WAF with Authentication


  I have a web server setup behind a web server protection rule. I have forms authentication enabled, but authentication forwarding set to none. I can login to the forms authentication page just fine, after login, I get to the landing page, when I click on the link for the click to run app, I get an error that the application is improperly formatted. If I set authentication to none in the web server protection rule , it works just fine, no errors. 


I want the initial login to prevent it from being wide open to the world, but I can't seem to make it work. The use of HTTP/S bookmarks was setup, but with the hotfix, that broke the setup, now trying to get WAF to work. 


Any thoughts or suggestions on what to try?