Authorization problem, FormsAuth and ASP.NET MVC

Question

I have a pretty simple ASP.NET MVC Site Application. (MVC 1.0)

I have NO authorization sections in my web.config because I use the [Authoize] attribute on my controllers.

The default web.config for the server allows * for forms authentication, as expected.

I have 2 existing Windows 2008 dedicated (hosted) servers. The site works well.

I have a new dedicated server, seems identical except the site just won't work. Every resource, even images/javascript is redirecting to the login page.

I tried adding explicit authorization rules to allow * and location rules, same result. I checked the .NET Trust level, Internal/Full Trust. Everything runs perfectly on two servers, just this one is ignoring all rules for authorization.

Any ideas? thanks

Answer 1

I found the issue :) Unless something has changed in Windows 2008 I would have expected this to show as an error but as stated above, it was being hidden by Forms Authentication.

The issue was the hosting company now adds data drives to all servers for your websites/storage. There were no permissions set to allow IIS to read the files. The reason I couldn't find it was I already added permission for the application pool user, in my case I just went ahead and added ASPNET, Network Service, IIS Anon User etc to have full permissions.

I needed to allow Everyone to have at least Read to the website folders and then IIS showed the non-secured content. I still think it is odd that forms auth. was kicking in and ignoring all web.config rules but anyway.

I found the error by turning off Forms Auth support in the IIS 7 manager. Then I got the process failure error because of file permissions.