ASP.NET MVC 3: I cannot go to my Content directory until resolved

Question

ASP.NET MVC 3: I cannot go to my Content directory until resolved

That's it, I am deploying the MVC 3 application to the test server for the first time. The application works the same as expected locally from Cassini. However, on the server through IIS, it will not display CSS until I authenticate. If I try to go to localhost / Content / Site.css, it redirects me to the login page. I checked in IIS and anonymous authentication is enabled.

Any ideas what could be the problem?

Thanks!

+4

authentication asp.net asp.net-mvc-3

RepDetec Apr 26 '11 at 2:36

source share

4 answers

alanramsay · Answer 1 · 2012-05-22T11:18:13+0000

I had a similar problem. For me, the answer was to provide Read permissions for the IUSR folder as well as IIS_IUSRS .

Kyle rogers · Answer 2 · 2011-04-26T02:49:18+0000

Add the following to your web.config. You must tell asp.net that the following directory can be accessed whether you are authenticated or not. This applies to configuring in your web.config.

<configuration> ... <location path="Content"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> ... <system.web> <authorization> <deny users="?" /> </authorization> </system.web> ..... </configuration>

Adam Tuliper - MSFT · Answer 3 · 2011-04-26T02:49:32+0000

Look at the file permissions and make sure they match the files you can map. Secondly, check your web.config to make sure that you are not using authorization elements in it, such as:

 <authorization> <allow users="user1, user2"/> <deny users="?"/> </authorization>

Leftyx · Answer 4 · 2012-08-29T14:52:03+0000

You cannot use routing files or web.config to protect your MVC expression. The only supported way to protect your MVC application is to apply the [Authorize] attribute for each controller and action method (except for login / registration methods). Securing solutions based on your current area is a very bad thing and your application will open to vulnerabilities.

You can read it here .

You can control your authentication method in the web.config file :

 <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" defaultUrl="~/Home/Index" timeout="2880" protection="All" slidingExpiration="true" /> </authentication>

then you should use the [Authorize] attribute for the controller / action you want to protect.
Generally, you do not want to protect the account controller.

Another useful link.

ASP.NET MVC 3: I cannot go to my Content directory until resolved

More articles: