In your httpmodule that you are using for authentication, in the handler for the AuthenticateRequest event, include these lines:
34 HttpApplication httpApp = (HttpApplication) sender;
35
36 // Only authenticate for aspx pages
37 if (Path.GetExtension(HttpContext.Current.Request.Url.LocalPath.ToLower()) != ".aspx")
38 {
39 HttpContext.Current.Response.StatusCode = 200;
40 HttpContext.Current.SkipAuthorization = true;
41 return;
42 }