Search code examples
asp.netweb-configauthorizationstylesheet

styleSheetTheme attribute ignored

I am developing an ASP .Net website.
I have created 2 ASPX pages and 1 master page.
My 2 ASPX pages are content pages associated to the master page.
My 2 ASPX pages are : MainMenu.aspx and Authentication.aspx.
Authentication.aspx is my login page.

I have created a theme for my website.
My theme is made up of a CSS file.
I have added the following element in my web.config file to automatically import my CSS file :

<pages styleSheetTheme="Default" />

My CSS file was correctly imported until I configure authorization in my web.config file as follows :

<configuration>
    <system.web>

        ...

        <pages styleSheetTheme="Default" />

        <authentication mode="Forms">
          <forms loginUrl="~/Authentication.aspx" defaultUrl="~/MainMenu.aspx">
          </forms>
        </authentication>

        <authorization>
          <deny users="?" />
        </authorization>
    </system.web>

  <location path="~/Authentication.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>
</configuration>

The purposes of my authorization configuration are :

  • Allow any users to access to my login page - Authentication.aspx
  • Allow only authenticated users to access to pages other than my login page

If I comment the authentication, authorization and location elements then my CSS file is correctly imported again.

What is wrong with my authorization configuration ?

Solution

  • Someone has explained me the reason of my problem:

    1. A request was sent to the server when loading the authentication page.
    2. The request aimed the CSS file.
    3. But the CSS file was located in a folder restricted to unauthenticated users.

    Therefore the request failed.

    How I have solved my problem:

    • I have put all the restricted files into a common folder.
    • I have created a web.config file into the folder to allow access only to authenticated users.
    • I have removed authorization and location elements from my website root web.config file.