views:

267

answers:

7

Hi, I'm developing a MVC2 application and using Forms Authentication on it.

The scripts, images and styles are all blocked to unlogged users and, consequently, the login page looks awful.

It works well local, the problem is when I publish to the server.

Does anyone has any idea WHY????

PS: The server IIS is version 7.5

My Web.config:

<configuration>
  <system.web>
    <globalization culture="pt-BR" uiCulture="pt-BR" />
    <httpRuntime requestValidationMode="2.0"/>
    <customErrors mode="Off" />
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>

    <pages>
      <namespaces>
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="Admin.Models" />
      </namespaces>
    </pages>

    <authentication mode="Forms">
      <forms name="AGAuth" loginUrl="~/Home/Login" timeout="120" />
    </authentication>
  </system.web>

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>

  <connectionStrings>
      <add name="DBContainer" connectionString="metadata=res://*/Database.DB.csdl|res://*/Database.DB.ssdl|res://*/Database.DB.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=thewebserver.com,5158;Initial Catalog=thedatabase;Persist Security Info=True;User ID=theuser;Password=thepassword;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>

</configuration>
A: 

This is a complete stab in the dark but what are the rights on the image and css folders? If they are set so that only authorised people can get to them then you have a problem. You might try setting the rights on those folders to everyone, or for the .net default user and see what you get.

griegs
But when I login everything works fine. If you try to access `/Content/Styles/redmond/jquery-ui-1.8.4.custom.css` you'll be redirected to the login page. That means it's putting everything under authentication, even images and styles
Rodrigo Waltenberg
that's exactly right. i think you need to remove the rights on the images and css folders so that anyone can see them even when not logged in. once you are logged in the folder rights are met and thus you can see them
griegs
And how do I do that?
Rodrigo Waltenberg
right click on the folder and set the permissions. i'm talking about normal window folder permissions
griegs
I'm using a webserver with Plesk Panel 9.5.1 on it. I tried to set folder permissions there and was not successfull
Rodrigo Waltenberg
@Rodrigo when you said you tried to set folder permissions and were not successful did you mean you: set it to everyone and it had the same behavior? or that you couldn't get it to set the permission (having only access through that panel) / If its the later you need to address that, I suggest posting a separate question about it (maybe its a serverfault.com question).
eglasius
+1  A: 

Take a look at the documentation for the location element. I think the first example will give you what you need.

For convenience, here is the example mentioned:

<configuration>
   <location path="Logon.aspx">
      <system.web>
         <authorization>
            <allow users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>
adrift
Tried that. Didn't work :/
Rodrigo Waltenberg
In the examples here (http://support.microsoft.com/kb/316871) they use <allow users="*"/>...
adrift
Tried both ways. Nothing.
Rodrigo Waltenberg
A: 

Did you accidentally copy or create a Web.config file in your Content folder that has an <authorization> element that may be denying access?

Scott Mitchell
No Web.config on any of the internal folders
Rodrigo Waltenberg
+2  A: 

Add a web.config to the scripts, images and styles folders telling asp.net to allow access to all users (make sure you you don't have anything in there that you don't want anonymous users to have access to):

<configuration>
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
</configuration>

As for the reason, the following is telling IIS to let asp.net process all the requests:

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
eglasius
tried that also. Doesn't work =/
Rodrigo Waltenberg
k, then its Very likely file system permissions / greigs's answer
eglasius
+1  A: 

I had exactly the same problem.

The cause turned out to be the IIS authentication configuration. By enabling Anonymous Authentication (and enabling Forms Authentication and disabling Windows Authentication) the scripts, styles and images became accessible when logged off.

Scott H
Thanks Man!!! It worked!
Rodrigo Waltenberg
+1  A: 

The group IIS_WPG need read access to the fold. Now it works fine... hope this helps someone else

CarlU
A: 

Make sure static content role is installed had a similar issue where css etc wasn't accessed.

patrick burdett