Unauthenticated users can't see images in website
Solution 1
In your web.config file, after the </system.web> tag, add the following
<location path="images">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
where path="images" is the name of the folder with your images/css.
Update:
If you're using ASP.NET MVC, I would remove the authorization declaration in the web.config file and use the [Authorize] attribute on the controllers that need to be locked down.
You can also specify the roles you want to grant access to using [Authorize("admin")].
Solution 2
Just ran into the same problem. We noticed it on our Login page. The CSS and images weren't loading (they were under the content directory). Adding IUSR to the folder with Read privileges fixed it for us.
Solution 3
By default, the configuration you define in a Web.config file, applies to every subdirectory of its containing folder. If you have a Web.config in the application root, that configuration will propagate to every subdirectory, including those where you have images and Css style sheets. So, if you have in your root Web.config a rule like this one:
<system.web>
...
<authorization>
<deny users="?"/>
</authorization>
...
</system.web>
anonymous users will not be able to access the resources needed to display the page like you would expect it.
To fix it, you need to include another Web.config in every subdirectory that has presentation resources, and apply the rules you want to override. In your case, this should do the work:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
If you are using Themes, place a single Web.config file in the theme folder.
Solution 4
Old question but I came across the same problem and found the answer. I had created a new folder for the Membership pages that I wanted logged-in users to have access to, but the images wouldn't show up in them! It turns out that no matter what I tried I couldn't set a relative path to the images from within the Members folder.
The problem was the html image (as far as I could tell anyway, correct me if I'm wrong).
I swapped it out for an asp:image with a relative path and now it works great.
My new code: asp:image runat="server" id="Logo" ImageUrl="~/Images/logo.jpg"
Notice the ' ~/ ', that wouldn't work for me with
I tried: img src="../Images/logo.jpg", img src="~/Images/logo.jpg", img src="/Images/logo.jpg", etc. to no avail.
Hope this answer helps someone solve this problem more quickly in the future.
Solution 5
Try browsing the image file directly and see if that comes up for an anonymous user. In IIS 7, there is a way in which you can authorize anonymous users directly from your UI [which in turn would create the web.config if it doesn't exist].
Folder -> .NET Authorization Rules -> Add Allow Rule
Peter
Updated on August 07, 2022Comments
-
Peter almost 2 years
When I run my website through debug mode in visual studio everything looks great and all the images on the page show up fine. But once I deploy my website to an IIS7 web server (doubt that other versions would make any difference, but you never know) then users can't see the images on the site until they log in.
The website is an asp.net MVC site and I'm new to MVC, though I do have lots of experience with asp.net forms. It seems that only authenticated users are allowed to access the images folder, and there is an authorization section in my web.config saying that only admins can access the site, so how do I make it so that all users, authenticated or otherwise can view the images?
-- Update --
I tried putting in the configuration block suggested, which from everything I can tell makes perfect sense, but it didn't seem to make a difference. The sample below has Content/Images for the path but before that I tried just Content, since it's OK for everything in there to be accessible. I also tried setting the allowOverride setting to false, which also didn't seem to make a difference.
<location path="Content/Images"> <system.web> <authorization> <allow users ="*" /> </authorization> </system.web> </location>--Update 2-- Funny thing is that I don't even see any explicit deny entries in my web.config, just an allow for admin's, and when I went into IIS 7 and used the UI to allow all users access to the Content directory it didn't show any deny's on the list either. But then again, this project works fine when I just debug it from my personal computer, it's only after I deploy it that I have problems...
<authorization> <allow roles="admin" /> </authorization> <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> -
Peter over 13 yearsI tried your suggestion, which makes perfect sense, but didn't have any luck. Please see my update in my edited posting.
-
Peter over 13 yearsI tried doing this by hand a while ago without success, but just to make sure it wasn't just me doing something wrong I did try using the UI to make it, and it did make a web.config file in the sub directory, but the results were the same and I still get prompted to login before I can access anything in my Content directory.
-
Rahul Soni over 13 yearsWhat is the code in IIS Logs? Try getting Failed Request Tracing logs and check if you get any lead. Also, let me know what happens if you create a simple htm file and try to browse it directly from the UI using right click browse? Does the htm work if you try it directly?
-
Rahul Soni over 13 yearsOne more thing... if all the previous steps fail, try creating a new test file called security.aspx, and follow this post for code. Share the output with me [or analyze it yourself] to find which user is currently active for accessing your content. dotnetscraps.com/dotnetscraps/post/…
-
Peter over 13 years#2 - So I tried your suggestion to use an Authorize attribute, and it does work as far as only allowing authorized users to access those pages; I also removed the authorization entry from web.config... but nothing has changed and users STILL can't access images without logging in. It's confusing, I can't figure out what's blocking it.
-
Omar over 13 years@Patricker, are you using aBaseControllerthat all controllers inherit from and is there an[Authorize]attribute on it? -
Matt Roy about 8 yearsWow! Thanks a lot. I had this issue in local debugging only for years! It was OK on publish server though. Now it's ok in both situations.
