Why would it increase performance to disable authentication for them ? Because when using windows authentication, the browser sends a request as an anonymous user, the server replies that 401 (not allowed) and then, and only then, the browser sends a request as "you", and now you can get the file. It then means 2 request/response pairs for a single file. It make sense for pages, but not for style and scripts. IMHO, the best way is to put non sentive files in a folder. Typically, you should use the Themes functionality (even if you would have only one theme).
Now let's come to the practical point of view and allow non sensitive files to be access anonymously. For each folder with non sensitive data, you should add a web.config file like the following :
<?xml version="1.0"?> <configuration> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </configuration>
It is now better but not enough. Indeed, there is also this script resources loaded by the ScriptManager. Since we cannot easily redirect the path to ScriptResource.axd and WebResource.axd, we have to change the root web.config file by adding the followings in the root configuration element :
<location path="WebResource.axd"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <location path="ScriptResource.axd"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location>
Hope you liked the tip. See ya
I was actually thinking about an intranet which needs authentication from the very first page. For example, I am making an intranet portal for a client, and I need to know who this person is to give him/her his/her own information. So I have no other way to make it specific to axd handlers... or I don't know it. ;)
Comments are closed for this post.