Brett Wilson wrote
What's weird is that you keep saying you think it completely bypasses the AD provider code if Windows authentication is enabled, but I have recorded "null reference" errors from WindowsSignin.aspx when accessing the site from the server (logged in as the local server Administrator account). I assume this is related to the fact that there is no AD directory entry for the local Administrator account, but it does confirm that WindowsSignin.aspx is being run. Weirder still is the fact that the first time I attempt to access the DNN app from the server (as Administrator), the site gives an error. If I just refresh the page then everything works and I am logged in as the DNN user servername\Administrator.
Why I say that it completely bypasses the AD Provider code is based on previous testing when I have switched to Windows authentication in the web.config. I pulled this code snippet out of the code the other day for this post (http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/89/threadid/232127/scope/posts/Default.aspx).
If (authStatus = AuthenticationStatus.Undefined) Then 'OrElse (blnWinLogon) Then <---There's three status types (Undefined, Windows, and WinLogoff). If Windows is returned then the user is already logged into the site so all is bypassed (otherwise we'd be in an infinite loop) and WinLogoff is pretty self explanitory.
AuthenticationController.SetStatus(_portalSettings.PortalId, AuthenticationStatus.WinProcess)
Dim url As String = Request.RawUrl
Dim arrAutoIP() = config.AutoIP.Split(";")
'ACD-7664
Dim strClientIP As String = ADSI.Utilities.GetIP4Address(Request.UserHostAddress)
For intCount As Integer = 0 To arrAutoIP.Length - 1
Dim strAutoIP As String = arrAutoIP(intCount)
If (InStr(strAutoIP, "-")) Then
Dim arrIPRange() = strAutoIP.Split("-")
Dim lClientIP As Long = IPAddressToLong(strClientIP)
If lClientIP >= IPAddressToLong(ADSI.Utilities.GetIP4Address(Trim(arrIPRange(0)))) And lClientIP <= IPAddressToLong(ADSI.Utilities.GetIP4Address(Trim(arrIPRange(1)))) Then
url = GetRedirectURL(Request, _portalSettings) <--- Returns the path to WindowsSignin.aspx
SetDNNReturnToCookie(Request, Response, _portalSettings)
Exit For
End If
ElseIf (Not InStr(Left(strClientIP.ToString, strAutoIP.Length), strAutoIP) = 0) Or (strAutoIP = "") Then
url = GetRedirectURL(Request, _portalSettings) <--- Returns the path to WindowsSignin.aspx
SetDNNReturnToCookie(Request, Response, _portalSettings)
Exit For
End If
Next
Response.Redirect(url) <---Does the Redirect to WindowsSignin.aspx
When I tested it previously (and it was about a year ago) when the web.config was set to WIndows Authentication instead of forms Authentication the authentication status always returned a value of "Windows" and the redirect to WindowsSignin.aspx (and hence the rest of the AD Provider code) was bypassed. It's possible I guess that somewhere along the line something changed and I'm going to have to dig deeper into this and hopefully get some time over the weekend.