We have a need to intercept all incoming requests to a particular domain, and redirect to an application used for authentication. Basically if any request comes in, and there's not an established session, it needs to redirect to an application for performing authentication. Once authenticated, we will redirect to another application running on the webserver. Our main challenge is if someone copies a deep link into the application, how do we capture that at the web server level to inspect the request to see if there's an established session before routing to the application.
Our server is running IIS, and we have options of using a custom .NET authentication program, or using a 3rd party tool for authentication. Thanks for any help or suggestions.