I figured out what was happening in my previous post. It makes a bit more sense now that I have seen it, being able to just stop working on something is handy, basically the Rss feeds don't do URL rewriting. So the call to /test1/Admin/ModeratedCommentRss.aspx uses the /web.config and would use the /test1/Admin/web.config, but it has no reason to look at the /Admin/web.config.
Not completely sure how I should change this. Right now I have the ModeratedCommentRss.aspx checking to see if the requestor is an Admin, and if not it calls FormsAuthentication.RedirectToLoginPage(). This works, but I would rather a solution that didn't involve people needing to know to put the check in.
I also found this module helpful when I was figuring out where to do the conversion:
public class DebugModule:System.Web.IHttpModule
{
public EventHandler GetEventhandler(string name)
{
return new EventHandler(delegate(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
HttpContext context = app.Context;
if (context != null)
Debug.WriteIf(context.Response.StatusCode == 302, "Redirecting - ");
Debug.WriteLine(name);
});
}
public void Init(HttpApplication app)
{
Debug.WriteLine("---------------------------------");
Debug.WriteLine("Module Init");
Type appType = app.GetType();
EventInfo[] events = appType.GetEvents();
foreach (EventInfo eventInfo in events)
{
eventInfo.AddEventHandler(app, GetEventhandler(eventInfo.Name));
}
}
}
I used that class and a small test web project to figure out how to change the FormsAuthentication over to Basic authentication (seems like mixed authentication should have already been there though).
Of course shortly after I figured most of it out I saw the link to the MSDN article Phil Haack had posted for the feature request.