I've posted this problem on the Identity and Access Add-in page and MVC forums, but no solution is yet forthcoming, so I thought I'd try you lot.
I have an issue where if I add Identity and Access to an MVC4 project, the requests to script and css files become unstable and often don't get served by iisexpress.
Create a new MVC4 project - Basic, with Razor engine
Add a controller called Home - just bare controller.
Create view Index for action Index on Home controller. Use built in layout defined in _viewStart , so includes bundled jquery and modernizr
Enable IISExpress for the application
Test this application - should work fine. refresh, reload etc, all works ok.
Next, configure Identity and Access on the application with Local development STS. Leave all as defaults.
Test application again. You should see it go through the localSTS authentication and then request the Home/Index action - at this point it tries to get the script files but these requests hang. The page is delivered, but can't render as the script files in the tag prevent it doing so until the script requests time out.
If you fire up another browser session in, say, chrome, then you can navigate to the script file and it will be downloaded on that session.
Zipped project with this state is here: https://www.dropbox.com/s/dy2bs5fh70kubp6/MvcApplication3.zip
I've used fiddler and wireshark to try and identify what is happening, but it just seems like the request to iisexpress hangs. I've tried this on both my machines. One 64 bit, the other not. Both VS2012 Professional V 11.0.50727.1 RTMREL, .NET framework 4.5.50709, logged in as me, an administrator on the machine, VS running as administrator
Any thoughts?
Edit: some more things I've tried: - Using Azure STS has the same effect. - Removing the tag that is in by default means that the script files are all accessible, seemingly all the time as required, but the Thread.CurrentPrincipal.Identity is then the generic Identity - i.e. the user is not authenticated. Adding [Authorize] attribute to my BaseController then forces the authentication with the STS as with the web.config directive, and then has the same issues with the script and css files. I was kinda hoping that this might work as removes any authentication from the root of the project to the controllers only, but alas, no joy.
And lo. It was AVG antivirus
For some reason the combination of AVG and Identity and Access addin causes this issue.
I have tried disabling various components of AVG but it seems that the only solution is to disable it entirely.
So given that, who can recommend an AV that won't interfere with development activities?