R – IIS7 Integrated Mode – Bypass Forms Auth for static files

asp.netasp.net-mvcforms-authenticationiis-7

I have a ASP.NET MVC app on IIS7 using Forms Authentication in Integrated Mode. I am noticing that the ASP.NET runtime is being hit for every request that comes in even if it is only for static files (probably because of Integrated Mode). Is there a way to configure IIS7 to serve up static files without hitting ASP.NET?

I've been thinking that the only way around this is to create a separate virtual directory just for static files — a mini-CDN, if you will.

Any other ideas?

Best Answer

To avoid having your HttpModule called for static files, configure it in web.config to use preCondition="managedHandler".

In case it helps, event handlers in Global.asax are not called for static files.

Also, be aware that all HttpModules are called for all files when you're testing with Cassini.

Related Solutions

Asp.net-mvc – the difference between ‘classic’ and ‘integrated’ pipeline mode in IIS7

Classic mode (the only mode in IIS6 and below) is a mode where IIS only works with ISAPI extensions and ISAPI filters directly. In fact, in this mode, ASP.NET is just an ISAPI extension (aspnet_isapi.dll) and an ISAPI filter (aspnet_filter.dll). IIS just treats ASP.NET as an external plugin implemented in ISAPI and works with it like a black box (and only when it's needs to give out the request to ASP.NET). In this mode, ASP.NET is not much different from PHP or other technologies for IIS.

Integrated mode, on the other hand, is a new mode in IIS7 where IIS pipeline is tightly integrated (i.e. is just the same) as ASP.NET request pipeline. ASP.NET can see every request it wants to and manipulate things along the way. ASP.NET is no longer treated as an external plugin. It's completely blended and integrated in IIS. In this mode, ASP.NET HttpModules basically have nearly as much power as an ISAPI filter would have had and ASP.NET HttpHandlers can have nearly equivalent capability as an ISAPI extension could have. In this mode, ASP.NET is basically a part of IIS.

Asp.net mvc does it handle all requests? – iis 7 integrated mode

By default, ASP.NET MVC will handle all requests, since the routing is designed to handle any paths. You could specifically exclude certain paths by using the IgnoreRoute method, like this (in Global.asax):

public static void RegisterRoutes(RouteCollection routes)
{
    // This is already added by MVC
    routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

    // Ignore any htm files
    routes.IgnoreRoute("{filename}.htm");

    // Other routes
    // ...
}

I suspect this will still result in requests going through ASP.NET (though I suspect they'll "fall through" quite quickly). If this is a problem, you could try changing the web.config settings to not pass the requests to ASP.NET at all:

<modules runAllManagedModulesForAllRequests="false" />

However you'll need to set up exactly which requests you want to go through ASP.NET.

Best Answer

Related Solutions

Asp.net-mvc – the difference between ‘classic’ and ‘integrated’ pipeline mode in IIS7

Asp.net mvc does it handle all requests? – iis 7 integrated mode

Related Topic