My ASP.NET MVC2 application with Forms Authentication is blocking access even to Images, Styles and Scripts

Question

I'm developing a MVC2 application and using Forms Authentication on it.

The scripts, images and styles are all blocked to unlogged users and, consequently, the login page looks awful.

It works well local, the problem is when I publish to the server.

Does anyone has any idea WHY????

PS: The server IIS is version 7.5

My Web.config:

<configuration>
  <system.web>
    <globalization culture="pt-BR" uiCulture="pt-BR" />
    <httpRuntime requestValidationMode="2.0"/>
    <customErrors mode="Off" />
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>

    <pages>
      <namespaces>
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="Admin.Models" />
      </namespaces>
    </pages>

    <authentication mode="Forms">
      <forms name="AGAuth" loginUrl="~/Home/Login" timeout="120" />
    </authentication>
  </system.web>

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>

  <connectionStrings>
      <add name="DBContainer" connectionString="metadata=res://*/Database.DB.csdl|res://*/Database.DB.ssdl|res://*/Database.DB.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=thewebserver.com,5158;Initial Catalog=thedatabase;Persist Security Info=True;User ID=theuser;Password=thepassword;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>

</configuration>

Answer 1

Add a web.config to the scripts, images and styles folders telling asp.net to allow access to all users (make sure you you don't have anything in there that you don't want anonymous users to have access to):

<configuration>
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
</configuration>

As for the reason, the following is telling IIS to let asp.net process all the requests:

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>