ASP.NET authentication with IIS7 integrated roles for static content

Try adding the <system.webServer> <modules>following to the block :

<configuration>
  <system.webServer>
    <modules>
      <remove name="FormsAuthentication" />
      <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
      <remove name="UrlAuthorization" />
      <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
      <remove name="DefaultAuthentication" />
      <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
      <remove name="RoleManager" />
      <add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
    </modules>
  </system.webServer>
</configuration>

The bit RoleManageris the key, and it is not included in any of the online examples I could find. Without this, user role membership is not initialized for static content, so role-based authorization always fails.

(Disclaimer: I put this together on my own, based on my limited understanding of IIS, but it seems to work.)

( ): , , RoleManager . IIS , c:\Windows\System32\inetsrv\config\applicationHost.config ( , Windows Vista), ( managedHandler , RoleManager ), MSDN RoleManagerModule System.Web.Security, , .