Question
I am preventing anonymous access to my web application using <deny users="?"/>. Since I want login page to be accessible to anonymous user I used the following rule
https://stackoverflow.com/questions/14808751
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Since this rule prevented the css to be applied to the login page I used additional rule
<location path="Style.css">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
That fixed it and now css is applied to the login page. But before applying the above additional rule I checked the source of page in browser and found that there existed an entry for <link href="Style.css" rel="stylesheet" type="text/css" /> and clicking the link, the browser did take me to my css file and displayed all the styles. So I was wondering if the page has access to the `Style.css' what exactly is preventing the browser to apply the styles to different elements.
La solution
I removed the additional tested rule again.
<location path="Style.css">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
I checked the status of the CSS file in browser as specified by @explunit in comments. The status this time is 302 found and clicking the CSS link does not display the CSS file. I think the CSS was cached by the browser thats why it displayed it for the first time.
