Does anyone know how to avoid being challenge twice in the following scenario: (I am using ACEGI with my companies authentication mechanism which pops up the 401 login prompt and if successful set the REMOTE_USER. I then have a custom ACEGI provider than checks for this.) When a user clicks on a link that has */secure/* in it and the link is http I need to redirect to https before the authentication challenge is made. Currently, I get challenge for the http and then again when it redirects for https. I know this is not a ACEGI issue, but I am sure it was encountered before. One way to avoid this is to make sure all URI with */secure/* also has https, but since I am using velocity in the Spring, I am using something like href="$rc.getContextPath()/secure/manage.htm"> to build my URLs in my templates and therefore I cannot hardcode the https. Any help is greatly appreciated. Thank you. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer