Issue with App_Themes and dotLess handler
preston
currently using dotless in a .Net environment, but I am using it in
conjunction with ASP .Net Themes. I used a technique proposed in
another discussion in this group where I leave the dotless file
extension as *.css and then reference the path in the http handler as
*.css. This allows the App_Theme to still link my original css files
with dotless variables into my master page. This actually works
really well, plus it allows my original .css files to be viewed with
the correct document outline in Visual Studio. The problem that I am
running into is with Authorization. If my internet cache has been
cleared, the first time I go to the login page, dotless has not
performed the translation on my css file yet. But, if I refresh the
page, or I login, everything works. It looks like the translated css
file does get cached, because once it works the first time, then it
always works, until the cache gets cleared again of course.
My web.config looks like the following:
<system.web>
<authorization>
<deny users="?" />
</authorization>
...
<httpHandlers>
<add type="dotless.Core.LessCssHttpHandler"
validate="false" path="*.css" verb="*" />
</httpHandlers>
...
</system.web>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="App_Themes">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This only occurs when using App_Themes, and I haven't been able to
reproduce the issue outside of that scenario.
--
Thanks, Preston
Daniel Hölbling
HI,
The issue here is rather simple.
Since you mapped .css to be loaded through the ASP.NET pipeline authorization rules also apply here. That's why for not authorized users there is no .css file execution since it is treated like a normal request to a .aspx page.
You need to make an exception for that particular css file and everythin should be fine. I don't know the exact syntax right now, but you shoul be able to find something about authorization exceptions on MSDN.
This is not an issue for other files in App_Themes since they get served directly through IIS and not through the ASP.NET pipeline where authorization checks are performed as part of the request lifecycle.
greetings Daniel
preston
Sorry for the late feedback. I did try and update the
web.config with some location authorization exceptions, such as the
following:
<location path="App_Themes/MyTheme/mydotlessfile.css">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This still didn't seem to work. I believe this was the work around
you were suggesting. For the time being I have resorted to using the
dotless compiler in a prebuild event, but I would prefer to use the
http handler method if possible.
Thanks,
Preston
On Jan 29, 4:43 pm, Daniel Hölbling <tigra...@tigraine.at> wrote:
> HI,
>
> The issue here is rather simple.
> Since you mapped .css to be loaded through the ASP.NET pipeline
> authorization rules also apply here. That's why for not authorized users
> there is no .css file execution since it is treated like a normal request to
> a .aspx page.
>
> You need to make an exception for that particular css file and everythin
> should be fine. I don't know the exact syntax right now, but you shoul be
> able to find something about authorization exceptions on MSDN.
>
> This is not an issue for other files in App_Themes since they get served
> directly through IIS and not through the ASP.NET pipeline where
> authorization checks are performed as part of the request lifecycle.
>
> greetings Daniel
>