ASP.NET 2.0 FormsAuthentication Application AuthenticateRequest should ignore WebResource.axd

Question

I noticed that in my ASP.NET application the Application_AuthenticateRequest event handler is being called several times for the WebResource.axd file.

I have code inside the AuthenticateRequest event handler to generate a modified GenericPrinicpal, that even though it is simple, doesn't need to be executed for the .axd resource.

I'm seeing this behavior while debugging using IIS Express, with the application running in Integrated Pipeline mode.

What is the proper way to handle this?

Answer 1

Application_AuthenticateRequest happens for all requests that are handled by .net.

You could test for the extension and bypass if it's .axd.