30

Requests for my css, js, image files are being served through the ASP.NET pipeline. I thought IIS by default avoided this, but I see the requests on my Application_AuthenticateRequest breakpoint and there's no need to actually authenticate those requests. I've seen conflicting approaches to change this behavior - What is the best way to do this?

kenwarner
  • 28,650
  • 28
  • 130
  • 173

4 Answers4

37

I'm taking a guess here and suspect that you have the following setting configured in your web.config file:

<modules runAllManagedModulesForAllRequests="true">

This means that every request, including those for static content is hitting the pipeline.

Change this setting to:

<modules runAllManagedModulesForAllRequests="false">

This is assuming your application is running under ASP.NET 4.0 and MVC3.

For this to work you need to install KB980368 (requires a reboot) or Windows 2008R2 SP1 (which includes this hotfix). The reason for this is explained in this excellent article:

How ASP.NET MVC Routing Works and its Impact on the Performance of Static Requests

Kev
  • 118,037
  • 53
  • 300
  • 385
  • this works, but i REALLY don't want to change that setting, as it affects other stuff. hoping for an alternative – kenwarner Feb 07 '12 at 01:01
  • 1
    @qntmfred - oh, hello again :). Any chance you could update your question and explain what you mean by *"as it affects other stuff."*? – Kev Feb 07 '12 at 01:07
  • sure, but i have to remember what it was first >. – kenwarner Feb 07 '12 at 01:44
  • I actually do this and it works perfectly, and for my custom modules i use precondition="managedHandler". – vtortola Feb 13 '12 at 16:46
  • @jackncoke - I would imagine so. I'm kinda out of the ASP.NET/MVC/IIS dev space for now so not had a chance to check. Suck it and see :) – Kev Jun 18 '14 at 11:59
  • @jackncoke - nice one, glad I could help :) – Kev Jun 18 '14 at 14:21
12

I ended up adding this to my web.config. I know all my static files will exist in these folders, so it works ok for my needs.

<location path="scripts">
    <system.web>
        <authentication mode="None" />
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="styles">
    <system.web>
        <authentication mode="None" />
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="images">
    <system.web>
        <authentication mode="None" />
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
kenwarner
  • 28,650
  • 28
  • 130
  • 173
  • Are multiple values allowed in 'path' attribute? According to the following link they aren't: http://stackoverflow.com/questions/4608764/specify-more-than-one-directory-in-web-configs-location-path-element – UserControl Feb 06 '12 at 12:05
  • 6
    this just prevent the authentication, but the static files requests are still hitting your managed modules. @Kev has the right answer. – vtortola Feb 13 '12 at 16:48
  • You can't override without changing applicationhost.config settings, did you do that? – Antony Blazer Nov 14 '12 at 14:50
1

In VS2012 /MVC3 with the Visual Studio Development Server enabled, the RAMMFAR=false has no effect. Each request for static files still hits the Application_BeginRequest event handler.

I switched over to IIS Express and saw the desired functionality.

LSU.Net
  • 829
  • 6
  • 17
0

Somewhere in either your IIS configuration, or a web.config, you have a handler mapping set up to map these files to your ASP.Net application.

Try deleting your web.config and see if you can still browse to these file types from within IIS without ASP.Net. If that fails you'll know it's your web.config - otherwise you'll have to check the IIS settings.

Step 2 - Put the web.configs back, then delete and recreate the site - same problem? It's a setting in the root of IIS which means it applies to all sites - check the handler mappings here.

BonyT
  • 10,750
  • 5
  • 31
  • 52