View Single Post
  #1 (permalink)  
Old October 6th, 2004, 03:49 PM
englere englere is offline
Friend of Wrox
 
Join Date: Jun 2003
Location: Atlanta, Georgia, USA.
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default ASP.NET Forms Auth security problem

Everyone who uses ASP.NET should look at this article about a name canonicalization security bug:

http://support.microsoft.com/?kbid=887459

This explains an easy work-around for this problem that just needs a couple lines of code added to global.asax, or the code-behind for this file.

This article doesn't go into detail to expain the risk, but this affects all sites that use ASP.NET Forms Authentication, and it's a serious matter. Ignore this warning at your own risk!

Eric