I’m creating a gateway app which will control access to various other apps (tools).

On visiting the site the user is identified and a list of tools they have access to is displayed. Clicking the link takes the user to the tool. The URL is affixed with a token as a querystring. The token is encrypted.

On arriving at the tool site the system checks to see if there is a querystring with a token. It checks to see if the token is valid (the date is part of the encryption). If OK then the token is also saved as cookie which is valid for 8h and access is granted.

If the user hits the Tool site directly from a bookmark the system once again checks to see if there is a token and that it is valid. If no token is passed as a querystring then the system will see if it still has a valid cookie. If there is no valid token or cookie the site invokes a response.redirect to the gateway together with two querystrings t and r. t is the tool’s numeric ID and r is the Tools URL.

What should happen is that the user will be redirected to the Gateway which will check to see if the user has access to tool id t and if the have redirect back to r with a fresh token appended as a querystring.

My code has the following….

Private GatewayURL As String = "http://GatewayURL/default.aspx?t=2&r="
Private ToolURL As String = "http://ToolURL/default.aspx" 
In my page load I have….
…
If AuthenticationPass = False Then
    'We are not authenticated...
    Response.Redirect(GatewayURL & ToolURL, True)
End If
…

Unfortunately when this is triggered I get the following error…

Invalid path for child request 'http://GatewayURL/default.aspx'. A virtual path is expected.

I’ve run out of ideas on resolving this…. any help appreciated.