Unauthenticated users cannot access static files in ASP.NET MVC regardless of location elements_问答_开发者

Unauthenticated users cannot access static files in ASP.NET MVC regardless of location elements

开发者 https://www.devze.com 2023-01-24 08:45 出处：网络

I know this question has been asked several times on SO, but none of those answers have worked in my situation. I have an ASP.NET MVC2 app that uses Forms authentication on my local IIS 7.5(7600.16385) on an AppPool running 开发者_如何学Pythonin integrated mode. Interestingly, this does not happen when using the development web server that comes with VS 2010. My web.config file contains no <authorization /> and no <location /> elements. When I hit the home page, I get everything in the logon view except for the .CSS and .PNG files stored in the ~/Content directory. When I directly request the .CSS file with http://localhost/WebSubscribers/Content/Site.css, I am redirected to the logon page. It seems like a wild-card mapping tries to authorize every request even when I allow that request using <location path="Content" /> as shown below:

<location path="Content" >
 <system.web>
  <authorization>
   <allow users="*"/>
  </authorization>
 </system.web>
</location>

Most of the answers I found on Stack Overflow suggest adding just such a location element to fix the problem, but that does not work for me so I removed it.

I created no wild-card mappings in IIS and, just to make sure, I removed the site and re-created it pointing at the same directory, only to get the same results. Can a wild-card mapping be specified anywhere other than IIS? Can my web.config file have "acquired" some kind of wild-card mapping? I use the Telerik MVC controls, which appear to have made some changes (registered namespaces, httpHandlers, modules) to the web.config file.

Any other suggestions?

UPDATE: When using Chrome to hit the website without being authenticated, the "Resources" developer tool says the following about my Site.css file: "Site.css:-1Resource interpreted as stylesheet but transferred with MIME type text/html."

Where would such a mime type be set? The site's node in IIS says ".css | text/css | Inherited".

I found both the cause and solution to my problem in IIS. The web app runs in IIS from within my Visual Studio Projects directory, so I configured it to use an AppPool that runs under my user account. In IIS, the Anonymous Authentication feature was configured as Specific user: IUSR. I do not know why or how. When I changed this back to Application pool identity, unauthenticated users could access static files.

+1 to Craig Stuntz for pointing out that wild-card mappings as well as the location elements are not needed for MVC and IIS 7.

You shouldn't be using a wild card mapping for IIS 7 in integrated mode. You only need that for IIS 6 / "classic" mode. You don't need the location element, either; this "just works."