You can also programmatically set HttpContext.SkipAuthorization to true
based on a specific request URL.
However, you might be better off doing what you need to do declaratively in
config. Programmatic path parsing has its own set of canonicalization
attacks you have to be careful with. It is a balancing act, as you also run
a risk of having an overly complex config file as well that could be hard to
maintain or that your customers may be tempted to muck with.
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
"David Thielen" <nospam> wrote in message