Partition your Web site

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

In your site design, make sure that secure pages that require authenticated access are placed in a subdirectory that is separate from the anonymously accessible pages. Following figure shows a typical arrangement in the Visual Studio .NET Solution Explorer window. Notice how the Forms login page is placed along with other restricted pages in a separate subdirectory.

http://www.guidancelibrary.com/images/Design%20Guidelines/Partition.gif

Note If you are using Server.Transfer in your application to transfer from an anonymous page to a secure page, the .NET Framework bypasses authentication checks, so code that uses Server.Transfer should be verified to ensure that it does not transfer to a secure directory.

References

Personal tools