Asp.net MVC error with configured managed modules

Question

I have a custom authentication HttpModule that is pretty strait forward. But I want it to run only for managed requests (and not for static ones).

Asp.net MVC automatically adds configuration section for IIS7 web server:

<system.webServer>
   <validation validateIntegratedModeConfiguration="false" />
   <modules runAllManagedModulesForAllRequests="true">
      <remove name="ScriptModule" />
      <remove name="UrlRoutingModule" />
      <add name="ScriptModule"
           preCondition="managedHandler"
           type="System.Web.Handlers.ScriptModule,..." />
      <add name="UrlRoutingModule"
           type="System.Web.Routing.UrlRoutingModule,..." />
   </modules>
   <handlers>
      ...
   </handlers>
</system.webServer>

When I add my own module I also set its preCondition="managedHandler", but since there's runAllManagedModulesForAllRequests="true" on parent <module> element my preCondition is ignored by design (as I read on MSDN).

When I try to set though:

<modules runAllManagedModulesForAllRequests="false">

I get an error.

What else (which other module) do I have to set in web.config to make this setting work:

<modules runAllManagedModulesForAllRequests="false">

Answer 1

I think you’ve got the error message because your application was relying on some other managed module (Session) and that module was configured to run only for requests to managed handler (runAllManagedModulesForAllRequests="false").

You can try the following setting to Re-configure the Session module to run for all requests

<modules>
<remove name="Session" />
<add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition="" />
</modules>

Answer 2

Ok. So I have a solution with a workaround for this. I still had to use default modules setting as:

<modules runAllManagedModulesForAllRequests="true">

But I was able to disable my custom authentication module by setting additional web.config entries for certain locations like:

<location path="~/App_Themes">
    <system.web>
        <authentication mode="None" />
    </system.web>
</location>

<location path="~/Content">
    <system.web>
        <authentication mode="None" />
    </system.web>
</location>

<location path="~/Scripts">
    <system.web>
        <authentication mode="None" />
    </system.web>
</location>

So I disabled authentication on certain paths. It's a workaround and not an actual solution. So you can still provide your own suggestions or even solutions that actually address the runAllManagedModulesForAllRequests="true" default Asp.net MVC configuration.