2

I am preventing anonymous access to my web application using <deny users="?"/>. Since I want login page to be accessible to anonymous user I used the following rule

 <location path="Login.aspx">
 <system.web>
  <authorization>
    <allow users="?"/>
  </authorization>
 </system.web>
</location>

Since this rule prevented the css to be applied to the login page I used additional rule

<location path="Style.css">
<system.web>
  <authorization>
    <allow users="?"/>
  </authorization>
</system.web>

That fixed it and now css is applied to the login page. But before applying the above additional rule I checked the source of page in browser and found that there existed an entry for <link href="Style.css" rel="stylesheet" type="text/css" /> and clicking the link, the browser did take me to my css file and displayed all the styles. So I was wondering if the page has access to the `Style.css' what exactly is preventing the browser to apply the styles to different elements.

Improve this question
10
  • actually <allow users="?"/> is not preventing anonymous access to your site it only allow all authenticated users. This line <deny users="?" /> is the one that prevent anonymous users. try adding it after <allow users="?"/>. Commented Feb 11, 2013 at 9:11
  • sorry didn't get you. Did I say <allow users="?"> prevents anybody?? I am already preventing users by using <deny users="?"> the <allow users="?"> is only used for login page Commented Feb 11, 2013 at 9:17
  • hahah.. sorry my bad I haven't seen your <deny users="?"/> in your first sentence.. XD Commented Feb 11, 2013 at 9:20
  • :) I am only curious about the css. If the browser knows where it is and can read it. What is preventing it from applying the css to the page? Commented Feb 11, 2013 at 9:22
  • 1
    What version of ASP.NET and IIS? Is this behavior repeatable if you remove the rule again? If you load the page in Chrome with the developer tools enable and look at the network tab, what does it show for the CSS file? Commented Feb 15, 2013 at 12:57

1 Answer 1

Reset to default
1

I removed the additional tested rule again.

<location path="Style.css">
 <system.web>
  <authorization>
    <allow users="?"/>
 </authorization>
</system.web>

I checked the status of the CSS file in browser as specified by @explunit in comments. The status this time is 302 found and clicking the CSS link does not display the CSS file. I think the CSS was cached by the browser thats why it displayed it for the first time.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.