1

Here's my scenario:

  • Using SQL Server sessions (due to web farm)
  • customErrors is On using redirect
  • There is a membership provider that uses sessions to store user information
  • In web.config, there are <location> sections that <allow users="*">. This is used for static content (e.g. images)

Whenever I try to access the error page or even static content, the session tries to start up (probably due to membership provider). If the SQL Server is down, that throws an exception.

Is there any way to prevent the membership provider and/or sessions from trying to initialize when I'm accessing certain folders (i.e. static content)?

Nelson Rothermel
  • 9,436
  • 8
  • 62
  • 81
  • Update: I took out all the membership provider sections and I still get a session Exception when trying to access static content: `System.Web.HttpException: Unable to connect to SQL Server session database.` Can I stop the session from trying to start for static content and only do so for aspx/ashx/whatever pages? – Nelson Rothermel Sep 17 '10 at 14:27
  • I deleted my answer below because it seems you can't change authentication mode per directory. – Matti Virkkunen Sep 17 '10 at 15:13
  • @Matti - That would have been ideal. Also, I remember reading that static content goes through the ASP.NET pipeline, which is why authentication can be done per directory. However, this site says it doesn't: http://msdn.microsoft.com/en-us/library/ms178473.aspx. Did that change in IIS 7? Does the ASP.NET development server send everything through the pipeline? Why does getting static content try to start an ASP.NET session; is that not considered part of the pipeline? – Nelson Rothermel Sep 17 '10 at 15:20

1 Answers1

0

It turns out most of my problem is because of differences between IIS6, IIS7, and the development server:

http://www.asp.net/hosting/tutorials/core-differences-between-iis-and-the-asp-net-development-server-cs

In IIS 6, ASP.NET only runs for extensions that are configured under Site properties > Virtual Directory > Configuration > Mappings > Application extensions. For example, .aspx points to aspnet_isapi.dll. Static content will not go through the ASP.NET by default.

In IIS 7, it's similar (under Handler Mappings), however thanks to the new integrated pipeline, in the web.config you can also have static content check for authentication. See Performing Forms-Based Authentication and URL Authentication on Static Files with IIS 7 in the URL above.

Also based on the above URL, in the ASP.NET Development Server (based on Cassini):

Every request that comes into the ASP.NET Development Server, whether for an ASP.NET page, an image, or a JavaScript file, is processed by the ASP.NET runtime.

Nelson Rothermel
  • 9,436
  • 8
  • 62
  • 81