未经身份验证的用户无法访问ASP.NET MVC中的静态文件,无论位置元素如何 [英] Unauthenticated users cannot access static files in ASP.NET MVC regardless of location elements
问题描述
我知道这个问题在SO上已经问过好几次了,但是在我的情况下,这些回答都没有用.我有一个ASP.NET MVC2应用程序,该应用程序在以集成模式运行的AppPool上的本地IIS 7.5(7600.16385)上使用窗体身份验证.有趣的是,在使用VS 2010附带的开发Web服务器时,不会发生 .我的web.config文件不包含<authorization />和<location />元素.当我进入主页时,除了在~/Content目录中存储的.CSS和.PNG文件之外,我都会在登录视图中看到所有内容.当我通过 http://localhost/WebSubscribers/Content/Site.css ,我被重定向到登录页面.似乎通配符映射尝试授权每个请求,即使我使用<location path="Content" />允许该请求,如下所示:
I know this question has been asked several times on SO, but none of those answers have worked in my situation. I have an ASP.NET MVC2 app that uses Forms authentication on my local IIS 7.5(7600.16385) on an AppPool running in integrated mode. Interestingly, this does not happen when using the development web server that comes with VS 2010. My web.config file contains no <authorization /> and no <location /> elements. When I hit the home page, I get everything in the logon view except for the .CSS and .PNG files stored in the ~/Content directory. When I directly request the .CSS file with http://localhost/WebSubscribers/Content/Site.css, I am redirected to the logon page. It seems like a wild-card mapping tries to authorize every request even when I allow that request using <location path="Content" /> as shown below:
<location path="Content" >
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
我在Stack Overflow上找到的大多数答案都建议仅添加一个location元素来解决问题,但这对我不起作用,因此我将其删除.
Most of the answers I found on Stack Overflow suggest adding just such a location element to fix the problem, but that does not work for me so I removed it.
我没有在IIS中创建任何通配符映射,只是为了确保,我删除了该站点,然后重新指向同一目录创建了该站点,只是获得了相同的结果.可以在IIS以外的任何地方指定通配符映射吗?我的web.config文件可以获取"某种通配符映射吗?我使用Telerik MVC控件,这些控件似乎对web.config文件进行了一些更改(注册的名称空间,httpHandlers,模块).
I created no wild-card mappings in IIS and, just to make sure, I removed the site and re-created it pointing at the same directory, only to get the same results. Can a wild-card mapping be specified anywhere other than IIS? Can my web.config file have "acquired" some kind of wild-card mapping? I use the Telerik MVC controls, which appear to have made some changes (registered namespaces, httpHandlers, modules) to the web.config file.
还有其他建议吗?
更新:使用Chrome浏览器未经身份验证访问网站时,资源"开发人员工具对我的Site.css文件说以下内容:"Site.css:-1资源被解释为样式表,但以MIME类型text/html传输."
UPDATE: When using Chrome to hit the website without being authenticated, the "Resources" developer tool says the following about my Site.css file: "Site.css:-1Resource interpreted as stylesheet but transferred with MIME type text/html."
将在哪里设置这种mime类型? IIS中的站点节点显示为".css | text/css | Inherited".
Where would such a mime type be set? The site's node in IIS says ".css | text/css | Inherited".
推荐答案
我在IIS中找到了导致问题的原因和解决方案.该Web应用程序在Visual Studio Projects目录中的IIS中运行,因此我将其配置为使用在我的用户帐户下运行的AppPool.在IIS中,匿名身份验证功能被配置为特定用户:IUSR .我不知道为什么或如何.当我将其更改回应用程序池标识时,未经身份验证的用户可以访问静态文件.
I found both the cause and solution to my problem in IIS. The web app runs in IIS from within my Visual Studio Projects directory, so I configured it to use an AppPool that runs under my user account. In IIS, the Anonymous Authentication feature was configured as Specific user: IUSR. I do not know why or how. When I changed this back to Application pool identity, unauthenticated users could access static files.
+1到 Craig Stuntz 指出,通配符映射和位置元素均不是MVC和IIS 7所需.
+1 to Craig Stuntz for pointing out that wild-card mappings as well as the location elements are not needed for MVC and IIS 7.
这篇关于未经身份验证的用户无法访问ASP.NET MVC中的静态文件,无论位置元素如何的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
