ASP.NET MVC 3 application always redirects to LogIn on live site

This might at first glance seem rather similar to this question, but in my case I have implemented standard AspNetSqlMembershipProvider based security in my MVC application.

When I deploy my application on localhost or a in-house staging server, everything works as expected - most of the HomeController and AccountController actions are visible to unauthenticated users and all others are protected (I use [Authorize] attribute for marking up classes and methods that need to be protected)

The problem is that when I deployed my application to the live hosting server, basically all the requests get redirected to the login page without any apparent reason.

I realize that I must be overlooking some simple but crucial bit of configuration, but since I am new to this whole .NET thing (never mind the ASP and MVC) I can not for the life of me figure out what's wrong or missing

If more information is required, please let me know and I will be glad to provide.

Edit: There are no <location> elements in the Web.config. Also, the differences in staging vs. live site Web.config are only in connection strings and Elmah logger configurations.

Also, the code that regis开发者_JAVA百科ters global filters is quite standard (I have not touched this):

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
}

Maybe there is something in the server configuration that might cause the different behavior? Where should I look?

As it turned out, the issue was indeed a "trivial configuration problem", although it had nothing to do with asp.net or mvc as such.

In my hosting provider's control panel I simply had to grant Anonymous user permission to read files from the physical folder of the application.

Once this was done, the application code worked as expected.

It seems that since the anonymous (unauthenticated) user did not have read permissions to anything from the physical filesystem IIS interpreted this as 401 error and automatically redirected all the requests to the configured login method (which was set to "Forms"), resulting in this semingly weird error message.