Prevent ASP.NET from redirecting to login.aspx

Question

We have a website that runs fully on AngularJS with an ASP.NET Web API back-end with the following configuration: - HTML5 routing is enabled on Angular and there is a rewrite rule in web.config to direct all traffic to index.html - MVC is not installed (only razor pages) - Authentication happens using Forms Authentication and related cookies

I have just added the Helicon IIS plugin to have .htaccess password protected for our development server (it's a mess to do it with IIS alone) but I have a basic problem.

After I input the basic auth credentials, I will get a redirect to /login.aspx?ReturnUrl= and although I'm not sure who is responsible for this (IIS or Helicon plugin), it will match one of my AngularJS routes and result in an error.

How can I stop this redirect from happening?

My web.config authentication bit:

<authentication mode="Forms">
  <forms protection="All" timeout="15" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="false" cookieless="UseCookies" enableCrossAppRedirects="false" />
</authentication>

Answer 1

If you are using ASP.NET 4.5. you can disable forms authentication redirect HttpResponse.SuppressFormsAuthenticationRedirect property.

In Global.asax:

protected void Application_BeginRequest(Object sender, EventArgs e)
{
        HttpApplication context = (HttpApplication)sender;
        context.Response.SuppressFormsAuthenticationRedirect = true;
}