Why do I keep getting challenged for authentication on the main site when doing a HTTP POST to a sub application?

I hope somebody can assist in pointing out my ignorance by solving this problem... :)

I have just installed a new DNN site on http://www.digitalrefraction.com, and all is working fine there. I also have an unrelated ASP.Net MVC 2.0 (with extensionless URLs - for what that is worth) application running in a subfolder on that domain, in the following URL: http://www.digitalrefraction.com/refractor

I can do HTTP GET requests just fine to my sub application. However, the moment I do a POST I get an "Authentication Required" dialog box that says: "Enter a username and password for http://www.digitalrefraction.com".

Now I am confused. Why do POSTS and GETS to the main domain work fine, but then when I do a POST to the sub application, I get challenged for the main domain's authentication? But GETs to the sub application works!

Yes, I have checked the main DNN site's web.config, and have found no authorization entries at all. I tried adding some to allow a开发者_开发问答nonymous access to /refractor, but that made no difference. Also checked my sub applications web.config. I am somewhat at a loss.

Note, I am talking about a sub application (sub folder), not a sub domain.

Any tips or ideas, or straight answers, will be greatly appreciated. :)

Thanx.

Ok, thanx to Cybernate, I re looked at the whole thing. Essentially the login of my sub-app did not work, and as a result, the controller that handled the HTTP POST, and that required security, resulted in the challenge for authentication.

The reason that the login was not working was because of the whole nested application setup and inheriting from the root DNN site's web.config.

The specific problem; the app was throwing errors because of some settings it was inheriting from the root web.config, so I inserted a <clear /> at the top of some sections such as httpmodules to get rid of the inherited DNN modules. Turns out, there are some modules loaded by default that aren't the ones specified in the DNN's web.config. Some of them having to do with authentication. So clearring them basically broke my login.

In the end, instead of <clear /> I added a <remove ... /> for each of the DNN httpmodules that were configured in the DNN web.config. In this way I got rid of the stuff I didn't want / need, but still retained the modules that were needed for my app to work.

It was a serious pain, but glad it's over now! Advice: stay away from nested ASP.Net applications, unless you really need them.

Come to think of it, isn't there a setting (global to application scope) that means "DO NOT INHERIT ANY SETTING FROM ANY PARENT APPLICATION / web.config"? That would have been extremely helpful!