Deny access to unauthorized user in ASP.NET 4.5 WebApp cause JavaScript error on Login form

Question

When I add following code in web.config to prevent unauthorized user to access ASP.NET WebApp

<authorization>
      <deny users="?"/>
      <allow users="*"/>
</authorization>

I get following error when loading Login.aspx form

In Internet Explorer 11

JavaScript critical error at line 2, column 1 in http://localhost:2968/Account/Login.aspx?ReturnUrl=/bundles/WebFormsJs?v=q9E9g87bUDaS624mcBuZsBaM8xn2E5zd-f4FCdIk2cA1&v=q9E9g87bUDaS624mcBuZsBaM8xn2E5zd-f4FCdIk2cA1

SCRIPT1002: Syntax error

And in Google Chrome

Uncaught SyntaxError: Unexpected token < http://localhost:2968/Account/Login.aspx?ReturnUrl=%2fbundles%2fWebFormsJs%3fv%3dq9E9g87bUDaS624mcBuZsBaM8xn2E5zd-f4FCdIk2cA1&v=q9E9g87bUDaS624mcBuZsBaM8xn2E5zd-f4FCdIk2cA1

Answer 1

You need to add location directives also to allow access to your Scripts and Content folder (JS and CSS) for unauthorized users:

<location path="Content">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="Scripts">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

Also, as you're using bundles, add the bundles folder too:

<location path="Bundles">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>