asp.net - Why does Forms Authentication not prevent css from loading in production? -
i found few different question here explain how create sure css loads without user beingness logged in: css not beingness applied on non authenticated asp.net page.
why problem happen in development environment, , not in production? if problem web.config says non-authenticated users cannot access css files, why work fine in production? seems in web.config should prevent access in both production , development.
the reply simple.
in dev environment asp.net engine serves content, static , dynamic. thus, authorization rules apply both.
in prod, iis routes dynamic requests asp.net page handler requests static content handled iis. thus, authorization not apply asp.net not involved in requests jpgs, csses , other static assets.
if want uniform semantics between environments, you'd have turn on running managed modules requests, setting of asp.net web application. routes requests via asp.net causes engine apply modules (including url authorization module) requests.
asp.net .net forms-authentication
No comments:
Post a Comment