Had a real head scratcher of a problem with Sitecore running in integrated mode. The site in question is rather odd in that everything including the home node is secured; any anonymous visitor is redirected to the login page. They also need various URL tricks to be done which necessitated integrated mode. Putting all that together was straight forward, just a matter of denying extranet/Anonymous access to the root home node and specifying a login page followed by implementing the integrated mode fix as described here.
Oddly though the moment I viewed the site while logged out it stopped sending me to the login page and instead threw up a “Layout not Found” page. Odder still the item it said it was trying to display wasn’t the home item or even the login item but instead was the root /sitecore item. I knew something strange was happening with the ItemResolver in the httpBeginRequest pipeline so I added a custom processor and debugged it to have a look at the HttpRequestArgs.
Here is what I saw when I switched back to classic mode:
{Sitecore.Pipelines.HttpRequest.HttpRequestArgs}
base {Sitecore.Pipelines.PipelineArgs}: {Sitecore.Pipelines.HttpRequest.HttpRequestArgs}
Context: {System.Web.HttpContext}
LocalPath: “/default”
PermissionDenied: true
RequestType: Begin
StartPath: “/sitecore/content/home”
Url: {Sitecore.Web.RequestUrl}
As you can see it has attempted to retrieve the home item and been denied permission. It also attempts to retrieve the /default item but this also fails as it doesn’t exist. By the end of the request the context item is still null and permission has been denied so sitecore redirects to the login page.
On the other hand here is what happens when it’s in integrated mode:
{Sitecore.Pipelines.HttpRequest.HttpRequestArgs}
base {Sitecore.Pipelines.PipelineArgs}: {Sitecore.Pipelines.HttpRequest.HttpRequestArgs}
Context: {System.Web.HttpContext}
LocalPath: “/”
PermissionDenied: true
RequestType: Begin
StartPath: “/sitecore/content/home”
Url: {Sitecore.Web.RequestUrl}
In this case the ItemResolver has been denied access to the home item but then went on to retrieve the / root item and set this as the context (which of course has no layout). The difference is down to the fact that IIS is now no longer telling ASP.Net to look for a /default file in integrated mode. So the context is now set and Sitecore attempts to render it as per normal except the context item in question is the /sitecore item.
Thankfully the solution is simple; if I deny access to /sitecore and /sitecore/content then the problem is resolved. In this case the ItemResolver finishes with permission denied and a null context which means the visitor is redirected to the login page once again.
I could have skipped this whole process however if I’d not fallen for that old trap of confusing what is true for one thing been true for another. On a classic asp.net website only files beneath the site root can be accessed as webpages and although similar in Sitecore it is by no means the same thing. In Sitecore *any* item can become the context item if access is allowed, I guess I can write this off as a reminder 
