ASP.Net URL rewriting and authentication

Question

I have a web application using the .Net 2.0 framework. The whole website is restricted to authenticated users using Windows authentication. These rules are set in the web.config file the following way :

<location path="/">
    <system.web>
        <authorization>
            <allow roles="CustomerAdministrator, Manager"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>
<location path="Path/To/Public/File.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
[...]

As shown above, I have one page that I want to be public. Up to this point, everything works fine. We recently added url rewriting for nicer urls, so I set a rewrite rule for the public page :

<RewriterConfig>
    <Rules>
        <RewriterRule>
            <LookFor>~/Public</LookFor>
            <SendTo><![CDATA[~/Path/To/Public/File.aspx]]></SendTo>
        </RewriterRule>
    </Rules>
</RewriterConfig>

Now, when accessing the public page by its direct url, it works as expected (no authentication required), but when I try to access the page through its rewrited url, it asks for authentication.

Does anyone know where this problem my come from ?

Answer 1

Have you tried changing your location tag to use the /Public URL?

Answer 2

What are you using to re-write the URLs?

Answer 3

I actually found the problem. I am using an URLRewriter project some of my colleague found on the web, and the problem came from the fact that it was registering itself at the HttpApplication's AuthorizeRequest event. While this works with Forms authentication, it doesn't with Windows authentication, which I'm using.

To solve the problem, I simply had to change it such that it registers to the BeginRequest event instead (as written in the comments... RTFM...).