I have a web application using the .Net 2.0 framework. The whole website is restricted to authenticated users using Windows authentication. These rules are set in the web.config file the following way :
<location path="/">
<system.web>
<authorization>
<allow roles="CustomerAdministrator, Manager"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Path/To/Public/File.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
[...]
As shown above, I have one page that I want to be public. Up to this point, everything works fine. We recently added url rewriting for nicer urls, so I set a rewrite rule for the public page :
<RewriterConfig>
<Rules>
<RewriterRule>
<LookFor>~/Public</LookFor>
<SendTo><![CDATA[~/Path/To/Public/File.aspx]]></SendTo>
</RewriterRule>
</Rules>
</RewriterConfig>
Now, when accessing the public page by its direct url, it works as expected (no authentication required), but when I try to access the page through its rewrited url, it asks for authentication.
Does anyone know where this problem my come from ?
I actually found the problem. I am using an
URLRewriterproject some of my colleague found on the web, and the problem came from the fact that it was registering itself at theHttpApplication‘sAuthorizeRequestevent. While this works with Forms authentication, it doesn’t with Windows authentication, which I’m using.To solve the problem, I simply had to change it such that it registers to the
BeginRequestevent instead (as written in the comments… RTFM…).