tags:

views:

267

answers:

7
Q: 

My ASP.NET MVC2 application with Forms Authentication is blocking access even to Images, Styles and Scripts

Hi, I'm developing a MVC2 application and using Forms Authentication on it.

The scripts, images and styles are all blocked to unlogged users and, consequently, the login page looks awful.

It works well local, the problem is when I publish to the server.

Does anyone has any idea WHY????

PS: The server IIS is version 7.5

My Web.config:

<configuration>
  <system.web>
    <globalization culture="pt-BR" uiCulture="pt-BR" />
    <httpRuntime requestValidationMode="2.0"/>
    <customErrors mode="Off" />
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>

    <pages>
      <namespaces>
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="Admin.Models" />
      </namespaces>
    </pages>

    <authentication mode="Forms">
      <forms name="AGAuth" loginUrl="~/Home/Login" timeout="120" />
    </authentication>
  </system.web>

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>

  <connectionStrings>
      <add name="DBContainer" connectionString="metadata=res://*/Database.DB.csdl|res://*/Database.DB.ssdl|res://*/Database.DB.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=thewebserver.com,5158;Initial Catalog=thedatabase;Persist Security Info=True;User ID=theuser;Password=thepassword;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>

</configuration>
A: 

This is a complete stab in the dark but what are the rights on the image and css folders? If they are set so that only authorised people can get to them then you have a problem. You might try setting the rights on those folders to everyone, or for the .net default user and see what you get.

griegs  2010-09-15 22:48:14
But when I login everything works fine. If you try to access `/Content/Styles/redmond/jquery-ui-1.8.4.custom.css` you'll be redirected to the login page. That means it's putting everything under authentication, even images and styles
Rodrigo Waltenberg  2010-09-15 23:03:37
that's exactly right. i think you need to remove the rights on the images and css folders so that anyone can see them even when not logged in. once you are logged in the folder rights are met and thus you can see them
griegs  2010-09-15 23:15:35
And how do I do that?
Rodrigo Waltenberg  2010-09-15 23:24:43
right click on the folder and set the permissions. i'm talking about normal window folder permissions
griegs  2010-09-15 23:29:22
I'm using a webserver with Plesk Panel 9.5.1 on it. I tried to set folder permissions there and was not successfull
Rodrigo Waltenberg  2010-09-16 01:18:51
@Rodrigo when you said you tried to set folder permissions and were not successful did you mean you: set it to everyone and it had the same behavior? or that you couldn't get it to set the permission (having only access through that panel) / If its the later you need to address that, I suggest posting a separate question about it (maybe its a serverfault.com question).
eglasius  2010-09-20 16:51:41
+1  A: 

Take a look at the documentation for the location element. I think the first example will give you what you need.

For convenience, here is the example mentioned:

<configuration>
   <location path="Logon.aspx">
      <system.web>
         <authorization>
            <allow users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>
adrift  2010-09-15 22:52:25
Tried that. Didn't work :/
Rodrigo Waltenberg  2010-09-15 23:04:55
In the examples here (http://support.microsoft.com/kb/316871) they use <allow users="*"/>...
adrift  2010-09-15 23:31:00
Tried both ways. Nothing.
Rodrigo Waltenberg  2010-09-16 01:01:25
A: 

Did you accidentally copy or create a Web.config file in your Content folder that has an <authorization> element that may be denying access?

Scott Mitchell  2010-09-15 23:03:06
No Web.config on any of the internal folders
Rodrigo Waltenberg  2010-09-15 23:05:43
+2  A: 

Add a web.config to the scripts, images and styles folders telling asp.net to allow access to all users (make sure you you don't have anything in there that you don't want anonymous users to have access to):

<configuration>
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
</configuration>

As for the reason, the following is telling IIS to let asp.net process all the requests:

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
eglasius  2010-09-16 07:40:54
tried that also. Doesn't work =/
Rodrigo Waltenberg  2010-09-20 12:59:27
k, then its Very likely file system permissions / greigs's answer
eglasius  2010-09-20 16:48:16
+1  A: 

I had exactly the same problem.

The cause turned out to be the IIS authentication configuration. By enabling Anonymous Authentication (and enabling Forms Authentication and disabling Windows Authentication) the scripts, styles and images became accessible when logged off.

Scott H  2010-10-07 00:08:15
Thanks Man!!! It worked!
Rodrigo Waltenberg  2010-10-20 19:13:45
+1  A: 

The group IIS_WPG need read access to the fold. Now it works fine... hope this helps someone else

CarlU  2010-10-29 01:11:16
A: 

Make sure static content role is installed had a similar issue where css etc wasn't accessed.

patrick burdett  2010-10-29 04:42:32

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps