My web site has an web application in a subdirectory. I created first a virtual directory for it, then "convert to application". Both the site and the app share the same pool.
As long as I call a page of the app (a .aspx) directly through browser address, it works just fine. In addition, the app pages have non-restricted access to the hosting site's files.
But if I call such a page from a .htm page on the site (a non-app page), ASP.NET Event 1310, Event Code 3006, and in the Request information section, User: Is authenticated: False.
My guess was the account IIS uses to access a .aspx page directly is different from the account the web site uses to call such a page from one its own .htm pages.
How can I fix this? (no experience with such issues) Server is 2019.