We have a site using Forms authentication with Anonymous authentication enabled in IIS7.
However, with above setting, everyone can access static files in this site such as CSS, JavaScript and Html.
If I disable anonymous authentication, users can't access login page since they aren't login yet.
From my understanding, Forms authentication needs to work with Anonymous authentication enabled.
So how can I secured all resource files ?
Thanks !