Customers have asked me many times if it is possible to use managed modules for unmanaged resources as well. The answer is "yes". And its very simple and easy to do in IIS 7.
All we need to do is to uncheck "Invoke only for requests to ASP.NET applications or managed handlers" option for the handler. You will notice that this will remove(rather set it to blank) "managedHandler" precondition from the module in applicationhost.config.
While doing this step on IIS 7.5, you will get a friendly warning message:
The specified type cannot be found among the referenced assemblies for this application. Make sure that the assembly is added to the list of assemblies in the system.web/compilation section of the web.config of this application. Do you still want to continue?
You can say "Yes" and ignore this warning. Will cover the reason behind this warning message on a separate thread.
You can also use a shortcut to enable all managed modules to run for all requests in your application, regardless of the "managedHandler" precondition. To enable all managed modules to run for all requests without configuring each module entry to remove the "managedHandler" precondition, use the runAllManagedModulesForAllRequests property in the <modules> section:
<modules runAllManagedModulesForAllRequests="true" />
When you use this property, the "managedHandler" precondition has no effect and all managed modules run for all requests.
Recently I also worked on an issue which is kind-of related to this. So I would like to share it as well:
We have developed a web application hosted on IIS 7 server and is using integrated pipeline mode forms authentication module. This works correctly for all managed files\extensions but fails for unmanaged resources i.e. .doc\.jpg, etc
The reason behind this was, we were using URLAuthorization module along with FormsAuthentication module in our web application. Since we had not enabled URLAuthorization module for unmanaged resources, the authentication mechanism was not working for these resources.
The issue was resolved after we enabled both FormsAuthentication module and URLAuthorization module for unmanaged resources.
<remove name="UrlAuthorization" />
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="" />