I recently discovered that our IIS 7 server would not serve requests made for MDB files. It would instead serve a 404 error message. Having had a similar experience with IIS 6, I immediately went to check if there was a Mime Type added for MDB files. To my surprise there was. I did some research and some reading and couldn't find any reason why IIS would refuse to serve the file. I eventually turned on custom errors for the site having the trouble and was given a more specific 404 error message: a 404.7.

I read the "things you can try" section of the error message, which led me to the applicationhost.config file (located at C:\Windows\System32\inetsrv\config\). I opened it and did a find for .mdb. I found it under the RequestFiltering section of the config document. It was explicitly added with the attribute "allowed" set to "false". Now, just verify that this was indeed the problem I deleted the entire line from the applicationhost.config and saved it. Immediately IIS started serving the MDB files.

Now, the problem with doing this in the applicationhost.config file is that it will allow MDB files to be served on ALL websites unless the website explicitly denies it. This isn't what we want because it's not exactly secure, it's just needed for this particular client. The solution was to create a web.config file in the root of the website. I did this and configured it like so:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <security>
      <requestFiltering>
        <fileExtensions allowUnlisted="true" >
          <remove fileExtension=".mdb" />
          <add fileExtension=".mdb" allowed="true"/>
        </fileExtensions>
      </requestFiltering>
    </security>
  </system.webServer>
</configuration>

This tells IIS to allow MDB files to be requested. You MUST include the <remove> tag otherwise you will get an error because the MDB extension has already been explicitly denied. By removing it you can then add it and explicitly allow it.