I have a site that uses a .net security module to secure certain areas of the website. It's not working, the pages that should be password protected are not. Other than that, the site doesn't throw any errors.
I don't have access to the code, and the module doesn't seem to log anything.
Is there an IIS or .Net log of loading/calling httpModules? I feel like it's not loading/calling it, and it's just not telling me.
My web.config has this snippet, which loads the module:
<httpModules>
<add name="MyApp.SecurityModule" type="MyApp.Host.Security.WebForms.SecurityModule" />
</httpModules>
Is this security module compiled into its own separate assembly (DLL)? If so, you might be able to detect whether the DLL is being successfully accessed by the IIS process (w3wp.exe) by using SysInternals procmon. Perhaps it's as simple as a file system permissions issue.
Have you checked the Windows Event log for any error messages?
Does the application use log4net or another logging framework? Perhaps you can change the logging level to DEBUG and see if anything is written to the application log.
You might try enabling page tracing in the web.config, and see if anything appears in the trace log.
Check Failed Request Tracing. http://blogs.msdn.com/b/tess/archive/2008/08/19/troubleshooting-a-performance-issue-with-failed-request-tracing-and-appcmd-in-iis7.aspx
It will show you the entire pipeline and which modules are loaded etc.
You can see from httplog on below path