Formsauthentication should be disabled for a single page

Question

I have a problem with Formsauthentication and my ajax calls. I like the way Formsauthenticaction works for a normal asp.net website.

However I have a page in my asp.net website which gets called using AJAX. This page will in some case set the Response StatusCode to Unauthorized (401).

Response.StatusCode = 401;
Response.End();

Now the Response should end and I would like to see this 401 statuscode propagated to the frontend. However Formsauthentication decides otherwise and changes this status to a 302 and redirects to the loginpage. Thus I can not check for status 401 on my UI.

To inform you further: I am running an asp.net 4.0 website (Not MVC) on IIS 7.

I tried configuring my web.config with following node:

<location path="mypage.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

But I guess by setting the Unauthorized status triggers the Formsauthentication module nonetheless.

Answer 1

Here are a few proposed solutions from Phil Haack's blog.

Prevent Forms Authentication Login Page Redirect When You Don’t Want It