ASP.NET MVC 5 Web.config: “FormsAuthenticationModule” or “FormsAuthentication”

by

Ok so this not a big deal, but it’s bugging me and I can’t let it go.

So I’m using MVC 5.1 with .NET 4.5.1 and OWIN authentication. So when you create a new MVC 5 project, the following is automatically added to the Web.config to get rid of the forms authentication http module because it is no longer needed when using OWIN middleware:

<system.webServer>
    <modules>
        <remove name="FormsAuthenticationModule" />
    </modules>
</system.webServer>

Now since we are removing the module, that means it was previously added, so here is the entry registering this http module in C:WindowsMicrosoft.NETFrameworkv4.0.30319Configweb.config:

<httpModules>
    <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
</httpModules>

And here is the entry in C:WindowsSystem32inetsrvconfigapplicationHost.config for IIS 8.5 that tells my application to use the module:

<system.webServer>
    <modules>
        <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="managedHandler" />
    </modules>
</system.webServer>

So what is automatically added to my web config at the application level has a name attribute of “FormsAuthenticationModule” while the entries in the two server level/asp.net level config files use name attribute “FormsAuthentication”. So what is going on here? It seems to me that the module won’t be removed since the name attribute doesn’t match. I would simply think this was a typo, but after searching online, everyone seems to be using “FormsAuthenticationModule” in the application web.config. Was this a recent change in the newer version of asp.net / iis or am I missing something?

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You’re right — that’s a typo in the template.

Method 2

A major side effect of this “typo” is it will leave FormsAuthentication on causing loginpath of owin to be ignored and calls to authenticated pages going to /login.aspx


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x