I've protected a directory on my asp.net website (using location deny properties in web.config).
It works fine when i try to call an aspx page in this directory (refused). But if i try to call a static file (ex: logo.gif), i get this exception "Session State can be used only when enableSessionState set true".
I don't understand the relationship between a gif file and a directory protection.
Has anyone already solved this problem?
Updated: I'm using a cms system (DotNetNuke). The cms is attached with a URL Rewriting Module (iFinity URL Master).
<!-- Forms or Windows authentication -->
<authentication mode="Forms">
<forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
<!-- ... -->
<location path="Install">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
Thanks you.