CSS not being applied on non authenticated ASP.NET page

Question

When developing (works fine live) the pages for our website don't pick up the correct CSS until the user has authenticated (logged on).

So the Logon and Logoff forms look bad, but once inside the site, the CSS works again.

I'm guessing it's some kind of authentication issue? Haven't really looked into it too much because it's only when working on dev so not a huge issue, but would be nice to know how to fix it.

Answer 1

To allow an unauthenticated user to see your .css files (or any other file/directory) you can add a location element to your web.config file pointing to the .css file.

<configuration>
   <system.web>
      // system.web configuration settings.
   </system.web>
   <location path="App_Themes/Default/YourFile.css">
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
   </location>
</configuration>

Answer 2

Check and make sure that the CSS file itself is not in an area that you are securing. You can manually exclude the file via the web.config if needed.

Answer 3

I just ran into this problem myself and manually adding the location made no difference. I found that I had given the IIS_IUSRS access to the folders so my application pool had no problem accessing the files but IIS was using the IUSR account for anonymous access.

To fix it, I opened IIS Manager -> IIS: Authentication -> Select 'Anonymous Authentication' -> Click Actions: Edit.. (or right click) -> Select 'Application pool identity'

Now anonymous access attempts use the IIS_IUSRS which have the correct file permissions.