Authentication Not Applied to ELMAH

Aug 27, 2014 at 3:17 AM
Edited Aug 27, 2014 at 3:24 AM
I've created an authentication middleware that I want to use to set the current user and have it apply to ELMAH, which is run as an ASP.NET module. I would expect to receive the authentication challenge, once I return the Task, I don't get anything. The browser shows the request for elmah.axd returns a 200 OK. I try to set the challenge like so, using a custom environment dictionary wrapper:
env.ResponseStatusCode <- int HttpStatusCode.Unauthorized
let responseHeaders = env.ResponseHeaders
responseHeaders.Add("WWW-Authenticate", [| "Basic realm=\"my-app\"" |])
Task.FromResult<obj>(null) :> Task)
I set up the middleware to run before the Authenticate stage:
app .Use(Authentication.middleware)
Here Authentication.middleware has the signature OwinAppFunc -> OwinAppFunc, where OwinAppFunc is defined as Func<IDictionary<string, obj>, Task>. The previous incarnation was built as an event handler in Global.asax, so I know it works when running there and is correctly applied to the elmah.axd page.

When debugging, I have set a number of options:
// OWIN v1.1 owin.RequestUser
env.["owin.RequestUser"] <- principal
// Katana server.User
env.["server.User"] <- principal
// System.Web principal
if env.ContainsKey("System.Web.HttpContextBase") then
    let httpContext : System.Web.HttpContextBase = unbox env.["System.Web.HttpContextBase"]
    httpContext.User <- principal
// Standard .NET Thread.CurrentPrincipal
Thread.CurrentPrincipal <- principal
These appear to work for all other requests. I initially tried to also set HttpContext.Current.User, but I found this broke at least my tests and appeared to also break when debugging.

What might I be missing?

Aug 27, 2014 at 3:31 AM
I think I determined it's a bug in my wrapper. I can see that the 200 OK is just the default; the values I set are not making it back into the original environment object.