The concept of rewriting URLs in XAF turned out to be quite a beast. The major trouble we had to tackle was navigating to specific session objects/views with a rewritten address.
An example is the “Current Order” of a storefront.
If you want to navigate to the current order of a session, you need to know the session ID. Well, if you wanted this page to be masked as cart.aspx, you would need to know the session ID prior to loading and detail view/page items.
This provided to be difficult because there was no Session ID available in the URL Re-writer so we couldn’t persist the object directly from the re-writer.
It came down to adding a property to the authentication object and getting that property from the application.