I am trying to ensure that any request, for any URL invokes the Forms Authentication module, and redirects to the login page. This currently works for any controller with the authorize attribute, but doesn't work for things such as /Content/site.css or any other /[Page]
I followed the instructions here, without any success.
The summary is, that based on everything I've sough after online, I end up at needing to remove the "managedHandler" preCondition from the "FormsAuthentication" module entry under the "modules" element in the Web.config. I remove it (and several other modules just for testing, to no avail). Also I do not use the "Authorize" element in Web.config because that is not best practice for MVC application, so I am not looking into authorizing or not authorizing specific file paths.
<modules>
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules> Any thoughts?
Thank You.
First of all you can register
Autorizeas global filter this way authentication and authorization will be required for all the actions in your application (useAllowAnonymousattribute on actions that you want to be available for non authorized users) :As far as I know, you don't need to modify anything in
modulesconfig for this issueNow regarding the static content:
You can try to use location settings for the folders that hold static files:
P.S you will have to extract all public static content (public css files and scripts) to some other folder because Content and Scripts will require authentication.