CODEWITHSUNDEEP
iisiis-7
user1198049
user1198049

Reputation: 501

URL rewrite - REMOTE_USER always empty

I need to create a URL rewrite rule that adds the REMOTE_USER value to the query string. I simplified my app down to absolute essentials. However, the REMOTE_USER is always empty while the rule condition is evaluated.

My web site configured in IIS 7, app pool uses integrated mode with .NET 2.0. I disabled Anonymous Auth and enabled Windows Auth on the site through IIS Manager and I even added the line to web.config to prevent anonymous access. Here are my two files.

web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer> 
        <security> 
            <authorization> 
                <remove users="?" roles="" verbs="" />
            </authorization>
        </security>
        <rewrite>
            <rules>
                <clear />
                <rule name="Add login into URL" stopProcessing="true">
                    <match url=".*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
                        <add input="{QUERY_STRING}" pattern="login" negate="true" />
                        <add input="{REMOTE_USER}" pattern="(.*)" />
                    </conditions>
                    <action type="Redirect" url="{HTTP_URL}?login={C:1}" redirectType="Temporary" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

default.asp

<%= Request.ServerVariables("REMOTE_USER") %>

My rule never hits because {REMOTE_USER} is always blank when conditions are evaluated (other server variables show up in the rule, so it's just {REMOTE_USER}). The twist is that default.asp shows my REMOTE_USER value.

Any suggestions why this happened? Thank you

Upvotes: 1

Views: 5114

Answers (2)

user153923
user153923

Reputation:

So, did you solve this?

Apparently, ServerVariables have been depreciated for C# in some instances.

If that is your case, you'll need to do it this way:

string login = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

If you really want to use ServerVariables, keep in mind they are CaSe Sensitive in C#. The correct casing is almost always UPPER, and here is the list of them:

List of ServerVariables

Upvotes: 0

user1198049
user1198049

Reputation: 501

I don't know why I didn't find this link before. As I suspected, auth runs after URL rewrite rules and REMOTE_USER can't be used to redirect. I suppose I would have to write my own redirection module.

http://forums.iis.net/t/1155169.aspx/1

Upvotes: 1

Related Questions