401 Error when doing postbacks while on Juniper VPN

I recently at a customer was faced with a problem where a web application developed on .Net 4.0 using forms authentication, was working fine on the local network, however when accessed by our offshore development team via the Juniper VPN infrastructure returned the following error message:

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)

We initially found the error on pages that contained the SQL Server Repoting Services report viewer control.

The error seemed to be Ajax related and occurred on partial page post backs. We quickly realised that Juniper has a built in URL re-writer engine. Juniper converted the URLS into a format that it would use to proxy web requests to the web application running onsite at the customer.

The sample URL created by Juniper:

https://portal.customer.co.za/Content/Home/,DanaInfo=secure.customer.intranet.dev+Portfolio.aspx

We used fiddler to check what the browser was requesting from the Juniper server and realized that the URL was being changed using the URL re-writer feature.

Juniper is a browser based VPN solution, that abstracts the network access provided on other VPN solutions and allows remote users to access web applications through a secure proxy server, without giving them access to your full network.

The web application would render correctly, however when the user did a partial post back, Juniper does not always provide the post back URL in the correct format, resulting the error above.

We requested that the Juniper configuration team switch off the URL re-writer functionality. This resolved the issue. Juniper’s online documentation for version 7.0 says that it does support Microsoft Ajax functionality, we did not have enough time to verify if this was available in the supported configuration.