IIS 7.5 and Authorisation

I have a asp.net/silverlight website that used to work under iis6. We are upgrading to iis7.5 but I cannot get it to work properly.

Basically prior, the website was setup with Forms authorisation and the entire website was set to deny all users. I then setup the login page, images and default.aspx files to be accessed anoymously. All good.

I also had roles security setup on other folders. Once the users logged in, they would get their roles and they were able to access the folders which they were given access to.

In 7.5 virtually nothing is working. I have followed all the info on the web but to no avail. Can anyone help

Here are the sections of my web.config file

    <authentication mode="Forms">
        <forms loginUrl="login.aspx" requireSSL="false" timeout="30" />
    </authentication>

    <authorization>
        <deny users="?" />
    </authorization>


<location path="images">
    <system.webServer>
        <security>
        <authorization>
                    <add accessType="Allow" users="*" />
        </authorization>
        </security>
    </system.webServer>
</location>

<location path="default.aspx">
    <system.webServer>
        <security>
        <authorization>
                    <add accessType="Allow" users="*" />
        </authorization>
        </security>
    </system.webServer>
</location>

<location path="www">
    <system.webServer>
        <security>
        <authorization>
                    <add accessType="Allow" users="*" />
        </authorization>
        </security>
    </system.webServer>
</location>

<location path="manuals/customer">
    <system.webServer>
        <security>
        <authorization>
            <add accessType="Allow" users="" roles="man_customer" />
            <add accessType="Deny" users="*" />
        </authorization>          
        </security>
    </system.webServer>
</location>

<location path="manuals/msa">
    <system.webServer>
        <security>
        <authorization>
            <add accessType="Allow" users="" roles="man_msa" />
            <add accessType="Deny" users="*" />
        </authorization>          
        </security>
    </system.webServer>
</location>


<location path="documents/msa">
    <system.webServer>
        <security>
        <authorization>
            <add accessType="Allow" users="" roles="doc_msa" />
            <add accessType="Deny" users="*" />
        </authorization>          
        </security>
    </system.webServer>
</location>

<location path="documents/admin">
    <system.webServer>
        <security>
        <authorization>
            <add accessType="Allow" users="" roles="doc_admin" />
            <add accessType="Deny" users="*" />
        </authorization>          
        </security>
    </system.webServer>
</location>

<location path="documents/customer">
    <system.webServer>
        <security>
        <authorization>
            <add accessType="Allow" users="" roles="doc_customer" />
            <add accessType="Deny" users="*" />
        </authorization>          
        </security>
    </syste开发者_如何学Pythonm.webServer>
</location>

<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules>
          <remove name="FormsAuthentication" /> 
          <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" /> 
          <remove name="UrlAuthorization" /> 
          <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" /> 
          <remove name="DefaultAuthentication" /> 
          <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" /> 
          <remove name="RoleManager" /> 
          <add name="RoleManager" type="System.Web.Security.RoleManagerModule" /> 
          <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

    </modules>
    <handlers>
        <remove name="WebServiceHandlerFactory-Integrated" />
        <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    </handlers>
    <security>
        <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="?" />
        </authorization>
    </security>
    <defaultDocument>
        <files>
            <clear />
            <add value="default.aspx" />
        </files>
    </defaultDocument>
</system.webServer>

When the website starts up it initially redirects to the login.aspx file. The image from the images folder is not accessible.

Not sure on how you had it working on IIS 6, but I've got something similar running on IIS 7.5 and my web.config looks a little different. Try this:

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="login.aspx" requireSSL="false" timeout="30" />
  </authentication>
  <authorization>
    <deny users="?"/>
  </authorization>
</system.web>

<location path="images">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>