2

Ok... I don't get it. I just secured my asp.net mvc 3 app ( razor views ) with following code block in the web.config.

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

<authorization>
  <deny users="?"/>
</authorization>

But when I do this, the Login page doesn't have the normal style anymore... it's just plain HTML without any css mockup. So what do I have to 'allow' in the web.config?

Improve this question

2 Answers 2

Reset to default
7

You have to allow scripts, styles ect

<location path="Styles">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="Scripts">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="js">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="Images">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Works now, only had to change the Styles to Content :)
1

Since you are denying access to anonymous users, it will no longer allow access to the folder containing your css file.

Add this in, where "Style" is the folder name containing your css file:

<location path="Style">
  <system.web>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.