We have an MVC5 application that uses ADFS 3.0 to authenticate users. The application is hosted on IIS8 using an integrated pipeline application pool running as the ApplicationPoolIdentity.
Whenever I disable Anonymous authentication on the site, my static css and image files return a Http 401 unauthorized error. I have given the application pool identity read/execute access to the NTFS directory where the files are stored. (for testing, I also ensured that IUSR and IIS_IUSRS also have read/execute permissions.)
I don't want unauthorized users to have direct access to these static files, and I don't want to have to enable the module setting to run all code as managed because there are certain folders in the site that should have anonymous access.
How can I disable anonymous access to these static files and avoid the 401 unauthorized error? Thanks in advance.
答案 0 :(得分:0)
我最终在IIS中删除并重新创建了网站,问题就消失了。