Unauthenticated users cannot access static files in ASP.NET MVC regardless of location elements
I know this question has been asked several times on SO, but none of those answers have worked in my situation. I have an ASP.NET MVC2 app that uses Forms authentication on my local IIS 7.5(7600.16385) on an AppPool running 开发者_如何学Pythonin integrated mode. Interestingly, this does not happen when using the development web server that comes with VS 2010. My web.config file contains no <authorization />
and no <location />
elements. When I hit the home page, I get everything in the logon view except for the .CSS and .PNG files stored in the ~/Content
directory. When I directly request the .CSS file with http://localhost/WebSubscribers/Content/Site.css, I am redirected to the logon page. It seems like a wild-card mapping tries to authorize every request even when I allow that request using <location path="Content" />
as shown below:
<location path="Content" >
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Most of the answers I found on Stack Overflow suggest adding just such a location element to fix the problem, but that does not work for me so I removed it.
I created no wild-card mappings in IIS and, just to make sure, I removed the site and re-created it pointing at the same directory, only to get the same results. Can a wild-card mapping be specified anywhere other than IIS? Can my web.config file have "acquired" some kind of wild-card mapping? I use the Telerik MVC controls, which appear to have made some changes (registered namespaces, httpHandlers, modules) to the web.config file.
Any other suggestions?
UPDATE: When using Chrome to hit the website without being authenticated, the "Resources" developer tool says the following about my Site.css file: "Site.css:-1Resource interpreted as stylesheet but transferred with MIME type text/html."
Where would such a mime type be set? The site's node in IIS says ".css | text/css | Inherited".
I found both the cause and solution to my problem in IIS. The web app runs in IIS from within my Visual Studio Projects directory, so I configured it to use an AppPool that runs under my user account. In IIS, the Anonymous Authentication feature was configured as Specific user: IUSR. I do not know why or how. When I changed this back to Application pool identity, unauthenticated users could access static files.
+1 to Craig Stuntz for pointing out that wild-card mappings as well as the location elements are not needed for MVC and IIS 7.
You shouldn't be using a wild card mapping for IIS 7 in integrated mode. You only need that for IIS 6 / "classic" mode. You don't need the location element, either; this "just works."
精彩评论