I was working on a project with a team and I noticed that the CSS and image assets were missing when I was not logged in. As soon as I logged in they appeared. Using the developer tools (F12 in browser) I could see that the server was returning a 403 (not authorized) for my style style sheets and images.
Day one: I setup a locations section in the web.config that granted the anonymous user access to the assets directory and files. Now I should have known what was going on when that didn’t work; I would have known if I had gone and looked at the logs or…. or… or… but no I was on a 14 hour coding spree, the caffeine had long since run out and I should have just gone to bed. So I spun my wheels until I finally crashed leaving debugging and logging code scattered throughout.
Day two: I removed the excessive debugging and logging code that didn’t tell me anything that I didn’t already know. I hung my head and sighed. You see, The teams “project guide” had us configure the app pool in IIS to use a specific user account and a website path outside of the inetpub directory. The user had full access to the sites directory and worked just fine. BUT IIS doesn’t just take the app pools account and use it.
Anonymous user of doom why doth thou vex me so…
The team said “oh just give everyone full control to the directory and it’ll be fine”. I declined and found a more secure solution.
In the Internet Information Services (IIS) Manager when you select a site there is a feature called “Authentication”. There are several options within the feature… including “Anonymous Authentication”. If you edit that, you may find that it defaults to “Specific user: IUSR”. There is also an option to use the “application pool identity” or to set which user account it will use. That’s right, IIS was using an account for Anonymous Users that didn’t have access to the local physical path we were using for the site. The other team members had run into the problem and solved it by granting “everyone” full control. I updated the “project guide”, sent an email that suggested everyone update their configuration and went back to work on the project.
So when your CSS (or content) appears when you are logged in and disappears when you log off. Don’t forget to check your IIS anonymous authentication settings.
Friend: “Jeff, why is being a software developer and writing code hard?”
Jeff: “It’s not. Your configuration is wrong.”
Friend: “Thanks Jeff.”
Jeff: “Anytime.”
If only all the bugs were just configuration.