http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspxWhen using the IIS 7.0 Integrated pipeline, you gain access to a ton of cool scenarios where IIS and ASP.NET features work together to provide value for your application &ndash; regardless of the application content. Most of these features involve usingenCommunityServer 2.1 (Build: 60809.935)http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx#13812Thu, 21 May 2009 03:43:59 GMT2a6bde73-c016-462e-9ed7-d47dc91b6e81:13812MVolo's Blog<p>When using the IIS 7.0 Integrated pipeline, you gain access to a ton of cool scenarios where IIS and</p> http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx#13937Sat, 08 Aug 2009 17:21:19 GMT2a6bde73-c016-462e-9ed7-d47dc91b6e81:13937NewsPeeps<p>Thank you for submitting this cool story - Trackback from NewsPeeps</p> http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx#13966Tue, 22 Sep 2009 19:51:17 GMT2a6bde73-c016-462e-9ed7-d47dc91b6e81:13966TobyThis may seem silly, but when I use UrlAuthorization in IIS 7 integrated pipeline, my rules are interpretted correctly for .aspx pages, but not for static files. For instance, I have a directory /admin which contains a default.aspx and a jscript.js file. If I put an I need to log in to see both default.aspx and jscript.js. If I put though, or , all accounts are denied access to the jscript.js file, but default.aspx is still accessible. It makes me think there is a disconnect between the ASP.NET SqlRoleProvider and the UrlAuthorization client in IIS7. Have you come across anything like this? Unfortunately, MSDN has a pitiful amount of information on this. Is there anywhere else I should look?http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx#13968Sun, 27 Sep 2009 02:31:51 GMT2a6bde73-c016-462e-9ed7-d47dc91b6e81:13968Mike Volodarsky<p>Toby,</p> <p>Be sure that Forms Authentication (if thats what you are using for authentication) is running for non-asp.net content types.</p> <p>To do this, you can set &lt;system.webServer&gt;&lt;modules runAllManagedModesForAllRequests=&quot;true&quot; /&gt;, or remove the forms authentication module and re-add it to clear its precondition.</p> <p>You should also get a FRT trace of the failed requests to diagnose the exact issue further if the above doesnt help. See <a rel="nofollow" target="_new" href="http://learn.iis.net/page.aspx/266/troubleshooting-failed-requests-using-tracing-in-iis-70/">http://learn.iis.net/page.aspx/266/troubleshooting-failed-requests-using-tracing-in-iis-70/</a>.</p> <p>Thanks,</p> <p>Mike</p> http://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx#14055Tue, 08 Dec 2009 22:55:24 GMT2a6bde73-c016-462e-9ed7-d47dc91b6e81:14055Gregory SuvalianCan not enable roles based ACL for static content. Works only with <deny users="?">, putting "<deny users="*"> and <allow roles= will not allow application to server static content. FRQ is here http://dl.dropbox.com/u/7307/Desktop.ziphttp://mvolo.com/blogs/serverside/archive/2009/05/11/Workaround-for-using-IIS-7-url-authorization-with-ASP.NET-roles.aspx#14104Mon, 22 Feb 2010 16:13:29 GMT2a6bde73-c016-462e-9ed7-d47dc91b6e81:14104RebeccaMike, It seems I am running into a very similar issue with a custom Role Provider. The GetRolesForUser method consistantly brings down the w3wp process when trying to instantiate a new PrinicpleContext object. Any suggestions?