URL Rewriting with Forms Authentication (v1.1)
I have a website that uses URL rewriting in the global.asax file to ensure nice tidy URLs e.g. /contact/default.aspx rewrites to /html/template.aspx?PageID=139
However I now want to implement forms authentication on some sections of the site for example I want to protect the merchandise section (/merchandise/*.aspx). However as this directory doesn't actually exist it doesn't work.
I read this was because I'm doing the URL rewriting in the Application_BeginRequest method and forms authentication is not happening until after this therefore meaning that the URL is already rewritten before it checks to see if it is in the merchandise directory.
I'll also read this could be avoided by moving the URL rewriting into the Application_AuthorizeRequest method however when I do this it throws 404 errors for every page and weirdly the 404's are for the actual existing page not the original URL. I've tracked this down thsi problem to the fact that the querystring at the end of the rewritten URL seems to screw this up right royally - if removed it works fine. Unfortunately I need it as it distinguises between pages!
Has anyone experienced this? Is there a way to get this to work?
Cheers
DJ
Re: URL Rewriting with Forms Authentication (v1.1)
Use the IHttpModule.OnBeginRequest method? :)
DNN (www.dotnetnuke.com) uses a UrlRewrite class - perfect example - from (e.g) http://site/tabid/5 to http://site/default.aspx?tabid=5
Re: URL Rewriting with Forms Authentication (v1.1)
That's not the problem. I've tried rewriting on BeginRequest but need to delay the rewriting until the forms authentication kicks in.
Re: URL Rewriting with Forms Authentication (v1.1)
Which querystring parameters do you mean, the ones that are there as part of your application or the ones added on as a result of forms authentication?
Re: URL Rewriting with Forms Authentication (v1.1)
Sorry should have been clearer.
It is the querystring parameters in the rewritten URL e.g. the rewritten path should become /html/template.aspx?PageID=139 but this causes a 404 to be thrown. If the PageID parameter is removed it works but obviously isn't a lot of use to me.
Dave
Re: URL Rewriting with Forms Authentication (v1.1)
Alright, so this is just a guess, but go into the Configuration for your Virtual Directory in IIS, and for .aspx pages, uncheck the box that says 'Verify that file exists'.
But it's not a situation I'm familiar with. You have gotten the procedure right, to rewrite the URL in the Authorization event, but perhaps that is what requires more investigation (though I can't tell you how or what). I'll bail, sorry.