I have an application which requires a secure channel for just certain pages. I was able to do this selectively in IIS with no problem, except that the (non-secure) custom error page I defined in my web.config no longer works. It wants me to authenticate (even though these pages are set to allow anonymous access), after which I'll get an HTTP 401.2 error:
"You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept."
Is there a way to have non-secure and secure pages within the same app, while using custom error pages?