The Extensionless URL feature introduced in Windows 7 Service Pack 1 interferes with the way ASP.NET parses URLs that would normally be handled by the Default Document setting. This leads to anonymous access failing for certain URLs, causing the user to be redirected to the Forms Authentication login page to reauthenticate.
<remove name="ExtensionlessUrl-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrl-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrl-Integrated-4.0" />
<validation validateIntegratedModeConfiguration="false" />
<location path="Default.aspx" >
<allow users="*" />
This approach works because of the Default Document feature of IIS. Default document handling transparently maps requests to paths like “/” or www.contoso.com to “/default.aspx” or www.contoso.com/default.aspx. Once this mapping occurs ASP.NET will see a request to default.aspx, associates that request with the <location /> tag that grants anonymous access, and the request is allowed to proceed.
However when ASP.NET 4 is used on Windows 7 SP1, the Extensionless URL feature will cause requests to URLs like “/” or www.contoso.com to be seen by ASP.NET in their un-mapped form. This means, for example, that ASP.NET does not see a request for default.aspx when the initial request came in for "/". As a result the <location /> tag granting anonymous access to default.aspx is never read, and the request is denied access. Users may see behavior where requests to “/” will redirect them to the Forms Authentication login page, while requests explicitly made to “/default.aspx” will be allowed.
Raksta ID: 2526854. Pēdējo reizi pārskatīts: 2011. gada 23. marts. Pārskatījums: 1