Rusty Divine

Live, Love, Learn, Teach

Subtle MVC, Razor, Membership Bug

I encountered a really frustrating bug yesterday when I tried to hit my MVC project on the QA server, and it turns out it manifested itself in several telltale ways:

  1. The QA server (IIS 7) reported 403 Forbidden for my login page.  Could not load anything.
  2. My local machine (IIS 7 Express) would not show the ValidationSummary on the login page
  3. My local machine would not let me navigate to the forgot password page, or any [Allow Anonymous] pages other than the login page, unless I logged in;
  4. after logging into my local machine, and then everything worked fine, and I could get to the [Allow Anonymous] pages
  5. My local machine would not show the company name text in the banner until I logged in

The last sign was finally what clicked – I didn’t realize these all were related until I noticed that one.  On my _layout.cshtml page, I have the following:

@{ Html.RenderAction("_CompanyName", "CompanyName"); }

The site is a multi-tenant application that has a url like: {company}  The above calls into an action that takes that {company} and looks up the company name in the repository, then displays that name in the banner.

The problem was the _CompanyName action on the CompanyNameController was not marked as [Allow Anonymous].  IIS Express was able to let this slide, but IIS did not!

blog comments powered by Disqus