Forms Authentication and ASP.NET Development Server
If you are using forms authentication while developing with ASP.NET Development Server and you have some static elements to show on the login form (I’m sure you have) you will have a problem with standard configuration. Before the user is authenticated by ASP.NET, he will not see the images and the css will not by loaded. Well its not a big deal because the same website deployed on the IIS will behaves correctly. But if you are perfectionist like me it will by annoying to see something like this:
It’s way better to see something like this:
Here’s the reason why this happens. By default passes IIS all the static data (images, style sheets, java script files, and so on) directly to the client. This elements never reach the ASP.NET only the files with extension aspx, ascx, and so on are interpreted by ASP.NET framework. Only this elements are secured with .NET security systems. You can off course change it by redirecting a given file extension to a given ISAPI extension, but that’s not the point. The ASP.NET Development Server passes always all the elements through ASP.NET and its security systems. So if you are using forms authentication and you are not eat authenticated you wan’t by able to see the static content. There is a workaround. you have to temporarily grant all access in you web.config to your css and gfx directory like this:
<system.web>
<authorization>
<allow users=”*”/>
</authorization>
</system.web>
Voila! Now your login site looks normal while developed. What a relief!