I'm trying to implement a custom http security module that uses the roles in the sitemap to control access to pages (instead of having to store it all in the web.config as well). Following article here: http://www.codeproject.com/Articles/8728/Extending-ASP-NET-security
I've updated it for the newer versions of IIS, adding the module in system.webServer instead
<system.webServer>
<modules>
<add name="SecurityHttpModule" type="DINO.SecurityHttpModule"/>
</modules>
</system.webServer>
Everything seems to be working alright in respect to that, but pages are no longer rendering correctly. If I look at the console in Chrome I am seeing errors like
Resource interpreted as Stylesheet (or Script) but transferred with MIME type test/html: "http://localhost:57855/login"
and
Uncaught SyntaxError: Unexpected token < (about the <!DOCTYPE html> at the top of the page)
I assume I'm just missing something else I need to do when I'm adding a custom module, but I have not yet been able to find any reference to this issue.
Oguz Ozgul was correct in his comment. To fix it, I added a list of extensions I want to validate permissions for and then I check that as the first part of my authenticate request method.
private static readonly List<string> extensionsToValidate = new List<string>(new string[] { ".aspx", "" });
private void AuthenticateRequest(Object sender, EventArgs e)
{
//Ignore specified extensions from redirection
string CurrentExt = Path.GetExtension(HttpContext.Current.Request.Url.LocalPath);
if (extensionsToValidate.Contains(CurrentExt))
{
//do all security check work here
}
else return;
}