ASP.NET Forms Authentication strange behaviors

After I got ASP.NET Forms Authentication up and running on the web application I'm developing, I started having a few problems -- it took me awhile to figure out that they were caused by having Forms Authentication enabled.

The first issue I had was that the site would redirect to login.aspx like it was supposed to, but the login.aspx page would be missing all of the style information from our CSS style sheet. I looked in the Firefox error console (Firefox Web Developer Extension ) and noticed an entry about the site being unable to grab the style sheet because it was the wrong MIME type: it was text/html, when it expected CSS files to be text/css. After banging my head against the MIME type error message for awhile, I had the idea that maybe the type was text/html because it was getting a 404 response when asking for the style sheet. Sure enough, it wasn't too long then before I figured out that Forms Authentication and my Web.config settings were preventing unauthorized users from grabbing my style sheet. Solution - made a second Web.config and placed it in my App_Themes directory where my style sheet lives.

<system.web>
<authorization>
<allow users="*">
</allow>
</authorization>
</system.web>

The solution to my next problem was now pretty obvious. Any javascript file I embedded in my login.aspx page would return a syntax error on line 2 or line 3. It even did this if the .js file was completely empty! I quickly realized it was the same problem, just a very different symptom. Soulution - place another Web.config in your "scripts" directory, or make a "public_scripts" directory if you need to protect some scripts from unauthorized users and place your Web.config there.