIT\Fix\Hack:

Ok well this is either confusing or enraging. It's too early to tell.

My MVC Area, the one that is breaking, well it was named "Reports" because, well it was full of reports. After doing some hail mary tests I changed the Area name to Reportsx, now it works like a dream. As I certainly never told any part of the stack to demand credentials if the Area name is Reports I can only assume that there is some IIS setting or MVC setting that says if the url is xxx/Reports then demand creds.

I'm open to alternative views.

Mcneese answered 7/2, 2013 at 1:7 Comment(6)

I assume that in QA, a different web.config is used. Probably worth checking that there are no locations made inaccessible via this means. – Cribbage 7/2, 2013 at 1:26

You could try creating a blank view with Layout=null for your display template and using that to determine if your action or your view is the issue and work from there. – Carabin 7/2, 2013 at 9:54

Do you by any chance have SSRS installed/hosted on your QA server? – Testes 7/2, 2013 at 16:8

Peter, now we are getting somewhere. As I mentioned I did upgrade my sql server. As an aside I"m hosting on azure and I used the image they have that comes with sql server, and it turns out that that is a trail version, so it just up an quit on me. Very annoying. Anyway, I installed standard and I did install SSRS with it. Is it possible that that has somehow messed with iis and hijacked the reports url? – Mcneese 7/2, 2013 at 16:22

Wow - I just came to this page and was astounded that your controller name is Reports - SO IS MINE!!! And I have the same problem that I can't figure out. – Aerography 27/2, 2014 at 22:10

I just experienced the same problem, and thanks to @Peter's comment I was able to also identify SSRS as cause. You can use Reporting Services Configuration Manager to restrict SSRS URL filter devio.wordpress.com/2016/01/15/… – Logistic 15/1, 2016 at 0:21

B

1

If the system at wherever you work is similar to the one where I work, then when you say "in QA" you mean you've put your code on a server for the testers to poke at. Now, when I first started here, I was told to leave certain existing config files as I found them on this server, because changes will introduce things that are specific to my machine and break things. I'm guessing you have a similar policy, and have therefore deployed your new page to a server, but left that server's Web.config alone. However, in Web.config, there's a whole list of sections that look something like this:

<location path="something">
    <formsAuthenticationWrapper enabled="false"/>
    <system.webServer>
        <security>
            <authentication>
              <windowsAuthentication enabled="true"/>
              <anonymousAuthentication enabled="false"/>
            </authentication>
        </security>
    </system.webServer>
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

where the "something" as the path value in the first line can be a path like "Assets/CSS" or a page like "Login.aspx". You'll notice that there's various settings for auth modes.

Now, if the Web.config on the QA server mentions something called "Reports" and specifies that it requires a particular auth mode, then failure to provide suitable credentials for that mode will result in a 401. Changing the name to "Reportsx" probably just meant that it can no longer find a matching entry, and so fell back to a default mode, which apparently lets people in.

So, try checking the server's Web.config for sections mentioning "something/Reports" and see what auth they require.

Bax answered 7/2, 2013 at 16:3 Comment(1)

Thank you for the suggestion. This is a pretty small ( so far ) green field project and my dev,qa, and prod set ups are as similar as is possible. In fact I can copy and past my web.config, as I have it referencing a appsettings.config file that I do leave untouched ( although it's pretty similar ). So I don't think this is the issue, but it does make sense. There is a comment on the original post about ssrs and I think this is where the pain is. See above if interested. – Mcneese 7/2, 2013 at 16:20

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.