My web.config looks like the following:
<system.web>
<authorization>
<deny users="?" />
</authorization>
...
<httpHandlers>
<add type="dotless.Core.LessCssHttpHandler"
validate="false" path="*.css" verb="*" />
</httpHandlers>
...
</system.web>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="App_Themes">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This only occurs when using App_Themes, and I haven't been able to
reproduce the issue outside of that scenario.
--
Thanks, Preston
HI,
The issue here is rather simple.
Since you mapped .css to be loaded through the ASP.NET pipeline authorization rules also apply here. That's why for not authorized users there is no .css file execution since it is treated like a normal request to a .aspx page.
You need to make an exception for that particular css file and everythin should be fine. I don't know the exact syntax right now, but you shoul be able to find something about authorization exceptions on MSDN.
This is not an issue for other files in App_Themes since they get served directly through IIS and not through the ASP.NET pipeline where authorization checks are performed as part of the request lifecycle.
greetings Daniel
<location path="App_Themes/MyTheme/mydotlessfile.css">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This still didn't seem to work. I believe this was the work around
you were suggesting. For the time being I have resorted to using the
dotless compiler in a prebuild event, but I would prefer to use the
http handler method if possible.
Thanks,
Preston
On Jan 29, 4:43 pm, Daniel Hölbling <tigra...@tigraine.at> wrote:
> HI,
>
> The issue here is rather simple.
> Since you mapped .css to be loaded through the ASP.NET pipeline
> authorization rules also apply here. That's why for not authorized users
> there is no .css file execution since it is treated like a normal request to
> a .aspx page.
>
> You need to make an exception for that particular css file and everythin
> should be fine. I don't know the exact syntax right now, but you shoul be
> able to find something about authorization exceptions on MSDN.
>
> This is not an issue for other files in App_Themes since they get served
> directly through IIS and not through the ASP.NET pipeline where
> authorization checks are performed as part of the request lifecycle.
>
> greetings Daniel
>