I have a plugin which adds a configuration page to the CMS admin part of EPiServer. We've just upgraded from 7.5 to 7.7.1 and so the location of the plugin now goes to ~/modules/_protected/[[our plugin name]]/PlugIns/ConfigPage.aspx

However after the .nupkg is installed via the add-on GUI, when the admin clicks on the link to get to our config page - we get a 404 error.

This didn't happen when we had built the plugin as a public add-on, but as the plugin should only be usable by WebAdmins and Adminstrators we decided it was best practise to make this a protected add-on, and so changed the tag in the .nuspec file to EPiServerModulePackage

This deploys the add-on to the correct directory locations as far as I can see, but as we get 404 errors now amI correct in thinking that there's some kind of permissions/security in the way of serving up the ASPX front end?

If anyone could help or point out a web tutorial that creates a protected admin plugin (post 7.6 version when the file structure changed again!) that would be really useful thanks!

FYI the GuiPlugIn attribute at the top of our ASPX code behind looks like this:

 [GuiPlugIn(
        DisplayName = "Custom EPiServer Module Admin",
        Description = "Custom EPiServer Module configuration",
        Area = PlugInArea.AdminMenu,
        Url = "~/modules/_protected/OurCustomAddOn/PlugIns/ConfigPage.aspx"
        )
    ]