Last post Sep 25, 2009 11:24 AM by rnbguru
Sep 25, 2009 09:53 AM|rnbguru|LINK
I've encountered an error recently that has left me stumped. I am attempting to make a backwards compatible file uploader for a project, which requires I continue to support the past URL structure used. To do this, I've duplicated the HttpModule code from
my old web site in my web application, as well as the web.config.
However, when posting to the web site, my code runs fine and the redirect is processed without any complaints. When posting to the web application however, the project returns without completing the redirect and notifies me of a 401 Unauthorized error. In
both cases, the web request enters the HttpModule without any hiccups. However, upon reaching the end of the module, the web site redirects fine to the Upload.aspx page, while the WebApplication returns the error.
In attempting to minimize the variables between the two projects, the IIS settings are the same, the HttpModules are the same, and the web.config are the same. I've even simplified the web page that they get redirected to to be identical (and to just be
the line int x = 0).
Interestingly, the issue only seems to occur when I post to the url (structured as MyWebSite/folder/group/subgroup and MyWebApplication/folder/group/subgroup). Both applications function fine when I do a get request (as through a web browser), it's only
when I do posts that differences arise. Is there a difference in how Web Sites and Web Applications handle HttpContext.RewritePath() or are there other possible facets of the code that I should be looking at for differences?
Included below is the Module and the Web.config which are identical for both the web site AND web application.
NOTE: Testing this, the difference between the two programs is that one is a web site and one is a web app (I duplicated my project as a web site and it now works fine). However, I need to be running a web app. Is there a work around for web apps?
401 Unauthorized Error
Sep 25, 2009 11:24 AM|rnbguru|LINK
Having spent all of the last two days working on this, it's ironic that I find the solution almost immediately after posting here. Still, if anyone else has this issue, here is the solution.
Described at http://msdn.microsoft.com/en-us/library/ms972974.aspx#urlrewriting_topic2 basically, it's very important where you actually do your rewriting depending on your project. You can place it in either app.beginrequest (as my code did), app.authorizeRequest,
or app.authenticaterequest. Depending on the authorization required for people to use your web app, the different types are used. When using begin request, you are relocating the user before he's received authentication and so, may get rejected for being "unauthorized."