Prevent IIS from serving static files through ASP.NET pipeline

Question

Requests for my css, js, image files are being served through the ASP.NET pipeline. I thought IIS by default avoided this, but I see the requests on my Application_AuthenticateRequest breakpoint and there's no need to actually authenticate those requests. I've seen conflicting approaches to change this behavior - What is the best way to do this?

Answer 1

I'm taking a guess here and suspect that you have the following setting configured in your web.config file:

<modules runAllManagedModulesForAllRequests="true">

This means that every request, including those for static content is hitting the pipeline.

Change this setting to:

<modules runAllManagedModulesForAllRequests="false">

This is assuming your application is running under ASP.NET 4.0 and MVC3.

For this to work you need to install KB980368 (requires a reboot) or Windows 2008R2 SP1 (which includes this hotfix). The reason for this is explained in this excellent article:

How ASP.NET MVC Routing Works and its Impact on the Performance of Static Requests

Answer 2

I ended up adding this to my web.config. I know all my static files will exist in these folders, so it works ok for my needs.

<location path="scripts">
    <system.web>
        <authentication mode="None" />
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="styles">
    <system.web>
        <authentication mode="None" />
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="images">
    <system.web>
        <authentication mode="None" />
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>