We have a web-app that basically catches all requests for url-rewriting purposes, except for a certain sub directory (/static) which has it's own web.config (NOT a subapplication!), which defines a StaticFileModule for all files.
However, since it is the same HttpApplication, all events are still fired for these requests, including OnAuthenticateRequest which is kind of problematic for us.
I wonder if there is anything I can configure in web.config to make it bypass the event-chain, or certain events in the chain (I have been looking into to no avail), or completely detach the sub directory from the root application (preferably without configuring the sub directory as an application)?
As of now I have use a special case in my OnAuthenticateRequest in order to bypass it, but I would like to contain it into the sub directory itself (not needing to maintain code in order to have static directories).
This might belong on stackoverflow as well.
In the web.config for your /static directory, in the system.webServer/modules/ XML path, you should be able to drop your authentication module for just the /static directory using a "remove" element as explained in this document.