Why am I getting an "HTTP 400" Bad Request error when trying to access an XLS file on ASP.NET site
Posted on 2011-05-05
I have an ASP.NET 3.5 site on MS Server 2003 using IIS 6. The site uses forms authentication to allow users to login to a private section that uses SSL.
Forms authentication worked great when attempting to access an ASPX file that was secure: It would redirect to the login page and required login before redirecting to the desired page. The problem was that if you referred to another file type like pdf or xls, it would grant access without authenticating. I researched the issue and found the solution by going into the site's application configuration and adding a wildcard application map to c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll and to my delight, it worked: When I tested it by trying to access a pdf file behind the security wall, it properly required authentication but when I tried to access an xls file in the same location I got an HTTP 400 Bad Request error rather than the login page.
Why would it work with a PDF and not with an XLS? How can I make it work?